|
As much as we at HNN balk at all the cyber warfare talk out there, here’s some solid thinking that applies to just about everyone. When the the Lower Colorado River Authority finally notices people are trying to login to their site – but only because one of the IPs resolved to China… that’s just shows you how pathetic the average “defense stance” really is. … The military is “traditionally reactive and static, but we need to be proactive, dynamic and predictive,” he said. He estimated his command will achieve what he terms a proactive defense stance by October this year, and have predictive capabilities by fiscal 2012. He did not elaborate on technological details of the new capabilities.
In order to fully integrate cyber security and military operations in cyberspace, service members working in that domain must define a baseline, or “normal,” landscape that accurately reflects when something is amiss – and when defense is needed. “We have no idea what normal is,” McCullough said… via Navy cyber leader expects proactive capabilities this year — Federal Computer Week.
Google Password Decryptor is a Password Recovery Tool which can be used to recover your lost Google account passwords using the Google software's installed in your computer. But it can used as a hacking tool as i say.
Google Account hacking
This software's works on the simple Google accounts vulnerability that all the Google web products such as Gmail, blogger, Google docs etc uses the same username and passwords and hence when you get the username and password of one Google web product such as of let us take here Gmail then you can use all the other Google products such as Ad words, Ad sense etc and hence Hacking the victim.
Google Password Decryptor is a software's which decrypt in seconds all the usernames and passwords stored in the victims computer like if he uses Gtalk it will decode the password stored in the victims computer to reveal the username and passwords…
It Supports many Google software's such as -
Google Talk
Google Picassa
Google Desktop Seach
Gmail Notifier
Google Chrome
Steps To Use Google Password Decryptor -
1. After Downloading Extract the software in a folder.
2. Then Run “GooglePasswordDecryptor.exe” in the extracted folder.
3. When the software Loads click on “Start Recovery” Button.
4. Done !!
Note : You Can save this list to HTML format or TEXT format by clicking on ‘Export to HTML’ or ‘Export to TEXT’ button.
How To Create Your Own Phisher
Phisher page is the login page same as of the service your victim is using for example --> gmail,orkut,yahoomail,paypal,facebook,twitter etc.
It will Look Just as same as you are asked to login to your Email acount,Thats where the victim gets tricked aka HACKED.
So,Lets start.
To create Your Own Phisher you have to follow these simple steps ----
1. You have to go to the website for which you want to make your phisher for ex. gmail,yahoomail,orkut,paypal etc
2. When you are there at the login page just click on File>Save As
[ remember to rename it as index.html while saving the web page ]
3. When you have saved the web page,open the index.html in notepad.
4. Search for .gif and replace the text written before the image name with
You Have To Do that for all the images named there, Or you can use replace all option.
5.There will be another file needed also named as login.php .Which will give the condition to save the username and password typed by the user.
[NOTE:- I will not be providing the login.php to you,You have to get the login.php by yourself.
if you have some knowledge about the php language you can make your own login.php
For those who dont have knowledge about php language i recommend you search for login.php on Google,you will surely get that file.]
6. After you have done this,click on Edit>Search and type action in the search box,and then click on search.
7. It will take you to the First action String, after the equals two mark type login.php in replace of the the text written after it.
8. Click on Seach again,this time it will take you to another action string,after the equal to mark type
in replace of the text written in front of
the equals to mark.
NOTE: You have to type you your sites name in replace of your-site,and your free webhosting service against yourservice in
http://www.your-site.yourservice.com/login.php.
9. Now you are all done.
NOTE: You have to upload all the files on your free webhosting service directory,including in index_files Folder in the directory.Or it wount work.
The Directory Will be ---
i. index.html
ii. index_files [Folder which you saved]
iii. login.php
iv. login.txt
10. You can Make any websites phisher by these steps for example -- gmail,orkut,yahoomail,paypal,facebook,twitter etc.
Happy Hacking
Greetz to all...
Comments are allways welcome for all.
Hacker tinkers with news articles undetected.
