Stop Sniffing Me

So I am constantly learning. 40% of the internet is using the WordPress platform. I am no different. I started building my own websites with pure HTML/CSS/JS and loved it. It was a lot of work. WordPress started in 5/27/03 and my first website spun up in December 2004. I didn’t know about WordPress (WP) until year later. I kept my own website but then started dabbling with it and other CMS platforms.

Because it is so widely used, it is grabs the attention of the hackers of the world. Just like Windows and Chrome. If you have the market majority then you are the platform that people go after.

Over the years my sites have been routinely compromised or attempted at such. I have had to recover much data from backups.

Recently I learned about a username sniffing technique that is used on WordPress to discover usernames so that a brute force attack can be used to gain access to the site backend. I created a lovely redirect to his page from those pesky username sniffs just for fun.

CAPTION: I wonder if Jedi mind tricks work on hackers?

If you type in https://jasrasr.com/?author=1 then you get redirected to https://jasrasr.com/stop-sniffing-me

You could enter any number after the ‘=’ sign. https://jasrasr.com/?author=123 would also redirect to the same: https://jasrasr.com/stop-sniffing-me

That page then is clickable to this page to explain why I did what I did and now I am laughing at the whole thing. I could’ve installed a plugin to block the username sniffs but I like this approach better.

I just tested and created a new test user which makes technically author=2 valid. If this exist then you can see the archives and blog post/pages that were authored by that username. More importantly you can see the username in the URL and on the page.

In this example from icwnow.net you can see the username ‘kbjjsywyvf’ and the ‘test’ post that was created. A hacker can take this info and attempt commonly used passwords to gain access to the site.

This page will be updated. I am not done, but it is bed time…

Security vs Complexity – How to set a secure password.

It’s not as hard as you may think.

-She

Security vs Complexity

There is a major difference between an easy to remember password and one that is secure…or is there? Can’t you have both? Shouldn’t you have both?

There is a thought that adding spaces to your password to make a pass phrase is more secure because it enables you to have longer passwords that can be easier to remember. The true test of security is length and amount of randomness. Since we truly can’t be actually random, we need to include all types of characters allowed for a password. I am going to use password to encompass pass phrases as well because whether a password has spaces or not it doesn’t change what it is. A space in a password is still just a symbol character, so it’s just a password with spaces. I would argue you should have another symbol(s) besides spaces.

I wrote a previous post about passwords and security here, titled Secure Password is Not Secure. In this posting I highly suggested you use a password manager like LastPass and a Password Generator (LastPass offers this for free). The password generator is easy to get to if you are in Chrome or any browser with the LastPass extension installed by hitting ALT + G on your keyboard. You can also check your keyboard shortcut settings in the extension manager. chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/tabDialog.html?dialog=preferences&cmd=open. This link might not work, and you may have to right click your LastPass extension and click on Options.

Right click the LastPass extension, left click Options.
Left menu for Hotkeys, See Generate Secure Password at the top and see the default keyboard shortcut.

So if you don’t like LastPass or think they are evil then BitWarden is another company that offers all the same features.

Whatever you do, DO NOT use the same password on two different websites. I can’t stress this enough. Once you have a compromised password on one site, it is VERY likely the hacker will use automated tools very quickly to attempt that same password on many other sites.

You may not have anything to hide or want to keep super secure, but I bet you don’t want to be locked out of your email, Facebook, Instagram, etc. accounts?

So how do I create a secure and complex password?

A very simple way to come up with a more secure and more complex would be a “pass phrase” as discussed above. You can make it as random as you like.

EXAMPLE 1: The 3 brown dogs ran FAST!
EXAMPLE 2: 1Jason is a really big NERD!

The above examples both have 163 bits of entropy which is the amount of randomness including all the characters. (5 uppercase, 14-16 lowercase, 1 number, 6 symbols)

https://www.omnicalculator.com/other/password-entropy

If you go to howsecureismypassword.net then you see this, 2 decillion years to crack this password.

https://www.security.org/how-secure-is-my-password/ (FKA howsecureismypassword.net)

If you want to know how many possibilities for a password then you take the total number character types to the power of total number of digits.
total password possibilities = possible characters ^ number of digits
Example: A bank card PIN has 10k possibilities because 0,1,2,3,4,5,6,7,8,9 is 10 possible character types ^ 4 digits (generally) so 10^4=10,000

This password The 3 brown dogs ran FAST! has:

1,515,502,518,418,473,418,851,336,545,154,803,393,228,349,015,457,449

possibilities if you use all possible characters on my keyboard.

