Skip to main content

Blog archives for October 2010

Using Meerkat to secure wireless web browsing

A hot topic in the news today is Firesheep, a Firefox web browser extension that takes advantage of a security vulnerability in many popular websites like Twitter and Facebook and allows you to login to those sites as any other user on the network! This makes use of the practice of exchanging login information for web browser cookies that are then used to gain access, but which on open networks are subject to interception and reuse by other parties.

Our SSH tunnel manager Meerkat has always supported the ability to secure your web browsing on open networks. It does this with what's called a SOCKS proxy. The basic idea is you tell Mac OS X to use a proxy server, your web browser proxies all website requests through this server, and the server makes the actual requests for information to the website. The connection between your browser and the proxy server is encrypted via SSH, providing a workaround to network-based snooping.

Here's how to set it up:

Step 1: Add an SSH account to Meerkat

If you have an SSH account through your web hosting provider or someplace else, add the details to a new Meerkat account. [screenshot]

Step 2: Add a tunnel to Meerkat that uses this account

Be sure to check the Dynamic forwarding option and choose a high port (something in the 6000-9000 range is ideal) for the tunnel. [screenshot]

Step 3: Configure a SOCKS proxy in Network settings

In the System Preferences application, choose Network, then the AirPort connection, then Advanced... settings. Choose the Proxies tab, then SOCKS Proxy, then enter 127.0.0.1 as the hostname (this means the local computer, where the tunnel endpoint resides) and the port number from above. Choose OK, then Apply to apply the changes. [screenshot 1] [screenshot 2]

Step 4: Browse the web securely!

Just activate the tunnel in Meerkat. All web browser traffic will now go through the SSH account that you setup.

While these steps are a little involved, unfortunately web browser proxies aren't a simple procedure. One way that this can be automated is with Meerkat's free plugin for NetworkLocation, an application that can apply settings based on physical location changes. You can get the plugin in the NetworkLocation website's "Extras" section or from the sidebar on Meerkat's web page.

Have any questions about this? See the Meerkat support forums if you need a hand and we'll try to help out!

Happy -- and safe -- surfing!

Update: I've also heard tips from Meerkat users about setting their SOCKS tunnel to automatically start when using a particular web browser. Meerkat supports associating a tunnel with an app so that when the app stats, the tunnel is enabled and when it is quit, the tunnel is disabled. This is another great option to help with auto-configuration.

Looking forward to SecondConf

I'm very much looking forward to attending the first instance of SecondConf in a few weeks, a self-proclaimed "three-day, Chicago-style, single-track conference". While it's obvious that SecondConf is inspired by, and meaning to continue in the tradition of, the now-defunct C4 conference, I'm looking forward to it on its own merits.

C4 was a pivotal institution for me, as I attended the first iteration in 2006 and, two weeks later, quit my job and struck out on my own. This was largely inspired by the people I met at C4, now-friends who were a lot like me and doing what I wanted to do -- work on their own. While I can't praise Wolf enough for assembling such an awesome slate of sessions, the most value for me came from the self-selecting attendee list for C4. I went back for three more years as a way to see and hang out with some of the best Cocoa developers in the world.

The reasons I'm going to SecondConf are threefold: first, this continued face-to-face interaction with many from the Apple development arena; second, to support this nascent conference; and third, because I just plain like going to Chicago in the fall to hang out with Cocoa devs. Old habits die hard, I guess!

Much like Wolf, I still have hesitations about Apple's direction. You may have noticed the conspicuous absence of my own iPhone and iPad apps in the App Store. While I do work on a lot of iOS projects with clients, I choose to stay in the technology space out of a desire to improve my Cocoa programming capabilities most of all and not out of any love for Apple's policies on the actual commercial side of the App Store. So while I fully understand the reasons for the demise of C4, I was ready to accept it as a passing thing. I'm ready to give SecondConf a chance, however, in the same space and see what it's got for us.

Are you going to SecondConf? Leave a comment if you'd like and maybe we can meet up! See you in Chicago!