“ It's more difficult to get into their advertising reporting statistics than their news production tools. ”
Adrian Lamo
In a development that exposes grave risks of news manipulation in a time of crisis, a hacker demonstrated Tuesday that he could rewrite the text of Yahoo! News articles at will, apparently using nothing more than a web browser and an easily-obtained Internet address.
Yahoo! News, which learned of the hack from SecurityFocus, says it has closed the security hole that allowed 20-year-old hacker Adrian Lamo to access the portal's web-based production tools Tuesday morning, and modify an August 23rd news story about Dmitry Sklyarov, a Russian computer programmer facing federal criminal charges under the controversial Digital Millennium Copyright Act (DMCA).
Sklyarov created a computer program that cracks the copy protection scheme used by Adobe Systems' eBook software. His prosecution has come under fire by computer programmers and electronic civil libertarians who argue that the DMCA is an unconstitutional impingement on speech, and interferes with consumers' traditional right to make personal copies of books, movies and music that they've purchased.
Lamo tampered with Yahoo!'s copy of a Reuters story that described a delay in Sklyarov's court proceedings, so that the text reported, incorrectly, that the Russian was facing the death penalty.
The modified story warned sardonically that Sklyarov's work raised "the haunting specter of inner-city minorities with unrestricted access to literature, and through literature, hope."
The text went on to report that Attorney General John Ashcroft held a press conference about the case before "cheering hordes", and incorrectly quoted Ashcroft as saying, "They shall not overcome. Whoever told them that the truth shall set them free was obviously and grossly unfamiliar with federal law."
Lamo says he's had the ability to change Yahoo! News stories for three weeks, and made minor experimental changes to other stories that have since cycled off the site.
The hacker provided SecurityFocus with a screen shot showing an August 10th Reuters story about a Senate committee?s report on the National Security Agency. The screen shot shows the story on Yahoo! News with a false quote attributed to the report: ?Rebuilding the NSA is the committee?s top priority. In partnership with AOL Time Warner, we fully expect to bring you a service you can?t refuse.?
According to Lamo, the NSA story remained on the portal for three days, before being cycled off.
He says he deliberately chose an old story Tuesday so it would be seen by few readers, while still demonstrating the vulnerability.
"Yahoo! takes security across its network very seriously, and we have taken appropriate steps to restrict unauthorized access to help ensure that we maintain a secure environment," said Kourosh Karimkhany, senior producer at Yahoo! News, in a statement. The company declined further comment.
'Subversion of Information Attack'
The hack highlights a risk that's troubled security experts since 1998, when a group called "Hacking for Girlies" defaced the web site of the New York Times, replacing the front page with a ramshackle tirade that criticized a Times reporter, and defended then-imprisoned hacker Kevin Mitnick.
"There's always been a concern that somebody would gain access to a news site and make more subtle changes," says Dorothy Denning, professor of Computer Science and director of the Georgetown Institute for Information Assurance at Georgetown University.
One year ago hackers modified a news story on the California Orange County Register web site to report that Microsoft founder Bill Gates had been arrested for hacking into NASA computers.
Experts warn that malicious corruption of content at a respected news source -- sometimes called a 'subversion of information attack' -- could have serious consequences during a crisis.
In the hours following the September 11th terrorist attacks on New York and Washington, millions turned to the Internet for information. Top news sites reported as many as 15 million unique users. Yahoo! reportedly had double the traffic that it received for the entire month of August.
"You can imagine someone changing lists of people who were on the planes, or reported missing, or all kinds of things that could cause a lot of grief," says Denning. "Or posting stories attributing attacks to certain people."
Lamo agrees, and says he's troubled that he had the power to modify news stories that day.
"At that point I had more potential readership than the Washington Post," says Lamo. "It could have caused a lot of people who were interested in the days events a lot of unwarranted grief if false and misleading information had been put up."
Proxy problems
Yahoo! declined to comment on the specifics of the hack, but as described by Lamo, modifying the portal's news stories didn't require much hacking. He made the changes using an ordinary web browser, and didn't need to do so much as enter a password.
The culprit in this case was a trio of proxy web servers that bridged Yahoo!'s internal corporate network to the public Internet. By configuring a web browser to go through one of the proxies, anyone on the Internet could masquerade as a Yahoo! insider, says Lamo, winning instant trust from the company's web-based content management system.
