Author: khaxan

Cookies – What they are, why they matter and how to get rid of the nasty ones.

Cookies  cookies

At this point, most people at least have heard about cookies in a non-dessert but websites sense. But what they really are and how they work remain obscure for some. So, let’s try to break it down a little.

What is a cookie?

A cookie is a data message that is stored in your Web Browser (i.e., in a file in your computer) when you visit certain websites.

cookie

Basically, you access the site and you receive the cookie that the website sent you. After that, every time you access that website, your web browser (Chrome, Firefox…), sends the cookie back to the website that created in the first place, and which it’s the only one allowed to read and modify the cookie contents.

Why do websites use cookies?

cookie2

Basically, to remember you and your previous activity on the site.

Look at it this way, let’s say your name is Sam and you’re a regular in a coffee shop where you’re always served by John and you always order black coffee. Chances are the next time you go there, John greets you with a “Hi Sam, nice to have you back here, do you want the usual? Maybe you’re interested in this muffin who’s a match made in heaven for your black coffee.” Does it sound familiar?

Well, websites try to do the same thing, just in the virtual world.  Cookies allow the website to greet you, the remember what products you were browsing last time you visited the site, products in a shopping cart or wish list, what your languages preferences are, and a lot of other stuff, for as long as the cookie stays in your computer.

Also, cookies are a mechanism to let the website know if you’re already logged in the site, so it doesn’t bug you asking for your password again and again (e.g. in a paid news site). These cookies are known as authentication cookies.

Can a cookie have a virus?

Not really. A cookie file is just a text file, it’s not code, so the cookie cannot perform any action by itself. Hence, a cookie is neither a virus or malware and they can’t install those in your computer either. However, cookies can be used to help malicious behavior by third-parties as it is explained below.

Can a cookie represent a threat?

They might, but not by themselves. The cookie is just a small text file which in the wrong hands may represent a privacy threat if a 3rd party has access to unauthorized information.

An attacker can use a bug/attack in your web browser to read cookies and gather information about you, your shopping patterns, the websites you access, and even the passwords you use to access those sites.The attacker can even use your cookies to impersonate yourself into a website.

ProTip: Never save a password in your browser, seriously.

Cookies can also be used to identify a computer infected with a certain malware, so this computer can be compromised or used later to participate in an attack to some other target. Again, the computer had to be infected in some other way (not by the cookie).

The privacy concern

There’s a particular type of cookie which arises controversy: The tracking cookie.

Remember your old normal cookie who only sends information to a website when you visit it? Well, now imagine you left the website with a spy at your back.

A tracking cookie will report to a website of your activities online, even if those activities had nothing to do with the website that gave you the cookie. This cookie will tell on you (like an annoying brother), what you’ve been doing, which sites have you been visiting, etc. Your information, along with the information of many others (in the thousands or even millions) will be analyzed and used – sometimes even sold- mainly for marketing purposes; personalizing the ads you see in a webpage, for example.

Facebook uses tracking cookies, in case you were wondering.

Although this is not harmful to you or your computer, you might not want to share your information with everybody. Most legitimate sites will let you opt-out being tracked and most popular web browsers have an option to send websites a “Do not track” request. However, this does not work at 100%, because some sites simply ignore your “do-not-track-me” request.

In conclusion, cookies are useful and harmless in the good hands, but in the wrong hands they could turn their back on you.

Minimizing Risks

If order to minimize the risks cookies might represent you SHOULD always have an antivirus or malware scanner up to date and regularly analyze your computer. A malware scanner should be able to detect if a cookie has information of a malicious site. I recommend MalwareBytes.

Also, you can delete the cookies from your web browser manually or configure the browser to delete cookies every time you close the web browser.

Keep in mind that if you delete the cookies, you’ll lose some of the cool personalized stuff some websites are able to show you thanks to them. So, there’s an alternate way: The EFF Privacy Badger. The EFF Privacy badger is a web browser extension (Chrome and Firefox) able to recognize which type of cookies (and spy ads) are in a website.

When you visit a site, this extension will allow the good cookies and block the bad ones (trackers and/or related to potential harmful sites). The picture below shows a visit to CNN where the Privacy Badger blocked a tracker (in red).

badger

Thanks for reading!

