Sunday, February 26, 2006

SSL-Explorer: Browser-based Open Source SSL VPN Solution

I've been waiting for a solution like SSL-Explorer to come along.
SSL VPN is undoubtedly the VPN solution that many enterprises will be moving to. Yes, the cost for appliance based SSL VPN platforms has dropped dramatically with the SonicWALL SSL-VPN $200 coming in around $450 to $600. But if you want to roll you own, SSL-Explorer is the way to go. A single port-forward to a dedicated SSL-Explorer server and you're on your way.
From Nottigham, UK comes 3SP and SSL-Explorer, described as "the world's first open-source, browser-based SSL VPN solution. This unique remote access solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser."
I've successfully deployed this solution in a development environment and found it easy to install, quick to configure, and popular with users.
May I suggest trying it for yourself here: SSL-Explorer.
SSL-Explorer can leverage Active Directory, and yet is licensed under the GNU General Public License and you can install it on Windows or Linux.
You can use the free version or opt for the supported, feature-rich SSL-Explore Xtra.
The feature list is long, just go check it out: SSL-Explorer.

Monday, February 13, 2006

Google Desktop's latest "enhancement"

Google announced it's latest "enhancement" to it's Google Desktop software on February 9th. I've by no means been a proponent of the sofware since its inception, and now this is truly ridiculous.
According to the Electronic Frontier Foundation "the new Search Across Computers feature will store copies of the user's Word documents, PDFs, spreadsheets and other text-based documents on Google's own servers, to enable searching from any one of the user's computers."
First the goverment wants access to Google search logs, now this.
In a nut shell, if you've installed this software and your Google account is compromised, your entire file system, on all the computers you've installed Google Desktop, is completelty available. A hacker's "one-stop-shop" if you will.
Worse still, "the government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it."
I can't say this enough, if you value your privacy and your personal security do not install this software under any circumstances.
More information:
http://www.eff.org/news/archives/2006_02.php#004400
http://www.viruslist.com/en/weblog?weblogid=179597544

Moving blog to HolisticInfoSec.io

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...