The hacker criticized the web giant for not prioritizing security on the systems that allow editing and creation of news stories.
"There are more secure parts of their network," says Lamo. "It's more difficult to get into their advertising reporting statistics than their news production tools."
The hacker has a history of exposing the security foibles of corporate behemoths. Last year he helped expose a bug that was allowing hackers to take over AOL Instant Messenger (AIM) accounts. And in May, he warned troubled broadband provider Excite@Home that its customer list of 2.95 million cable modem subscribers was accessible to hackers.
Lamo's hobby is a risky one. Unlike the software vulnerabilities routinely exposed by 'white hat' hackers, the holes Lamo goes after are specific to particular networks, and generally cannot be discovered without violating U.S. computer crime law. With every hack, Lamo is betting that the target company will be grateful for the warning, rather than angry over the intrusion.
"I can't give you an exact answer why he does that," says Matthew Griffiths, a computer security worker and a long-time friend of Lamo. "He's kind of a superhero of the Internet."
"I agree that it's not the safest thing I could be doing with my time," says Lamo. "If they prosecute me, they prosecute me."
Scientists at the University of Texas in Dallas, with funding from AFOSR's Multidisciplinary University Research Initiative, are seeking solutions for maintaining privacy in a cloud, or an Internet-based computing environment where all resources are offered on demand.
Dr. Bhavani Thuraisingham has put together a team of researchers from the UTD School of Management and its School of Economics, Policy and Political Sciences to investigate information sharing with consideration to confidentiality and privacy in cloud computing.
"We truly need an interdisciplinary approach for this," she said. "For example, proper economic incentives need to be combined with secure tools to enable assured information sharing."
Thuraisingham noted that cloud computing is increasingly being used to process large amounts of information. Because of this increase, some of the current technologies are being modified to be useful for that environment as well as to ensure security of a system.
To achieve their goals, the researchers are inserting new security programming directly into software programs to monitor and prevent intrusions. They have provided additional security by encrypting sensitive data that is not retrievable in its original form without accessing encryption keys. They are also using Chinese Wall, which is a set of policies that give access to information based on previously viewed data.
The scientists are using prototype systems that can store semantic web data in an encrypted form and query it securely using a web service that provides reliable capacity in the cloud. They have also introduced secure software and hardware attached to a database system that performs security functions.
Assured information sharing in cloud computing is daunting, but Thuraisingham and her team are creating both a framework and incentives that will be beneficial to the Air Force, other branches of the military and the private sector.
The next step for Thuraisingham and her fellow researchers is examining how their framework operates in practice.
"We plan to run some experiments using online social network applications to see how various security and incentive measures affect information sharing," she said.
Thuraisingham is especially glad that AFOSR had the vision to fund such an initiative that is now becoming international in its scope.
"We are now organizing a collaborative, international dimension to this project by involving researchers from Kings College, University of London, University of Insubria in Italy and UTD related to secure query processing strategies," said AFOSR program manager, Dr. Robert Herklotz.
Ready Generation X hacking tools wait .....................
Anyone that supports 501(c)(3) not-for-profit organizations that promote security. “Huh?!” you say? All proceeds of this auction are being donated to the Open Security Foundation (OSF), maintainers of the Open Source Vulnerability Database and the DatalossDB project.
Anyone who likes stickers should bid. Bosses, get them for your employees. Security types, get them for your laptops, hacker spaces or your local neighborhood cards that need spicing up. Collectors get them to satisfy that irrational need to collect odd things.
Get the full details here at Attrition.org: http://attrition.org/news/content/stickers/. There are 250 stickers including an HNN lot and lots of extras as the bids get higher and higher.
Now you can change Welcome/logon screen’s background in Windows 7 and its supported officially. Microsoft has been made a change to customize or ability to load JPG images as background of the welcome/logon screen without using any third party software.
Although the functionality was designed for ease of OEMs to set their own backgrounds to Welcome/logon screen. It can be done by changing few registry settings and you can set your own background.
