Posts Tagged 'Browsers'

July 8, 2009

Encrypted Hot Chocolate

Imagine this scene: you’re sitting at a local coffee shop, having a drink and browsing the web. While checking out your favorite news site you see an e-mail come in where someone is commenting on your blog post from that morning. This is odd because while you remember checking blogs, you don’t remember posting one. On investigating you find a blog post that you definitely did not create. As you look around wondering what is going on you should probably take a peek at the guy sitting in the comfy chair with his headphones on running a wireless sniffer to grab passwords out of the air.

How does this happen? The coffee shops I’ve seen all run open wireless access points. This is great for flexibility and serving the most people but if the Access Point is unencrypted it is quite possible to run an application which will listen to the wireless network and record packets. These packets can then be examined by a tool like the Wireshark application. Since the packets are not encrypted then things like username/password combos can be read in clear text from the packet.

Knowing what the problem is, how do we work around it? Since we cannot encrypt the wireless session, we’ll encrypt the data itself. One option would be to do a VPN from your laptop in the coffee shop to a location out in the world. This would channel all of your traffic out through this other system. It’s a good solution but it can be a bit technically complicated if you don’t have one already set up. If you’re really only concerned with encrypting your HTTP traffic you could use the PuTTy application to tunnel traffic via an encrypted session to a Unix server here at SoftLayer by using the OpenSSH ability to act as a SOCKS5 proxy.

When you define your connection in PuTTy you can go down to Connection > SSH > Tunnels and then place a port number, such as 8080, in the Source field. Select “Dynamic” and “Auto” then click the Add button. Connect to your Unix server here at SoftLayer. Next stop is the browser. The way I configure my browser for this is to go into Firefox > Tools > Options > Advanced > Network > Settings (under Connection). Select “Manual proxy configuration” and then in the field labeled SOCKS Host: put “127.0.0.1” and for the port use the port you specified above. Leave the type as “SOCKS v5”. Select OK and then in the URL bar type “about:config” which will let you do advanced configuration. In the filter field type in “network.proxy.socks_remote_dns”. Right click on it and select Toggle. This will mark it true.

Now if you pull up a website which will tell you the IP that you are coming from (such as http://whatismyip.com) you should see it report back the IP address of your server here at SoftLayer. This happens because Firefox has been told to use 127.0.0.1:8080 as its SOCKSv5 proxy and this traffic gets tunneled via the encrypted SSH session to your server at SoftLayer. The server here will do the DNS lookup (due to network.proxy.socks_remote_dns) and then send out the request. The response will be tunneled back to your browser.

You do have to remember to fire up the PuTTY session but this isn’t so hard since if you try and browse without it the browser tries to hit the SOCKSv5 proxy port specified and fails. Beyond that I’ve not run into any troubles using this trick.

And now I think I will head off for some hot chocolate myself.

Categories: 
September 26, 2008

Browser Wars III

With the recent releases of Google's Chrome (Sept 2), Microsoft's Internet Explorer 8 Beta 2 (Aug 28), Mozilla's Firefox 3 (June 17), not to mention all the legacy browsers many of which are still in use. If you are not a web developer, you are probably thinking why should I care what web browser people are using? Believe me you should, the majority of SoftLayer’s customers run a business and with that have a website which must be displayed on, you guessed it, a web browser.

1. Layout/Rendering Engine
This could be one of the biggest differences between the browsers, a layout/rendering engine is what the browser uses to parse the html and display your web pages. Although there are numerous specifications for various types of content (HTML, XHTML, images, etc..) each of the engines seem to render it slightly different based on their interpretation of the specification documents.

But don’t take my word for it go check the ACID website or the screenshots of the ACID tests in different web browsers.

2. Your Privacy
Most of the front runners in the browser wars are sending your usage and machine specifications back to the mother ship. What they are doing with the information once they get it, who knows. But, with Google being the front runner in search and ads, with the addition of Google Chrome, they pretty much can monitor all web usage for anyone using their product. Please get out the tin foil hats now ☺

3. Usage / Front Runner
Based off most of the statistics I have seen IE 6, IE 7, Firefox 2, Firefox 3 are the front runners, with a few stragglers using Safari and Opera. But I bet things will be changing and Chrome will be coming up in usage ranks over the next few months as well as IE 8 once it is released from Beta.

At SoftLayer we test on all the major front runners in the browser wars for our web presence. I will be grabbing the popcorn and watching the show, things are about to get hectic in this area. Whether it is good or bad; users are getting more options in the browser market.

-Dorian

Categories: 
Subscribe to browsers