I loaded a private web address using Chromium with the extension WOT v2.6.0 (by www [dot] mywot [dot] com).
Hours later, some unknown ec2-x.compute-x.amazonaws.com IP probed my private address.
I repeated the same test with another unique private URL, and hours later, the same ec2 IP loaded that private URL again.
Then I disabled the WOT extension in Chromium and repeated the same test with a new unique private URL. No more probes.
Bad WOT! You should just be checking whether a link has bad reputation instead of loading the web addresses I’ve visited.
Assumption: SD is not encrypted
Plug SD onto another working computer, look for the “cmdline.txt” file and edit it by appending “init=/bin/sh” after “rootwait”. Save the file, remove the SD and plug it back to the RPi and boot.
You’ll be dropped into a shell. Change your passwd, then hit CTRL-ALT-DEL to trigger a reboot. Switch off the RPi when the shutdown completes, just before the boot starts. Unplug the SD and plug it onto the other working computer. Remove “init=/bin/sh” from “cmdline.txt” file.
Plug the SD back onto the RPi, boot and you can now login with the newly reset password.
Let’s say we need to:
- Find out which package contains the file
/bin/su in Linux
- Verify if the file is untainted (from package) or changed in some manner
For RPM (Fedora, Red Hat, CentOS):
$ rpm -q -f /bin/su
$ rpm -V coreutils-5.97-34.el5
For DEB (Debian, Ubuntu):
$ dpkg -S /bin/su
$ debsums -s -a login
Install QPDF, then:
$ qpdf --password=? --decrypt in.pdf out.pdf
This doesn’t crack or guess the password for you. You must already know the password. It merely helps you to create a copy of the PDF without password protection.
Question: How to find out what contents on a HTTPS page is retrieved using HTTP, i.e. unencrypted in transit and thus open to sniffing?
Answer: Use Google Chrome web browser’s Developer Tools. Look under “Console” and you’ll see lines that look like this:
The page at https://www.example.com displayed insecure content from http://feeds.feedburner.com/notsecure.
Free e-book covering many aspects of cyber security.
Get yours @ OwnYourSpace.net