HOWTO secure your Meebo
hackMeebo is a Web 2.0 application that supports several IM protocols, AIM, Yahoo, MSN and GTalk. It paves the way for user who are behind the firewall to communicate with the rest world. However, as other IMs, the conversation between you and your buddies are not encrypted via SSL for the sake of server overload. the private talk is more or less like broadcast to the IT staff. How to secure my Meebo talk?
We can use SSH tunnel to encrypt the conversation. The idea is we run a proxy server in the trusted remote machine, and bring the proxy port(for example, 3128) to local by using the ssh tunneling, then use the localhost:3128
A trusted remote machine
First, we need a remote machine that is trusted. You can use your PC at home, or donate 1$ to Silence is defeat to open a unix account.
NOTE: Silence is defeat shutdowns the PayPal payment right now, the following method is verified in one Linux box at home.
Install the proxy server
Grab the latest version of squid, and build it.
wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE10.tar.gz
tar xvfz squid-2.6.STABLE10.tar.gz
./configure --prefix=${HOME}
make && make install
You need to setup the squid before run it. Open
${HOME}/etc/squid.conf.example
, uncomment the http_port directive, enable the
access to all users, and save it to ${HOME}/etc/squid.conf
http_port 3128
http_access allow all
You might need to change the port number to one non-used port; the allow all policy is not that scaring, since squid is not running in privileged mode, port 3128 is not open to the outside, only local users can access the proxy service. Run the service for you:
${HOME}/sbin/squid
Tunnel it
You need an SSH client, (OpenSSH for Linux, Mac OSX, Putty for Windows). For Linux, Mac OSX users,
ssh -L 3128:your_host:3128 user_name@your_host
and keep this terminal open. For Windows user, here is an illustrated HOWTO.
Test it
Change the connection setting of your browser to localhost 3128. You are all done.
Bonus: all the browser session are secured by SSH tunnel. IT may become suspicious what you are doing all day, though.