How to-
1. Run Registry Editor and navigate to:HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
2. Now create a DWORD value called OEMBackground and set it to 1
3. Now copy your image file (JPG file) into %windir%\system32\oobe\info\backgrounds and rename it tobackgroundDefault.jpg (By default info & backgrounds folders don’t exist, so create them.)
NOTE: Image must be less than 256kb in size.
1. HTC EVO 4G
Pound-for-pound and feature-by-feature, there’s still nothing out there in Android land that can hang with the HTC EVO 4G. With its 4.3-inch WVGA screen, 8 megapixel camera, 1 GHz Snapdragon CPU, front-facing VGA camera, Micro HDMI port, 3G Wi-Fi hotspot, and 4G WiMAX capability, the EVO has it all. And, with its large on-screen keyboard and handy kickstand for watching video, it’s a device that’s easy and pleasant to use. When I reviewed it, I called the EVO “The Hummer of smartphones” because it’s so huge and it’s such a power hog, but there’s no denying that it is the elite device of the Android fleet.
2. Google Nexus One
This was the first Android device that really knocked my socks off, and I still use it as the gold standard to measure every other Android smarty. Sure, it doesn’t have the best battery life and its screen isn’t as big and bold as the HTC EVO or the Droid X, but it is remarkably elegant and usable and it remains the one Android phone untarnished by the mobile manufacturers and telecom carriers. Google no longer sells it on the mass market but offers the N1 as a testing phone for Android developers. Still, as I said, it remains the gold standard and as long as Google keeps selling it in one form or another, it will likely remain on this list.
3. Samsung Vibrant
The Samsung Vibrant snuck up on a lot of people. Samsung hadn’t produced many good smartphones in recent years. In fact, the Samsung Omnia was so bad that I rated it as one of the worst tech products of 2009. So when Samsung announced the Galaxy S, its first line of Android devices, expectations were fairly low. But, despite the marketing confusion of naming the Galaxy S something different (and giving it a slightly different configuration) on every carrier, the product has been a big hit, selling over a million units in its first 45 days on the market. The best of the Galaxy S models is T-Mobile’s Samsung Vibrant, which is thin, powerful, has a great screen, and does the least amount of fiddling with the stock Android OS.
4. HTC Incredible
One of the most anticipated Android devices of 2010 was the Google Nexus One on Verizon. Unfortunately, it never happened — partly because Verizon dragged its feet to allow the unlocked Nexus One on its network and partly because Google was unprepared to handle the customer service responsibilities for the Nexus One. As a result, the maker of the Nexus One, HTC, released a very similar device called the HTC Incredible (sometimes referred to as the “Droid Incredible”). It’s not quite as elegant or high-end as the Nexus One, but the Incredible is the next best thing.
5. Motorola Droid X
With Sprint’s HTC EVO 4G drawing much of the attention of the Android world since its unveiling at CTIA 2010 in March, the response from Motorola and Verizon (the previous darlings of the Android world) was the Droid X. It matched the HTC EVO with a 4.3-inch screen, an 8 megapixel camera, a Micro HDMI port, and mobile hotspot functionality, but it lacked a front-facing camera, 4G connectivity, and the extra polish that HTC puts on Android with its Sense UI.
6. Samsung Epic 4G
This version of the Samsung Galaxy S is the one that departs most significantly from the standard form factor. That’s mostly because it integrates a full 53-key slide-down hardware keyboard. But it’s not just any keyboard. With it’s large keys and dedicated row for number keys, it is arguably the best hardware qwerty on any Android device. It also features a 4-inch Super AMOLED screen, a zippy 1 GHz Samsung processor, and Sprint’s 4G WiMAX service. I could certainly make a case for ranking this phone as high as number three on this list.
7. Motorola Droid 2
The fact that this phone is all the way down at number seven on this list is an indication of just how competitive the Android market has become, because this is an excellent smartphone. The original Droid really kick-started the Android revolution and remained one of the best-selling Android devices on the market throughout the first half of 2010. The Droid 2 simply updates the design slightly, improves the keyboard, and replaces the internals with more powerful hardware. For those who prefer a physical keyboard and Verizon’s top-notch coverage, the Droid 2 remains a great choice.