Advertisements

Configuring a NTP server in different Linux distributions

To configure a Linux computer as a basic NTP server, we need to go through the following steps:

Installing the NTP package

For CentOs, RedHat and Fedora distributions
yum install ntp

For Ubuntu and Debian distributions
apt-get install ntp
or
sudo apt-get install ntp

Configuring the NTP service

With your favorite text editor open the file /etc/ntp.conf to perform the following:

Specifying OUR external server for time synchronization

Our Time source (or sources) are specified in the lines starting with server. These are the servers to which our local server synchronizes. Here is an example:

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

Default server addresses vary according to the Linux distribution. You can use the default ones or specify the NTP server of your preference.  It is recommended to use the servers for your country or region specified in pool.ntp.org Server link: http://support.ntp.org/bin/view/Servers/NTPPoolServers.

It is recommended than more than one ntp server is present for redundancy in case one of the servers fail.

You might have noticed the word iburst in every line. The iburst option reduces the time in the initial synchronization and it is the default option.

The specified servers are used in a round-robin fashion. If you wish you to use one server above others, add the options prefer at the end of the server line like this:

server 0.centos.pool.ntp.org prefer

Allow clients restricted time synchronization with our time server

If  you want to allow any client to synchronize to your NTP server just add the line

restrict default kod nomodify notrap nopeer noquery

  • default: every client
  • kod: if access is denied, send a “kiss of death” packet. It’s used to prevent abuse of the server. See more here.
  • nomodify: client can not modify the server
  • notrap: prevents ntpdc control message protocol traps
  • nopeer: deny packets trying to establish a peer association
  • noquery: clients can not query status information from our server (like our Operating System or NTP server version); however, they can still get time sync from our NTP server. If you want to block time synchronization you should add the option noserve.

Allow localhost IP to perform any function in the NTP server

The localhost ip 127.0.0.1 is often used for administrative functions; hence, to bypass the “default” restrict policy, add:

restrict 127.0.0.1
restrict ::1

The above lines give the localhost IP address unrestricted access to the NTP server operations.

Specifying the Location of the Drift File

The driftfile keeps track of clock deviations.

driftfile /var/lib/ntp/ntp.drift

That’s pretty much it for a basic configuration, but let’s just add some extra features for security. (This post doesn’t cover advanced security options like authentication).

Allow only specific clients to synchronize with our NTP server

If you added the noserve option in the restrict default line you might want to add specif hosts or networks which will be allowed to synchronize with your server. They usually are hosts or networks in your LAN, or otherwise known devices. For example:

If you want to allow the network 10.10.10.0/24 to query your NTP server add the following line:

restrict 10.10.10.0 mask 255.255.255.0 nomodify notrap nopeer 

If you want to allow the specific host 10.10.10.2 to query your NTP server add the following line:

restrict 10.10.10.2 nomodify notrap nopeer                -> mask 255.255.255.255 is assumed

That network and that host would be able to query your server for time sync and get status information from your server.

Using Local Clock as Backup

In case your server loses access to the Internet, it’s a good idea to failover to the server internal clock.

server 127.127.1.0                                   -> NTP server’s own pseudo address
fudge 127.127.1.0 stratum 12

Use stratum 10 to 15 so it’s never used unless no external server is reachable.

Configuring Logging Parameters

Specify a file path for the logs, although no mandatory it is very useful for debugging:

logfile /var/log/ntp.log

 

A complete basic /etc/ntp.conf should look like this (As you can imagine the -6 lines, are intended for IPv6 protocol) :


 

server 127.127.1.0                                  
fudge 127.127.1.0 stratum 12               

server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1

driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log


 

Starting the NTP Service

For  CentOs and RHEL/RedHat  distributions
/etc/init.d/ntpd start
or
service ntpd start

For Debian and Ubuntu  distributions (notice there’s a d missing)
/etc/init.d/ntp start
or
service ntp start

For Fedora and CentOS/Redhat/RHEL 7 distributions
 systemctl start ntpd.service

The system will start synchronizing.

Verifying the NTP operation

Enter the command:
# ntpq -p

And you’ll see an output similar as the follow:

ntpq

Values will be moving through time. The entry marked with the * is the server currently in use. If you see errors or no server association in a few minutes, probably the NTP service has not started. Review the log file to obtain more information.