[email protected]#$%^&*()_+`1234567890-=qwertyuiop[]\asdfghjkl;'zxcvbnm,./QWERTYUIOP{}ASDFGHJKL:"ZXCVBNM<>?

If a computer can attempt 10,000 passwords every second then, per my calculation it would take 2.40116884430133E+39 or 2,401,168,844,301,330,000,000,000,000,000,000,000,000 or 2.4 duodecillion years. I am even dividing the probability in half because generally it takes half as many guesses than possibilities, when referring to statistics. I don’t know how the website above is calculating it’s 2 decillion years. I would have to know how many characters they are including and how many iterations per second. I am figuring 10k/second…

My Math

The iPhone and iOS now offer a great feature to suggest random passwords and even allows you to store them.

TOP 10,000 PASSWORDS!

Go to this website and make sure you don’t use any of these passwords. This list represents the topmost common used 10k passwords gathered from a list of 10 million passwords.

https://en.wikipedia.org/wiki/Wikipedia:10,000_most_common_passwords

This is an image of the top 100 from the Wikipedia link above. This screenshot is from 9/21/22 and the actual website is subject to change and show different top 100. I have also blurred out and curse words or words deemed to derogatory to displace on my website.

Great, but what do YOU do?

This blog is not sponsored by any of the websites mentioned above. I have personally paid for LastPass since 2010 and have thousands of passwords in my vault. For 99% of those passwords, I don’t even know them. I only know my master password. I don’t have to remember any of them. With the Chrome/Firefox/Edge browser extensions and the app on my iPhone I have very easy access to all my passwords. I also store other important information in my vault like credit card numbers, banking info, tax info, Wi-Fi information.

At stated above, I do not know any of my main passwords for any of my accounts. I generally use a password that looks like this: [email protected]$H*&xw96#zRg3fXjY$Y (automatically generated from LastPass which is free $0.00)

LastPass
Bitwarden


Have a safe and secure day and make better password decisions.

If you like this or agree, then leave a comment and let me know. If you don’t like this or think I am wrong, then leave a comment and let me know.

~ Thank you Jeremy for proofreading this. ~

DIY Dining Room Table

Update 1/15/22 – new video posted to the playlist which I needed to sand and re-stain to make it darker. Check it out!

I just uploaded a new video which is my preview of the editing process. All the video for all the days was 3.5 hours and I am hoping to edit down to about 10-15 minutes with commentary.

If you click this to go to YouTube then you will see he other videos for this table in the playlist.

Please SUBSCRIBE

go and subscribe!

UPDATE: Down to 40 minutes of total video time, from originally 210 minutes (3.5 hours)

Adobe Premiere Pro 2022 – 40 minutes total video time…and still counting down…

Motivation

I need to write more and more often. Less TV time, more blog time. This is my motivation, my accountability, my desire.

“Make it so.”

-Captain Jean-Luc Picard

Silly Adulting, New Year’s Resolutions Are For Kids

New Year’s Resolutions Are For Kids

I don’t like making New Year’s Resolutions because like everyone else they usually don’t happen. I jokingly did make a resolution last year on NYE. After spending the whole night playing 7th wheel, I decided that sucked so I wasn’t going to do that again this year. I did have someone to kiss on NYE. I was happy! I had my brother and his girlfriend in town from California (no, they weren’t the ones I kissed).

Better Adulting…

I work a lot and try to stay off the computer when I am home but that has only forced me to spend too much time in front of the TV. I am seriously debating cancelling my TV service. I didn’t have TV for years. I would just pay for internet and that was it. I added AT&T U-verse when I moved to this new apartment because it was actually cheaper to get TV, Internet, and my mobile phone bundled than the previous Time Warner Internet and AT&T Phone. Believe me, I did the math several times to get the best deal. Because of this, I stopped streaming TV to my computer and started recording on my DVR.