8. Samsung Captivate
The other Samsung Galaxy S to make this list is AT&T’s Samsung Captivate, which has virtually all of the same internals and specs as the Samsung Vibrant but has a flatter, boxier form factor. The thinness of the Captivate combined with lots of punch and high-end features make this a very attractive phone. I actually prefer the design of the Captivate over its cousin the Vibrant (No. 3 on this list). However, AT&T has loaded it up with a ton of AT&T crapware that users cannot uninstall, and even worse, has restricted the device so that users can’t “side-load” apps that are not in the Android Market. T-Mobile doesn’t commit either of those two sins with the Vibrant, and that’s what makes it a better choice.
9. HTC Aria
The HTC Aria might be one of the best kept secrets of the Android world. HTC could have honestly named this phone the EVO Mini. It looks a lot like the EVO, but in a far smaller package. In fact, while the EVO is the biggest Android phone, the Aria is the most compact, with its 3.2-inch screen. That’s its primary appeal — along with a low price tag (it retails for $129 but you can usually find it for much less than that, even free, based on promotions). The biggest problems with the Aria are the underpowered 600 MHz CPU and the fact that, like the Galaxy S, AT&T has loaded it up with lots of crapware and limited it to only the applications in the Android Market.
10. LG Ally
The LG Ally is not very pretty — except for being pretty underpowered — but it does have a few redeeming qualities that can make it attractive. It has a great little hardware keyboard — the best hardware keyboard on an Android device next to the Epic 4G. It’s also very compact, though not as compact as the HTC Aria, since the Ally has the slider keyboard that makes it a little more bulky. But, the best feature is the price: $49. And, like the Aria, many customers will get it for free with the right promotion. For 50 dollars or less, this phone is a nice value.
What makes symbolic links different from standard shortcuts?The one question that a lot of folks asked is “What’s the difference between a symbolic link and a standard shortcut? They both seem to do the same thing.” Well, standard shortcuts and symbolic links do, in fact, perform a similar function, but there are several differences. To begin with, a symbolic link is a pointer that works at the file-system level as opposed to a shortcut, which is a pointer designed to work within explorer.exe. Since a symbolic link is essentially grafted to the file system, it doesn’t have a footprint, so to speak, whereas a shortcut is an actual file on the hard disk. Take a look at the Properties dialog boxes shown in Figure A. As you can see, the shortcut is an actual file that takes up 4KB of disk space. The symbolic link uses 0 bytes. Figure A
Shortcuts are files, and symbolic links are part of the file system.Another difference is that a shortcut is fundamentally a one-shot deal, while a symbolic link has a sustained existence. To see this in action, let’s suppose that you use the MKLink command Mklink /J C:\CurrentWork “C:\Users\Greg Shultz\My Documents\Articles\TechRepublic\2010\9) September 10\9-3″ to create the C:\CurrentWork symbolic link folder that points to the path: C:\Users\Greg Shultz\My Documents\Articles\TechRepublic\2010\9) September 10 \9-3 Then, you use the Create Shortcut wizard to create a shortcut called CurrentWork Shortcut that points to the same path. If you double-click the CurrentWork Shortcut, you’ll see that the shortcut will deliver you to the 9-3 folder, but if you double-click the CurrentWork symbolic link, you’ll see the operating system makes it appear that the files actually exist in the CurrentWork folder, as shown in Figure B. The shortcut has done its job and is gone, while the symbolic link continues working.
