As subtle as a flying brick.

Posts tagged “Security

Aside

Linux turn OFF password expiration / aging

/etc/shadow stores actual password in encrypted format for user’s account with additional properties related to user password.

The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file

However I recommend using chage command. The chage command changes the number of days between password changes and the date of the last password change.

This information is used by the system to determine when a user must change his/her password.

To list current aging type chage command as follows:

# chage -l vivek

Output:

Last password change                                    : August 23, 2013
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

To disable password aging / expiration for user foo, type command as follows and set:

Minimum Password Age to 0
Maximum Password Age to 99999
Password Inactive to -1
Account Expiration Date to -1

Interactive mode command:

# chage username

OR

# chage -I -1 -m 0 -M 99999 -E -1 username

Advertisements

Understanding /etc/shadow file

Q. Can you explain /etc/shadow file used under Linux or UNIX?

A. /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password i.e. it stores secure user account information.

All fields are separated by a colon (:) symbol. It has one entry per line for each user listed in /etc/passwd file Generally, shadow file entry looks as follows:

shadow-file

(Fig.01: /etc/shadow file fields)

  1. User name : It is your login name
  2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
  3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
  4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
  5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
  6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
  7. Inactive : The number of days after password expires that account is disabled
  8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used

The last 6 fields provides password aging and account lockout features (you need to use chage command to setup password aging). According to man page of shadow – the password field must be filled. The encrypted password consists of 13 to 24 characters from the 64 character alphabet a through z, A through Z, 0 through 9, \. and /. Optionally it can start with a “$” character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with “$1$” it means the MD5-based algorithm was used.


How to Tell When You’re Being Followed (and Get Away Safely)

There’s little more frightening than the sneaking suspicion that someone may be following you, whether it’s on foot or in a car. Here’s how you can tell whether that person behind you is watching you as much as you’re watching them.

Why Would Someone Follow Me? I’m Nobody!

It’s not just spies that get tailed. Law enforcement doesn’t usually waste time and resources following random people, but they’re not the only ones interested in the lives of others. Private detectives, angry exes, friends or family of exes, or even that guy you accidentally cut off changing lanes a few miles back may have been following you this whole time, seething and ready to give you a piece of their mind (or possibly their fists.)

Don’t underestimate how even small things can set dangerous people off. These are the easiest people to identify and avoid. We’re not saying live your life paranoid, and if you can’t think of a reason someone would follow you, odds are you’re not being followed, but we are saying that a little knowledge and awareness of your surroundings at all times goes a very long way.

How to Tell If Someone’s Following You

Let’s be clear: if the professionals are following you, you probably won’t know it. Real spies use a host of tricks to make sure you’ll never know you’re being followed. Multiple operatives observe you, and switch off at predetermined points while a control operative, in contact with everyone in the field, manages their movements. That means the guy that followed you for the past two blocks will pull off at the next exit or pop into the Starbucks you passed for a coffee, and someone else will take over while you wonder where he went. There are some ways to tell is an amateur, random person, or a PI is following you though:

  • Stay aware of your surroundings. It’s common sense, but you’d be surprised how many people walk around every day staring at their phones or looking at the sidewalk in front of them, paying no attention to the world around them. Keep your head up, and make note of the people you see and the cars you pass. If you’re not aware of your surroundings, the rest of these tips won’t help you.
  • Don’t start looking over your shoulder. Remember, normal people are the ones who do inconspicuous things. Spies and PIs know better than to draw attention to themselves. As soon as you start glancing over your shoulder every three steps, they’ll know you’re suspicious. They’ll likely drop farther back or disengage entirely and pick up later.
  • Start with appearances. Look for a car you’ve never seen before in your neighborhood or along your commute, or make note of a vehicle that seems to be taking all the same turns that you’re taking. The same applies for people. Here’s the catch though: if a road-rager is following you, they’ll just close, which is easy to spot. If someone is actually trying to follow you, they’ll probably drive past you occasionally, then change lanes and fall back. On foot, they’ll walk next to you, or even pass you and take a side street that eventually ends up going the same direction that you’re going. Look out for vehicles that make all the same turns that you do. More Intelligent Life suggests you keep an eye on a person’s shoes. Coats and hats change easily, but shoes? Not so much when you don’t want to lose someone. Photo by Robert Red.

