Tag Archives: Security

Don’t Give Away Historic Details About Yourself

Please be safe out there

Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as “What was your first job,” or “What was your first car?” The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.

Don’t Give Away Historic Details About Yourself — Krebs on Security

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?

Facebook Lockdown

Warning: I may get slightly snarky below. I’m not intending to belittle anyone’s intelligence, but to forcefully promote the importance of privacy and security.

So… recently I know a number of people’s Facebook accounts that have been “hacked”, and since I don’t want to bore you with the technical details I do want to provide some basic security advice and show you how to lock down your account.

First the basics… While I know it may be super tempting, or you “just weren’t thinking”…

  • NEVER click on a link you don’t recognize and have a reason to click on. I don’t care if it’s unicorns and rainbows or will create world peace. Stop clicking on links for no reason. What’s a reason? Ex, your friend messages you and says, “Hey [what they would normally call you], here’s a great recipe we tried last night and [some family member of theirs] really enjoyed it [link]”. Notice how actual identifying information was included in that and it was targeted?
  • But what about all the great articles on Facebook? Do you recognize the domain? Do you have a real reason to be going there? Maybe you should log out of Facebook and delete your account? But anyway, same rules apply… unless you recognize where the link is going to and you have a real reason – don’tclick on the link!
  • Here we’re going to get a little Facebook specific, but NEVER install apps, games, or allow third party access to any part of your profile unless you are 100% sure of the legitimacy. In fact, delete all apps with access to your account. Ready, for a real link? Here’s where you can delete apps with access to your account. You’ve heard of Cambridge Analytica, right? If not, go delete your Facebook account right now and never log back in.
  • Ok, back to the basics… Never use the same password for sites. Hint, your Facebook account getting hijacked isn’t usually because of a bad password, it’s usually for one of the reasons above which I why this is listed forth. Still… don’t use the same passwords.
  • Ok, ready for probably the most important thing you can do other than following the items above? Enable two factor authentication EVERYWHERE. In fact, go back and read that article I wrote 4 years ago.

Ok, now I’m getting tired as this may be one of my longest posts ever. So, to wrap it up, here’s how to enable two factor authentication on your FB account (note, even 2FA won’t protect you from clicking on stupid links and installing apps).

  1. Install an authenticator app on your phone like Google Authenticator.
  2. Go to your Facebook security settings: https://www.facebook.com/settings?tab=security
  3. Under “Setting Up Extra Security” enable “Use two-factor authentication”
  4. Under “Code Generator”, click the “third party app” link to generate a QR code you can scan w/ the Google Authenticator app.
  5. Follow the instructions.

Now, go enable 2FA for your other important accounts like banking and Google/GMail.

But most importantly, stop clicking on links!

PS: Again, apologies for any snarkyness. It’s interesting because in the wake of the cambridge analytica, #DeleteFacebook, and other campaigns I’ve been thinking of what it would take to create a distributed, secure, no ads based, non-profit social network. If you know of one already I would be interested. If not, and you’re a developer who might be interested in working on such a project, please let me know.

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?

Scary Chip Flaws Raise Spectre of Meltdown — Krebs on Security

Please be sure to update/patch every device you have. On most Windows machines, you should be able to do a manual reboot (Start -> Power -> Restart) and have the updates applied. On iOS you want to go to Settings -> General -> Software Update

Scary Chip Flaws Raise Spectre of Meltdown — Krebs on Security

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?

Change permissions on files of a specific type in linux

Need to change all *.ksh files to be executable under a directory, but not having luck with a recursive chmod? The issue is you need to combine chmod with a find and xargs like so…

find /home/user -name '*.ksh' | xargs chmod 744

The first piece lists all the files under the path that match *.ksh and passes them to xargs and chmod. If you want to see an example without changing any permissions, just substitute ls -l like so…

find /home/user -name '*.ksh' | xargs ls -l
Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?

Setup password-less SSH and SCP with public/private keys

Want to scp a file to another server without having to enter the password?  Want to just make your security even stronger?  Public/private keys to the rescue!  Of course, if you don’t know what I’m talking about or why you would want to do this, feel free to google it or just go visit another site.

For those still with me, you need access to both the local and remote servers (duh).  I’m going to refer to the server/host you are logged into as the local machine, and the one you want to connect to as the remote machine.

First, on the local machine you need to generate your public and private keys.  To do so, enter this command…

ssh-keygen -t rsa

Be sure to just hit enter to the questions you’re prompted with (otherwise you will have to enter a password when connecting with the keys – which goes against the whole point of this post).  This will create a couple of files in your .ssh directory (something like id_rsa and id_rsa.pub – your private and public keys respectively). Your public key (the file you want to distribute) ends in “.pub”. Assuming you have that file, send it over to the remote machine (perhaps with scp, yes?)…

scp ./id_rsa.pub user@server.com:/home/user/.ssh/id_rsa.pub

Of course password authentication isn’t enabled yet so you’ll have to enter the password. Next up, you need to login to the remote machine and visit your .ssh directory, and cat the .pub file into your “authorized_keys” file (don’t worry, the command below will create the file if it doesn’t exist. I leave it to you to know how to create the .ssh directory if needed)…

cat id_rsa.pub >> authorized_keys

It’s then a good idea to secure your file and delete the temporary public key on the remote machine…

chmod 600 authorized_keys
rm id_rsa.pub

Once you’ve done all this, you should now be able to connect without a password! Just use your private key…

ssh -i ./id_rsa user@server.com

Have fun!

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?

SSH, SFTP, and SCP on non-standard ports

One common suggestion for securing a secure shell connection on Linux is to change the port that ssh runs on.  But how exactly do you connect to a server on one of these non-standard ports?

Naturally, the syntax is different for each so here goes:

ssh

ssh -p 33432 user@server.com

Yes, ssh uses a lower case p command line argument. Just wait until we get to scp.

sftp

sftp -o "Port 33432" user@server.com

Of course sftp uses a plain English option parameter of “Port XXXX”

scp

scp -P 33432 /home/user/file.txt user@server.com:/home/user

And naturally scp uses a capital P

Gotta love consistency!

Like this? Consider joining my mailing list, or at least using my affiliate link when buying from Amazon 🙂

You or someone you know looking to buy or sell?