Categories
Tech Encounters

WOT probes my web access history

I loaded a private web address using Chromium with the extension WOT v2.6.0 (by www [dot] mywot [dot] com).

Hours later, some unknown ec2-x.compute-x.amazonaws.com IP probed my private address.

I repeated the same test with another unique private URL, and hours later, the same ec2 IP loaded that private URL again.

Then I disabled the WOT extension in Chromium and repeated the same test with a new unique private URL. No more probes.

Bad WOT! You should just be checking whether a link has bad reputation instead of loading the web addresses I’ve visited.

Uninstalled.

Categories
Tech Tips

How to reset lost root password on Raspberry Pi running Arch Linux

Assumption: SD is not encrypted

Plug SD onto another working computer, look for the “cmdline.txt” file and edit it by appending “init=/bin/sh” after “rootwait”. Save the file, remove the SD and plug it back to the RPi and boot.

You’ll be dropped into a shell. Change your passwd, then hit CTRL-ALT-DEL to trigger a reboot. Switch off the RPi when the shutdown completes, just before the boot starts. Unplug the SD and plug it onto the other working computer. Remove “init=/bin/sh” from “cmdline.txt” file.

Plug the SD back onto the RPi, boot and you can now login with the newly reset password.

Categories
Tech Tips

How to identify package of particular file and verify its integrity

Let’s say we need to:

  1. Find out which package contains the file /bin/su in Linux
  2. Verify if the file is untainted (from package) or changed in some manner

For RPM (Fedora, Red Hat, CentOS):

$ rpm -q -f /bin/su
coreutils-5.97-34.el5
$ rpm -V coreutils-5.97-34.el5

For DEB (Debian, Ubuntu):

$ dpkg -S /bin/su
login: /bin/su
$ debsums -s -a login
Categories
Tech Tips

How to remove known password from protected PDF?

Install QPDF, then:

$ qpdf --password=? --decrypt in.pdf out.pdf

This doesn’t crack or guess the password for you. You must already know the password. It merely helps you to create a copy of the PDF without password protection.

Categories
Tech Tips

https page that includes other resources which are not secure

Question: How to find out what contents on a HTTPS page is retrieved using HTTP, i.e. unencrypted in transit and thus open to sniffing?

Answer: Use Google Chrome web browser’s Developer Tools. Look under “Console” and you’ll see lines that look like this:

The page at https://www.example.com displayed insecure content from http://feeds.feedburner.com/notsecure.

Categories
Tech Tips

Own Your Space

Own Your Space

Free e-book covering many aspects of cyber security.

Get yours @ OwnYourSpace.net