So I decided to have a look at the latest Backtrack release (Backtrack 4 R1) which is claimed to be the best version released so far from the backtrack community. With the new Linux kernel version 2.6.34 and with significant overall improvements, this release is worth checking out. I always use the virtual machine option so that to play with it and then install the image on a hard disk by its own. Let us see below how I installed Backtrack 4 R1 on a VMWare virtual machine:

The specifications of my hardware and software are the following:

• Laptop DELL (core i3 with 4GB RAM)
• Win7 64-bit Professional
• VMWARE Workstation version 6.5.4

STEPS:

1. Download file from http://www.backtrack-linux.org/downloads/

File downloaded is bt4-r1-vm.tar.bz2 (around 2.5 GBytes)

2. Check the file with md5.exe tool to verify that MD5 is correct. This is important because such big files sometimes get corrupted when downloaded and also to verify the integrity of the file.

3. Uncompress the image with WinRAR (it took some time for winrar to open the archive – Be patient here.)

4. In VMWARE go to File>Open and select the virtual machine (BT4-R1) which you extracted above.

5. I then selected “Edit Virtual machine settings” and increased the memory from 768MB to 1024MB.

6. Then click on “Power on the virtual machine”
If you get a message that “This virtual machine may have been moved or copied” I selected “I copied it”.

7. After the Virtual machine boots up, you will get a prompt:

bt login:

Use root/toor as initial username/password

You will get the root prompt:

root@bt:~#

Now we must change the root password to something really strong.

root@bt:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

8. Now do the fix-splash as advised by the backtrack website:

root@bt:~# fix-splash

And then reboot

root@bt:~# reboot now

9. After the machine boots up, start the graphical interface:

root@bt:~# startx

DONE

Some other notes:

I like to have my virtual machine with direct access to the network interface of my host computer, so I always go to the virtual machine settings (“Edit Virtual machine settings”) and change the network adapter from “NAT” to “Bridged Mode“. With that, the LAN interface of the Backtrack in the virtual machine will have direct access to the network. If you have a DHCP server in the network, the Backtrack system will receive IP from the network, or otherwise you can configure static IP. Let’s see how to do both options below:

IP address from DHCP Server

ifconfig eth0 up
dhclient eth0

Static IP

ifconfig eth0 100.100.100.1 netmask 255.255.255.0 up
route add default gw 100.100.100.2 eth0

Also, you need to edit the /etc/resolv.conf file and change the nameserver line to add your DNS IP address.

The security problems associated with unsecured WiFi networks when you sit on the beach, cafe, etc., the applications that “show” your geographical location, the information exchanged through social networks etc are hiding serious security threats for your PC and for your personal information as well.

The use of secure wireless networks, encryption or hiding of data on disk to prevent “theft”, and serious precautions during online shopping or banking transactions, are among the practical security measures that users need to follow for protecting their personal information.

With the proliferation of social networks and the numerous applications used to share information via the Internet, PandaLabs, the anti-malware labs of Panda Security, advise users to take additional steps to avoid falling victims to malicious actions during the holidays.

Besides the traditional security measures that are usually taken, “This year, we ask users to pay special attention when sharing information over the Internet, especially when it comes to planning trips using applications, or when using GPS devices to reveal our geographic location to other members of the community. Such information can easily be taken into advantage from those who steal personal data or planning hostile actions” states Luis Corrons, technical director of PandaLabs.

These types of “geo-location” applications are used widely in recent years. Facebook applications such as Doorpl or Trip Advisor (which describes the current location of someone or the desired destination of someone), the Twitter geolocation utility (which shows from which location your tweets are sent), or the location services via GPS mobile devices (iPhone and Android users) are just some examples.

PandaLabs constantly analyze the latest trends in Internet and are able to advise users for their protection throughout the year and more specifically during a massive holiday period like the summer.

If you take your own computer with you on vacation:
- Before you do anything, keep a back up of all your data.
- Make sure you have a reliable and updated antivirus/antimalware protection software and that all necessary security patches are installed.
- In order to mitigate the consequences of theft of your computer, use the encryption technology for information stored on your hard disk, even if such work is tedious and complicated. This will prohibit any access to your files without correct password.
- Clear the temporary files, logs, cookies and password reminders or auto-complete features you use on the browser. This would eliminate the automatic access to webmail, social networks, bank accounts or your favorite online stores.
- Do not connect on unprotected WiFi networks, as you can “get hooked” by hackers who can intercept information shared with your community. Even if you have to pay for network access, it is better and safer to use a secure network you can trust.
- Pay attention to email. The phishing attacks and spam are becoming smarter for stealing sensitive personal data.