Side note, I am not really sure sometimes when to include a comma so I think I put too many in my sentences. If that is grammatically incorrect then please feel free to tell me. I know I have some Grammar Nazi friends who will gladly point out my flaws.

I have always been a fan of Security Now podcast by Steve Gibson and Leo Laporte on Twit.TV but wanted to try some additional car listening stuff. I love music but I love learning more. I started listening to Joe Rogan Experience and while he throws plenty of F bombs around he has some really interesting guests. The one thing I recently heard him say was that to change things you need to change your focus. My focus has been on working, coming home, feeding and letting out the dog, and then sitting down in front of the TV. I keep my weekdays busy with a small group, trivia, volleyball, and of course my son. But, I have been spending way too much time on the couch. I pay for a gym membership that I haven’t stepped foot in for about 7 months. It kills me that I don’t go back. I hope that by writing more on here that I can redirect my focus effectively and get back into a healthier routine and not so many hours in front of the tube. For those who are too young to remember ‘the tube’ does not reference YouTube. (shameless plug for my own YouTube channel) I just got distracted by several videos on this channel.

Before I forget, I would like to give a shout out to my fellow IT comrade and friend Messy. I am not sure if he wants hit full name shared because I don’t see it on his blog. His blog is 1amm3.com which stands for I AM ME. He writes about his thoughts as I do on here. I helped him get his blog started and he has encouraged me to put more time into mine. I have been doing my own website since December 2004 but this last year I have been encouraged to write more on here and I attribute that to Mr. Messy. Go read his stuff, very interesting.

I just realized it is 12:30 and I need to go to bed. I have been writing this blog and migrating files all night since I got home. I did stop to eat so that’s good.

The last thing I wanted to say is that while I hate New Year’s Resolutions, I did tell myself I wanted to write on this blog daily. So far there have been two blog entries in 17 days so maybe my daily will turn into weekly, but I do want to get my thoughts down on here to keep myself accountable to doing better things. I want to have a better life style over all and that means starting with keeping track of my thoughts on my blog. I don’t even care if any one reads.

And since it is 12:30am, I am not going to take the extra time to add pictures to this one, sorry.

 

Facebook makes it easier to find people…

    

So a while ago I posted this short article about how easy it was to find someone on Facebook using just their cell phone number. Facebook recently rolled out some updates over that recent past that makes it quite trivial to find people. You can now narrow down your people search by knowing a few public details about them. You should also check out my online dating philosophy posting.

I am not a stalker. I am a great “Googler”. The internet makes it very easy to find people. There is too much public information about you that makes it very easy. There are plenty paid services out there but I have never paid anyone a dime.

How did I stumble upon this?

I am single. I have several profiles on different online dating sites that I use as tools to hopefully find that next last relationship. I am a romantic at heart and believe that there is that special someone out there for me. I have had a few really good relationships but for one reason or another it didn’t last. I am 33 and know my search is not over. I just don’t have that high school sweet heart story. My story will most likely end in a few years when I find that special girl who I end up spending the rest of my life with and we met when I was mid-30’s. I feel, at this point in time, I don’t have a lot of time to waste on someone who is not legit. If you are honestly looking for a real relationship like I am then that is where I start. I am not on any dating app to mess around. I also have a very proud career in IT and love what I do. I know how to use a computer and the internet more than most and am not ashamed to say that. It is literally what I get paid to do. I get paid to know more than you. I love learning new things and this is the perfect ever-changing industry that never fails to teach me something new. I am also  very visual person. I want to know who I am talking to on the phone, so if I am able I will probably plug your name into Facebook to see your face while I am chatting with you. Sue me! The resources are there and I will use them.

People might call that stalking but that is silly. I wouldn’t call you a professional race car driver because you have a car, or an electrician because you turned on the light bulb. Those are both horrible analogies but for now that is the best I can think of.

How does that all fit together?

Before I would match a girl and hopefully exchange phone numbers. This served two points. The first was that texting is a ton easier than having to open an app that constantly wants your money. Texting on my phone doesn’t annoy me and short of calling is probably the easiest form of communication. Chatting through the app, depending on the app, can be quite annoying. I already have enough notifications on my phone. I don’t need another app going off like crazy when I am trying to have a meaningful conversation. The second point is that about 60-70% of the time I could see your profile on Facebook and tell if you are a real person, and if you are trying to catfish me by what is on your dating profile. People put their very best pictures on dating sites because they are trying to impress. Even if that means a picture that is several years old and maybe many pounds lighter. Most people update their Facebook profile much more often and your profile picture is one of many things that is public by default.

