Monday, June 16, 2014

Internet Browsing from pubilc computers - Safety & Privacy


At times, I had to access Internet from public computers in place such as libraries, non-profit organizations etc. My family in India accesses Internet primarily from public kiosks.  In this post, I will cover a few basic internet safety & privacy tips that can be helpful when accessing internet from such public computers.


Internet Safety & Privacy - Importance


Following are some harmful effects of using Internet without caution:
  • Identity theft
    • The recent security breach - Heartbleed - turned me extremely cynical about internet safety. 
While I am not going to offer solution here for complex security issues such as Heartbleed,  I will provide some basic guidelines to protect yourself from even simpler but potentially harmful internet security issues.
  • Privacy

According to me, it is utmost important to be cautious about safety & privacy of personal data while accessing internet from public computers.


Internet Safety & Privacy - Guidelines & How tos

I will cover 'how to's for IE 9 & Chrome Version 35. If my time permits, I will try adding 'how to's for other browsers as well. For other versions of IE & Chrome, the instructions may be more or less similar, but its best to search over internet for your specific browser versions, if different from IE 9 & Chrome v 35.

  • Before you begin your Internet browsing session
    • Choose proper Location: Ensure that you avoid exposing you computer monitor to public. That way, your personal information is not visible to accidental watchers.
    • Switch to Private Browsing: Most browsers support private browsing. If we operate in private browsing mode, the browsing history is not recorded in the local system. Any temporary files downloaded is not retained in the local system?
      • IE 9
        • Tools->Safety->InPrivate Browsing
      • Chrome v35
        • Chrome Menu ( Chrome menu ) --> New Incognito window
    • Disable Automatic Password Storage (or even prompting for such storage):
      • IE 9
        • Tools->Internet Options->Content->Auto Complete Settings : Uncheck the option "Usernames and password on forms"
      • Chrome v35
        • Chrome Menu ( Chrome menu ) -->Settings --> "Show Advanced Settings" --> "Passwords and Forms" section --> Uncheck the checkbox - " "
  • Before you end your Internet browsing session
    • Delete locally saved files - if you happen to save any files to desktop or other location during your browsing session.
    • Log out from any websites you logged in during your session
    • Delete temporary internet files & browsing history
      • IE 9
        • Tools->Safety->Delete Browsing history (check “Temporary Internet Files”)
      • Chrome v 35
        • Chrome Menu ( Chrome menu ) -->Tools --> Clear browsing data --> A dialog box opens: Select "beginning of the time" from drop down box, check all the check boxes --> Click "clear browsing data" 

Hope this helps.


Disclosure: 
I learnt some of the above high level ideas while volunteering as a credit coach at United Way Silicon Valley & also advised my coachees to follow these ideas.




    Friday, June 6, 2014

    ldd/objdump - finding shared library dependencies


    What is ldd?
    ldd stands for 'list dynamic dependencies'. It is a shell script that displays shared libraries required by a unix/linux program or a shared library.

    ldd internals

    Copy-pasted from http://linux.die.net/man/1/ldd :


    In the usual case, ldd invokes the standard dynamic linker with the LD_TRACE_LOADED_OBJECTS environment variable set to 1, which causes the linker to display the library dependencies. Be aware, however, that in some circumstances, some versions of ldd may attempt to obtain the dependency information by directly executing the program. Thus, you should never employ ldd on an untrusted executable, since this may result in the execution of arbitrary code. A safer alternative when dealing with untrusted executables is:

    $ objdump -p /path/to/program | grep NEEDED

    "

    LDD source code: http://stuff.mit.edu/afs/sipb/project/phone-project/bin/arm-linux-ldd
    (is this latest?)

    ldd command line options 
     
    babu@babu-VirtualBox:~$ ldd --help
    Usage: ldd [OPTION]... FILE...
          --help              print this help and exit
          --version           print version information and exit
      -d, --data-relocs       process data relocations
      -r, --function-relocs   process data and function relocations
      -u, --unused            print unused direct dependencies
      -v, --verbose           print all information
    For bug reporting instructions, please see:
    <https://bugs.launchpad.net/ubuntu/+source/eglibc/+bugs>.
    babu@babu-VirtualBox:~$ 

    Sample Usage

    Here are a few sample outputs:
    babu@babu-VirtualBox:~$ ldd /bin/lsmod
                linux-gate.so.1 =>  (0xb77ad000)
                libkmod.so.2 => /lib/i386-linux-gnu/libkmod.so.2 (0xb7765000)
                libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb75b1000)
                /lib/ld-linux.so.2 (0xb77ae000)
    babu@babu-VirtualBox:~$ 

    babu@babu-VirtualBox:~$ ldd /lib/i386-linux-gnu/libc.so.6
                /lib/ld-linux.so.2 (0xb76e4000)
                linux-gate.so.1 =>  (0xb76e3000)
    babu@babu-VirtualBox:~$ 

    In the above outputs, the first field displays the shared library name & the second field (after ==>) displays the path of the shared library. In case the shared library is not found in the system, it displays "not found" in this field.

    Objdump way of finding dependencies
     
    babu@babu-VirtualBox:~$ objdump -p /bin/lsmod | grep NEEDED  
      NEEDED               libkmod.so.2
      NEEDED               libc.so.6
    babu@babu-VirtualBox:~$

    As we can see, objdump too is useful, but it misses out other details ldd displays. So, I prefer ldd over objdump to view shared library dependencies.

    References:

    UA-48797665-1