Greetings, weary tech[no] traveler!
Breached databases are a common occurrence in this digital age we live in. Login credentials are leaked onto the internet all the time. Adobe, Snapchat, Dominos Pizza, are just a few of the countless companies and institutions who had their costumers account information stolen; including usernames, email addresses, and passwords (more like password hashes). At the beginning of 2015 many costumers of companies, such as Intuit (known for their Turbo Tax software) and the University of Oregon, became data breach victims. Most of the time they're rarely notified that their data has been compromised and available to anyone on the internet, for long periods of time. This is the polar opposite of good!
Despair not! There is website that will tell you if your email address was found in a leaked user credentials database. It's called haveibeenpwned.com. It's a pet project of a heavy weight champion in the world of web security, Troy Hunt. Just enter in an email address. The site will check it's database of breached sites and return it's results to you.
You're probably thinking "Wait a sec...I bet whoever is running this site is harvesting email addresses! Why should I believe the Tech[no] Survival Guide?". You don't have to believe me. Check out the details for yourself.
Not only does haveibeenpwned check single email address through it's web interface, it also provides a handy API. So, you can write your own programs that use this awesome service! Which is what I did. I wrote a handy python script, called checkpwnedemails, that is capable of checking a single email address or multiple email addresses right from your command line interface. Also, it can write the results to a (tab delimited) text file. Which can be useful for reports, or storing in a database for later analysis. It's free (as in, free beer) and open source. You can get a copy of it from here.
To use checkpwnedemails, you need to have a python 2.7 (or greater) installed on your computer.
To check a single email, type the following command:
python checkpwnedemails.py -s <email_address>
To limit the results to breached websites:
python checkpwnedemails.py -b -s <email_address>
To limit the results to login credentials found in paste sites (such as pastebin):
python checkpwnedemails.py -t -s <email_address>
To check multiple email addresses, provide a text file listing the email addresses you wish to check (one address per line):
python checkpwnedemails.py -i <list_of_email_addresses>
If you want the results to only contain email addresses that were pwned, pass the -p option, like this:
python checkpwnedemails.py -p -i <list_of_email_addresses>
Of course, the -b and -t tags can be used as well.
If you want to print the results to a (tab delimited) text file:
python checkpwnedemails.py -i <list_of_email_addresses> -o <name_of_output_file>
If you did not provide the -b or -t option, then two files (one for breaches and one for pastes) will be created by default.
If you find that your email address(es) was in haveibeenpwned's database, it would be in your best interest to immediately change the password of the corresponding account. As a matter of fact if you (or someone you know) are one of those people who use the same password for everything, then change all your passwords (and use a different password for each account!).
Friday, February 20, 2015
Sunday, February 8, 2015
Adding yourself back into the sudo group on Raspberry Pi
Greetings, weary tech[no] traveler!
Have you ever lock yourself out of the sudo group, on your Raspberry Pi, by accident...and your user was the only one that had sudo permissions? It happened to me once. I was worried that I would need to reformat my SD card, reinstall Raspbian, and reconfigure my Raspberry Pi all over again. However, that is completely unnecessary. Here's what you need to do:
Have you ever lock yourself out of the sudo group, on your Raspberry Pi, by accident...and your user was the only one that had sudo permissions? It happened to me once. I was worried that I would need to reformat my SD card, reinstall Raspbian, and reconfigure my Raspberry Pi all over again. However, that is completely unnecessary. Here's what you need to do:
- Power down your Raspberry Pi.
- Remove the SD card and insert it into your PC.
- Change directory to your mounted SD card. Since I am using OSX:
cd /Volumes/boot/ - Open the file named "cmdline.txt" with your favorite text editor.
- Add the following text to the end of the existing text. It will drop you into a root shell upon reboot:init=/bin/shMake sure it is all one line!
- Save "cmdline.txt" and eject the SD card from the PC.
- Put the SD card back into the Raspberry Pi.
- Connect a USB keyboard and monitor to the Raspberry Pi.
- Power on the Raspberry Pi.
- Once you see a flashing cursor, remount the filesystem as read-write, add your user back into the sudo group, and shutdown the Raspberry Pi. To do that, enter the following commands at the prompt:
mount -o remount,rw /
usermod -a -G sudo <username>
shutdown -P now - Remove the SD card, reinsert it into your PC, and open the "cmdline.txt" file again with a text editor.
- Delete the “init=/bin/sh” text you added in step 5.
- Save "cmdline.txt" and eject the SD card from the PC. One last time.
- Put the SD card back into your Raspberry Pi, reboot, and rejoice in your reclaimed sudoer privileges!
Subscribe to:
Posts (Atom)