What has Facebook changed?

Everyone knows that for the most part your profile is private so that you have to be connected as “friends” to see what is shared. Yes, I know you are able to share things publicly and could have a very open profile. Facebook would love that! More data for them to mine about you and sell to advertisers to generate revenue. Now you can type a name into the search bar and Facebook will give you some options to narrow down your search like city, employer, school, and degree of separation from you (friend, friend of friend, mutual friend, anyone). You can’t have a Tinder account unless you connect it to Facebook. Bumble links to Facebook as well to pull initial information. POF (Plenty of Fish) has text blocks for location and profession.  CMB (Coffee Meets Bagel) has the same but ask for ‘Employer.’ The main difference is that POF doesn’t share your name (first name only) unless you tell it to. CMB doesn’t share your name (first name only) until you match with someone.

With a name, city, I can narrow down a Facebook search pretty well. Tag on an employer and almost 100% positive match.

The different dating apps/sites have different amount of pictures you can upload for free, ranging from 6 to 9. Quite often someone will share a picture on their dating app that they have also had as a current or previous Facebook profile picture.

One more method of matching a dating profile to a Facebook profile. Instead of showing your name it shows your screen name. Guess what other sites have screen names searchable? Almost every single online profile out there, including Facebook. If your screen name is “Jason13115” and I plug it into Facebook or even just facebook.com/jason13115 it will show your public profile because Facebook makes your profile URL the same as your profile name. Remember back when Facebook asked you to setup a custom username instead of ‘Profile ID 23324621’?

Side note: Jason13115 was my first ever username/screen name/handle on AOL when I was 13 (or better – ASL 13/m/IN)

Side note, you can log into Facebook with either your email, screen name, or phone number with the same password. You have to allow this and authenticate your phone number but it will work. It also helps to be able to reset a password if you have multiple verification methods.

In conclusion:

Do you think I am a stalker or do you think I am just a smart guy sharing some information that is helpful. If you were smart you would update your Facebook profile and change your privacy settings. Anything you have set to public is pretty much searchable on the world wide web. Your Facebook profile is cached in Google and they would love to know as much about you as they can.

Examples of two recent proof of concepts:

  

I love this site – http://bit.ly/2qVI92R – especially when I am wanting to be facetious (/fəˈsēSHəs/).

Love and Relationships

Turning over a new leaf is an odd saying. I feel like being single sucks. Anyone who says they like it is just lying to theirself. God put us here to be with somebody and we were never meant to be alone. While I don’t believe that means that we have to be with someone every second of the day it does mean that we are meant to enjoy this life with someone else. It means we are meant to care for another more than we care for ourselves. The Greeks had several words for Love and one of those is the love you have for your partner. We all ‘love’ our family, we ‘love’ our friends, we are supposed to ‘love’ our neighbors; but these don’t compare to the love that we have for that special someone. I am fairly certain I have felt this love for a couple people in my life. I can’t reminisce on those because for one reason or another they are not in my life. I was married once and would like to think it was happy and loving at some point or else why did I say, “I do”? For now and probably until Kingdom comes I will not have happy thoughts because of how it ended; not that it ended but, but how it ended. I have also loved others who eventually felt I was not right for them. Rarely have I loved someone who I decided not to be with. Isn’t that odd.

I would LOVE to find a beautiful woman who I enjoy being around and can get to know just as I know myself. I am confident she is out there but for now I haven’t found her yet. I am only 33 and know I have plenty of life left on this earth, but would like to spend the majority of it not alone. This is not a plea for someone to pick me up off my feet. It is a desire, not a need. I don’t ‘need’ to be in a relationship. I feel if you ever think you ‘need to’ be in a relationship, then you ‘need to’ be single for a while until you figure out why you think that is a need.

Morning 5-minute Random Babble

Side note: In prison, the worst punishment they can give someone is solitary confinement. That should tell you that we as humans are social creatures meant to be around other people. That means in a group as a whole, and in our private lives as well.