Figure BOnce a shortcut does its job, it’s gone, but a symbolic link continues working.(This also works from the Save and Open dialog boxes of your applications. The efficiency improvement then comes from the fact that no matter where you are, all you have to remember is the name of the symbolic link.) If you work from the command prompt, you’ll discover that you can access symbolic link folders on the command line, as shown in Figure C. You can’t really use a shortcut from the command line. Figure CYou can access symbolic link folders from the command prompt.Windows Vista and Windows 7 have built-in symbolic links
Many other folks wrote in to ask why they couldn’t use many of Windows Vista’s and Windows 7’s built-in symbolic links. For example, if you try to access the C:\Documents and Settings symbolic link folder, you’ll see an error message like the one shown in Figure D. Figure DYou’ll encounter an Access is Denied error message from some built-in symbolic links.To begin with, under normal circumstances, you wouldn’t even see the operating system’s built-in symbolic links, unless you enable the Show Hidden Files, Folders and Drives option on the View tab of the Folder Options dialog box. Unfortunately, many folks do so and thus end up trying to use the built-in symbolic links. However, these symbolic links are not designed for end users; they’re designed to provide backward compatibility for older applications. Windows Vista and Windows 7 have two types of built-in symbolic links designed for backward compatibility called System Junctions and Per-User Junctions. An example of a System Junction is C:\Documents and Settings. In Windows XP there is an actual folder called Documents and Settings that contains the user profile folders. In Windows Vista and Windows 7, the user profile folders are stored in a folder called C:\Users, as shown in Figure E.
Figure EUser profiles in Windows Vista and Windows 7 are stored in the C:\Users folder.However, in order to be backward compatible with older applications that are hard-coded to look for and use the C:\Documents and Settings folder in order to access user profiles, both Windows Vista and Windows 7 create a C:\Documents and Settings symbolic link folder that actually points to C:\Users. This allows the older application to think that it is using the C:\Documents and Settings folder when it is actually using the more streamlined C:\Users folder. An example of a Per-User Junction is C:\Users\Greg Shultz\My Documents. In Windows XP there is an actual folder called My Documents. In Windows Vista and Windows 7, that folder is now called Documents. In order to be backward compatible with older applications that are hard-coded to look for and use the My Documents folder to open and save files, both Windows Vista and Windows 7 create a My Documents symbolic link. What’s your take?Do these answers give you a better understanding of how symbolic links work in Windows Vista and Windows 7?
Tab stops are a paragraph format. That means you can assign different tab stops for individual paragraphs. Fortunately, that doesn’t mean you have to delete them all individually—or by the paragraph. There’s a quick, easy way to delete all the tab stops in a document.
First, select the entire document. There are a number of ways to do so, but the quickest is to press [Ctrl]+a. With the entire document selected, do the following to delete all tab stops:
1. Choose Paragraph from the Format menu. Or, right-click the selection and choose Paragraph from the resulting context menu. In Word 2007 and 2010, click the Home tab | Paragraph group Dialog launcher.
2. Click Tab (at the bottom-left).
3. In the Tabs dialog box, click the Clear All button at the bottom-right.
4. Click OK.
The truth is, deleting all the tabs is a simple enough task, but the feature’s placement isn’t particularly easy to find, in any version.
Of course, you won’t always want to delete all of the tab stops. You can clear individual tab stops as follows:
1. Position the insertion point in the appropriate paragraph.
2. Choose Paragraph from the Format menu. Or, right-click the selection and choose Paragraph from the resulting context menu. In Word 2007 and 2010, click the Home tab | Paragraph group Dialog launcher.
3. Click Tabs.
4. In the Tab Stop Position control, highlight the tab stop you want to delete.
5. Click Clear.
Some might consider using the ruler a bit easier:
1. Position the insertion point in the appropriate question.
2. Find the tab indication on the ruler and drag it off–it couldn’t be simpler!
Two quick tips for inserting and formatting tabs
As long as we’re talking about the ruler, there are two quick ruler tips that I really like:
* Double-click an existing tab on the ruler to display the Tab dialog box for quick formatting.
* Double-click the ruler where you want to insert a tab to both insert a tab and open the Tab dialog box.
Recruiters at Silicon Valley companies lament that in the U.S. there is a shortage of qualified engineers. But unemployment figures show a different picture. So what’s the deal? According to a piece by Vivek Wadhwa for TechCrunch, the truth of the situation is that tech companies prefer to hire young, inexperienced engineers rather than shell out the money for a seasoned veteran.
The thinking is that you can get a new programmer for about a third of the salary of an experienced programmer. Even if takes a few weeks for the new programmer to get trained, the company still saves money. Though they wouldn’t publicly admit it, some companies prefer to get someone who is more eager with a “clean slate” that they can train as they want than hire someone with years of acquired knowledge.