  • Slow down. Slow people and vehicles are hard to tail, and risk the exposure of the operative, because they now have to stay near the target. Pull into the right lane and drive the speed limit. See what happens. If you’re on foot, slow down or stand to the side and fiddle with your phone a bit (while keeping an eye on what’s going on around you, of course) and see who slows down with you, or who walks past and then suddenly reappears later. Some people will tell you the opposite: that you should speed up and see if they do too. An amateur would speed up too, but a professional would only speed up if they think you might turn or take an exit, or if you’ll leave their line of sight.

The video above, part of a training series by SAFE International, has some more suggestions to help you figure out whether you’re being followed, and what you should do if you confirm that someone is trailing you.

What You Should Do If You Think You’re Being Followed

If you’ve tried the above and think someone’s on your tail, you have some options.

  • Call the police. Do this first. If you think you’re in any kind of real danger, this is the best, first, and probably only course of action you should follow. Additionally if it’s local authorities, they’ll disengage. If it’s another law enforcement agency, they may get pulled over themselves. If it’s a PI or a road-rager or any other civilian after you, the police are the best people to handle the situation. If you’re on a highway, stay on it. If you do get off a main road, drive to the nearest police station.
  • Go somewhere public. Public, and with tons of people. Find a crowded restaurant and grab a seat. Order a coffee and read something on your phone. Head into the nearest shopping mall or large, crowded store. This gives you two benefits: first, you have the cover of a lot of people (stick close to the crowds.) Second, you can observe your observer, get their description, and hand it over to the police.
  • Don’t panic. Don’t start speeding, or try to make quick turns or duck into alleys. Ducking into the subway before the doors close looks great in the movies, but the smart people already have someone on the train or platform waiting for you. Start speeding, and you’ll just drive into the next tail car’s territory faster. When professionals follow someone, they don’t need to know where you are at all times, they just want to “house” you, or observe your behavior and patterns. If you’re worried it’s an angry ex or someone you cut off, stay on main roads, and if you have to stop, leave plenty of space between you and the car in front of you, just in case you need room to maneuver or drive around it if someone approaches your car.
  • Change your behavior to confuse your follower. If you’re in a car, take the next exit, then get back on the main road. This isn’t something most people would normally do, and if someone follows you off the road and then back onto the highway, you know something’s up. Better yet, they should know you’re on to them, and disengage. Make four right (or left) turns. Few people need to drive or walk in a circle. Image by Oleksiy Mark.

  • Change your patterns regularly. Don’t go straight home, especially if you’re worried the person following you intends to harm you. Take a different route home from work than you did yesterday. Go to a restaurant you’ve never been to. If you think someone’s been following you, they’re probably already aware of your patterns, so suddenly taking the freeway home when you normally take side streets may throw them off. Riding the subway uptown when you live downtown will do the same thing. If you think the person wants to harm you follow these tips on avoiding an attack, some of which echo points we’ve made here (staying in public, calling the police, etc.)

Professionals, like PIs, usually won’t interact with you—they just want to know where you’ll be and when so they can plan for later. They’re the people you can throw off with changes to your habits and driving tricks. People who want to hurt you are another matter. Your safety is paramount.

Some people will suggest you follow the follower, but we can’t recommend it. If the person following you means you harm, that’s a very dangerous game you’re playing. You should be focused on getting to a safe place, keeping your head and wits about you. With luck, you’ll never need to worry that someone is following you, but it’s important to be able to tell if someone is, why they’re following you, and how to avoid, deter, or lose them.


Crack Almost Any Electronic Safe with the Bounce Technique

If you have a digital safe with a passcode entry, a few things could go wrong. You could forget the code, the electronic mechanism could fail, or someone could change the code without you knowing. In the event you need to break into your own electronic safe, here’s how to do it.

The technique you use to crack an electronic safe is called safe bouncing (which is an accurate name once you see how it’s done). It’s apparently easy enough for a kid to do, but looks like it could take a bit of practice. As you can see in the video above, you literally drop part of the safe against the table (or whatever surface it’s resting upon) while turning the locking knob. If your timing is right, you’ll have turned the knob when the safe’s lock bounces open for a brief moment. This works because many cheaper safes have locks that lift. Better safes have counterweight mechanisms so the lock is held in place even when the safe is moving. You won’t be able to bounce those open, but you’ll have no problem with the lower-end options. If you’re successful, the deadbolts will recede into the safe’s door and you’ll be able to open it up.

While good for those times when you lose your passcode, it’s not so great for those times when someone tries to rob you. If you’re concerned about the safety of a given safe, you might want to try this bouncing technique before your purchase.