Configuring SFTP for Lithium Hosting access

Lithium Hosting is an excellent hosting provider, which has a $1.95 per month shared hosting plan (it has some limits, but it’s more than I need for my blog). Aside from their great prices, I found out during the initial trial period that they are offering a secure way to transfer of files to and from your site by means of SFTP (Secure File Transfer Protocol). However, neither their Knowledge Base nor their Video Tutorials contain any information about this subject, so I had to open a ticket at their customer support to make an inquiry about this. They were helpful in pointing me in the right direction, but without giving too much details, so I decided to write a tutorial on how to configure SFTP, to help anyone who has an account on Lithium Hosting.

Basically, in order to be able to use SFTP, you need to generate a private/public key pair using the cPanel built-in functions, download the private key to your computer, and then add it to WinSCP to be able to connect to your site. I will describe below all steps required to do this (note that in all pictures, I will highlight in red the actions needed for the corresponding step): Continue reading

Moving away from Google

A few days ago, Google announced on their official blog that Google Reader will be retired on July 1st, 2013. Even though I am not a user of this service, I know that it is very popular among other people, and it’s disappearance signifies a loss in user’s choice. For people using Google Reader, I will list some alternatives below:
Continue reading

Taking screenshots in VirtualBox

A few days ago I needed to take some screenshots from a virtual machine running inside VirtualBox. The first idea I had was to press the Print Screen key while the main window of that virtual machine was displayed. And it works, but only if the virtual machine is running in a window, and not in full screen, and has the added disadvantage of capturing the VirtualBox window, menus and toolbars. Searching on the internet I found the proper way to actually capture only the screen of the virtual machine.
Continue reading

Facebook privacy considerations

There is a lot of discussions lately about Facebook and privacy, generated by the announcement of Graph Search. Basically, Graph Search is a search engine that is able to access all the information available on Facebook, and that was posted by users. Naturally, this sort of information aggregation raises important privacy questions and heated debates on the subject. I will not refer to Graph Search in this post, but I will try to give you a more general view on privacy on Facebook.
Continue reading

Adding Google Analytics to my blog

I decided that in the next few days I will enable Google Analytics for this blog. It is a matter of curiosity for me about how it works, what kind of information does it provide, and how to set it up.

I must admit that generally, I’m against monitoring of visitors of a web site by a third party, but in this case both and Analytics belong to the same party (Google). So even if Analytics is disabled, Google will still be perfectly capable of tracking my blog’s visitors. In order to disable the additional monitoring done by Analytics, you can use a browser add-on (like AdBlock Plus or NoScript for Firefox).

Also, some time in the future, I plan to move this blog from Google to another provider (or even host it myself). At that moment, I will switch to an open source analyzing solution like Open Web Analytics or Piwik.

Use Facebook Chat from Pidgin

Pidgin is a free and open source chat client that is able to connect simultaneously to a lot of chat networks (AIM, MSN, Yahoo!, Google Talk and many more). One of the supported protocols is XMPP, the same protocol used by Facebook Chat. That allows you to add a Facebook Chat account to Pidgin and to talk to your friends without opening a browser. In previous versions, you had to add and setup a XMPP account to Pidgin, but now it supports a separate protocol, called “Facebook (XMPP)” that will fill some of the parameters for you.
In order to add Facebook to Pidgin, first you need to follow these steps:
Continue reading

Webmaster Tools and the Blocked URLs

Today I was checking my blog statistics and health using Google’s Webmaster Tools. Under “Health” option I selected “Blocked URLs” to see if robots.txt file was blocking Google from crawling my blog. Normally, this shouldn’t happen, because robots.txt was generated automatically when I created the blog. However, the blocked URLs number was not zero, but ten! I decided to investigate further, and while checking “Index Status” (also in the “Health” menu) and selecting the “Advanced” option, I saw that 9 URLs were blocked by robots.txt (I don’t know what is the reason for the difference between two numbers, but I presume that it is happening because the two values were read at different moments in time).
Continue reading

Password recovery security – Gmail

Today, I will analyze Google Mail’s password recovery procedure from a security point of view. From the beginning of testing, it was clear that the procedure used by Gmail is very complex. There are different steps for password recovery for each situation: if you try to recover your password from the computer/IP address from where you created the account or not, if the 2-way authentication is enabled or not, or even depending on what kind of security measures are put in place when you setup your account.
Continue reading

Password recovery security – Yahoo!

The free webmail provider that I am going to discuss today is Yahoo!. When you create an Yahoo! email account, you are not forced to choose some password reset info, like an alternative email you have or a phone number you own, but you can do it (or you can add them later from the account’s settings). However, you must provide two security questions and their corresponding answers. As I insisted in the previous articles, when it comes to the security questions, you must treat the answers like you treat your password (they must be known ONLY by you, they must be long, and preferably they must not make any sense to anyone). This way, you make sure that no attacker can guess them in a reasonable amount of time.
Continue reading