Wadhwa’s article talks about a new book called Chips and Change by University of California, Berkeley Professors Clair Brown and Greg Linden. The authors of the book cite Bureau of Labor Statistics and census data for the semiconductor industry and found that:
* Salaries increased dramatically for engineers during their 30s but the increases slowed after the age of 40.
* Over age 40, salaries started dropping, dependent on the level of education.
* After 50, the mean salary of engineers was lower-by 17% for those with bachelors degrees, and by 14% for those with masters degrees and PhDs-than the salary of those younger than 50.
Wadhwa’s advice for older workers is to move into management and/or keep their skills current.
Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP and more. Its distinct advantages are caching frequently-requested pages to speed up web page load times and also reducing bandwidth by not having to re-request the same page over and over again. It can also be used as a reverse proxy to accelerate web servers by serving up cached content rather than permitting continuous hits to the web server for identical content to multiple clients.
To illustrate how to quickly set up Squid as a caching proxy, Fedora 13 currently provides a very recent Squid 3.1.4 and is easy to install:
# yum install squid
Out-of-the-box, Squid will work as a web client proxy for the local host and local network. What you want to do is edit /etc/squid/squid.conf and look for the “localnet” entries, to comment out those networks that are not on your local network. For instance, if you use a 192.168 network at home, comment out the 10.0.0.0 and 172.16.0.0 lines:
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
Next, start the Squid service. If you have a firewall enabled on the system, be sure to allow TCP access to port 3128.
At this point, you can test by using a command line browser on the local system by doing:
$ http_proxy="http://localhost:3128" elinks http://foo.com/
And then look at the /var/log/squid/access.log file. If the browser did not complain about not being able to connect, and the log files show activity, then you have successfully set up Squid. The logs will look something like this:
1281203766.589 2626 ::1 TCP_MISS/200 18137 GET http://foo.com/ - DIRECT/1.1.1.1 text/html
1281203767.186 595 ::1 TCP_MISS/200 4867 GET http://foo.com/skins/common/
commonPrint.css? - DIRECT/1.1.1.1 text/css
If you were to execute the same browser command again, you would see the following:
1281204000.528 313 ::1 TCP_MISS/200 18137 GET http://foo.com/ - DIRECT/1.1.1.1 text/html
1281204000.591 60 ::1 TCP_REFRESH_UNMODIFIED/200 4873 GET http://foo.com/skins/common/
commonPrint.css? - DIRECT/1.1.1.1 text/css
This shows you the cache at work. The initial page is loaded again, but the CSS file is sent to the requesting browser using the cached copy. The next step is to try the same from another system that would also be using the cache (you can easily use the same command line browser command if available).
If you want to have a transparent proxy setup, so that no one will know the proxy is in use and cannot circumvent it, you can easily do so by adjusting iptables rules. If your firewall system is running Linux, this is easily accomplished. Note that if you do use a transparent proxy, you cannot use authentication on the proxy. If these aren’t important to you, setting up a transparent proxy is a fast and easy way to force everyone on the network to use it.
In /etc/squid/squid.conf you want to uncomment the “cache_dir” directive:
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 7000 16 256
and change
http_port 3128
to
http_port 3128 transparent
Once these changes have been made and Squid has been restarted, you also need to change the firewall rules for your network’s firewall or gateway system by redirecting all output HTTP traffic to the proxy. This can be tricky, depending on whether or not your Squid install is on the firewall system or if it’s a separate system in the local network. It also depends on your firewall’s software. The Squid wiki has a section on Interception (i.e. transparent proxies) and how to set them up with Cisco devices, Linux, FreeBSD, and OpenBSD.
That same wiki page also has other example configurations. Squid can be used for more than just web page caching, and there are examples there on how to use it for Instant Message filtering, using it as a reverse proxy to cache web page requests on a web server, how to set it up with various forms of authentication, etc.
Squid is very versatile and can do quite a lot. For large organizations, Squid offers a surprisingly easy way to save on bandwidth, as well as provides an easy way to force authentication to be required in order to obtain outbound access to traffic. For simple web caching, Squid is pretty much ready to run as-is, and the wiki offers a lot of examples and help if you need to consider something a little more complex.
|