If you use another computer on your vacation:
- It’s better not to use someone else computer. You do not know what is installed on this computer. It is possible that PCs in cyber-cafes, hotels or airports, from where you might log into your bank account, etc. are infected by a dangerous Trojan Horse.
- If you do not really have a choice and must go into websites that require your personal credentials, make sure you change them immediately after use in order to minimize the risk.
- Avoid doing online transactions if possible. Remember that any information you enter can be used by another user.
- Do not accept any inducement for storage of personal data offered by many web browsers.
- When you are finished using the computer, delete all temporary files, browser history, the cookies, the log files and any other information stored on computer.
- If you download something on the computer, remember to delete it before turning the computer off.

Using social networks
- Never use the travel planning applications offered by these networks in order to be sure that it is impossible to identify who you are. Do not accept the geolocation detection (geolocation function) in Twitter and do not use this technology in mobile phones.
- Do not reveal your plans for your holidays in chat rooms, IRCs, social communities, etc.
- If you spend time in chat rooms while you’re on vacation, do not disclose any personal or confidential information to someone you don’t know.
- Share the above tips with your children, which are often more open to good faith to share information via the Internet.
- If you notice any suspicious behavior while you are connected to a social network (people with great interest for other people’s destinations, dates, etc.) contact the police. Prevention is always better than cure.

I have a QNAP TS-109 II Network Attached Storage (NAS) device which I use for data storage, download station, torrent client etc. This NAS is a Linux Box so I thought about using it for another application in addition to the other mentioned above: as an SSH tunneling box for encrypting traffic when I’m outside of the home (on an unsecured wi-fi hot spot for example). Since the NAS is already running an SSH deamon, you can enable it to work as an SSH tunneling server. Basically you can use PuTTY (SSH client) to create an SSH tunnel with the NAS using local port forwarding. PuTTY creates a local port on your PC (e.g 9999) which listens for connections and sends all traffic that is destined to this local port over to the remote NAS SSH server. This traffic is sent over the encrypted SSH tunnel between your PC and the remote NAS. At the NAS end, the traffic exits the NAS towards the Internet (TCP Forwarding must be enabled on the NAS). With that setup you essentially create a secure encrypted tunnel that can be used to access the internet securely when you are connected on a public wi-fi hot spot or even in a hotel room.

First, we need to make some changes on the sshd configuration of the NAS station. Open a CLI connection with the NAS (using telnet or ssh) and edit (using vi) the sshd_config file located under /etc/ssh/ path. You need to change the following settings in sshd_config:

• Uncomment the #AllowTcpForwarding no parameter (remove the # ) and change it to yes.
  AllowTcpForwarding yes
• Uncomment the #PermitTunnel no parameter (remove the # ) and change it to yes.
  PermitTunnel yes

However, the changes above will not be permanent since the QNAP NAS device will change all configuration to default settings when rebooted. Therefore we need to somehow make the changes permanent. What we can do is the following:

• Copy the modified sshd_config file into a shared location on the NAS.
• Use the “autorun.sh” script to copy the modified sshd_config file from the shared location and overwrite the original sshd_config file located under /etc/ssh/
• Then restart the sshd deamon to take the new modified settings.

I have copied the modified sshd_config file under /share/HDA_DATA/
Now, in order to create the autorun.sh file, do the following:
# mount -t ext2 /dev/mtdblock5 /tmp/config
# vi /tmp/config/autorun.sh

Get into vi editor and enter the following lines:
cp /share/HDA_DATA/sshd_config /etc/ssh/
killall sshd

Save the file and make it executable.

# chmod +x /tmp/config/autorun.sh
# umount /tmp/config

That’s it for the NAS.

Now in order to create the ssh tunnel, we will use PuTTy as shown below:

Open up PuTTY and go to Tunnels. At Source Port enter a desired local port that will be listening on your local PC (e.g 8888). Select Dynamic and press Add.

As you can see above, port 8888 is created. This port will start listening on your local PC after you connect with SSH to the NAS.

Now go up to “Session” and put the IP address of your NAS ssh server. The picture above shows a private IP address (192.168.10.111) but in real situations this should be the domain name or the public IP address of your NAS server. Click “Open” to log in to the NAS with your SSH username and password. When you log in, a secure SSH tunnel will be created between your PC and the remote NAS server.

If you need to encrypt all of your internet browsing traffic, you have to configure a SOCKS proxy on your browser with IP address 127.0.0.1 and port 8888.