Sync the local clock with the external NTP server for the first time

Issue the following command:
ntpdate –u 18.26.4.105                        -> or any server your NTP server is syncing to

Make the NTP service start when the computer boots

To add the ntp service to the list of daemons which start at startup:

For  CentOs and RHEL/RedHat  distributions
chkconfig ntpd on 

For Debian and Ubuntu  distributions (notice there’s a d missing)
systemctl enable ntp.service
o for Debian Jessie (Debian 8)
systemctl enable ntp

For Fedora and CentOS/Redhat/RHEL 7 distributions
systemctl enable ntpd

 

Configuring Linux NTP client in different distributions

To configure a Linux computer as a basic NTP client, we need to go through the following steps:

Installing the NTP package

For CentOs, RedHat and Fedora distributions
yum install ntp

For Ubuntu and Debian distributions
apt-get install ntp
or
sudo apt-get install ntp

Configuring the NTP service

With your favorite text editor, make sure these lines are present in the file /etc/ntp.conf

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

It is also wise to make sure the log file is established:

logfile /var/log/ntp.log

Server addresses vary according to the Linux distribution. You can use the default ones or specify your own time server or a public NTP server of your preference.  You can find a list of public ntp servers in this link: http://support.ntp.org/bin/view/Servers/NTPPoolServers.

It is recommended than more than one ntp server is present for redundancy in case one of the servers fail.

You might have noticed the word iburst in every line. The iburst option reduces the time in the initial synchronization and it is the default option.

The specified servers are used in a round-robin fashion. If you wish you to use one server above others, add the options prefer at the end of the server line like this:

server 0.centos.pool.ntp.org prefer

Starting the NTP Service

For  CentOs and RHEL/RedHat  distributions
/etc/init.d/ntpd start
or
service ntpd start

For Debian and Ubuntu  distributions (notice there’s a d missing)
/etc/init.d/ntp start
or
service ntp start

For Fedora and CentOS/Redhat/RHEL 7 distributions
 systemctl start ntpd.service

The system will start synchronizing.

Verifying the NTP operation

Enter the command:
# ntpq -p

And you’ll see an output similar as the follow:

ntpq

Values will be moving through time. The entry marked with the * is the server currently in use. If you see errors or no server association in a few minutes, probably the NTP service has not started. Review the log file to obtain more information.

Sync the local clock with the NTP server for the first time

Issue the following command:
ntpdate –u 18.26.4.105                        -> or any server your computer is syncing to

Make the NTP service start when the computer boots

To add the ntp service to the list of daemons which start at startup:

For  CentOs and RHEL/RedHat  distributions
chkconfig ntpd on 

For Debian and Ubuntu  distributions (notice there’s a d missing)
systemctl enable ntp.service
o for Debian Jessie (Debian 8)
systemctl enable ntp

For Fedora and CentOS/Redhat/RHEL 7 distributions
systemctl enable ntpd

I know, I know, I wish everybody could standardize. Feel free to comment with any possible correction or suggestions to this post.

Configuring NTP client on a Cisco Catalyst Switch

NTP (Network Time Protocol) is a protocol used for clock synchronization among different devices. Enabling NTP in your network devices will cause that they all have the same time so operations flow smoothly and log analysis can be actually useful. I can’t stress enough how important it is.

So, let’s configure the NTP on a standard Cisco Catalyst Switch so the switch can synchronize to a NTP Server. The procedure below is a BASIC NTP configuration for a Cisco Catalyst switch but it can be used also in older routers (No ASR or Nexus, where the config is slightly different). We’ll discuss advanced NTP topics in further posts.

Before starting the configuration, you need a Time Server already up and running, which it can be your own server or a free public one. You can find a list of public ntp servers in this link:

Configuring the NTP association

switch#config terminal
switch(config)# ntp server ip_address_of_ntp_server

and optionally if you want logs about the NTP operation (e.g.,failed to reach the time server)

switch(config)# ntp logging
switch(config)#end

Save your changes

switch#copy running-config startup-config

Now, when you see your configuration you will notice something like this

switch#show running-config | incl ntp
ntp logging
ntp server x.x.x.x
ntp clock-period some_numeric_value    

The value is automatically calculated by the switch to compensate the time differences between the ntp client and the ntp server. Do not remove or modify this line.

Note: For redundancy, it’s best to specify more than one ntp server. In the scenario that the first NTP server fails our can’t be reached, your devices would get clock sync from the next server. To accomplish this, simply add another line like this.

switch(config)# ntp server ip_address_of_ntp_server1
switch(config)# ntp server ip_address_of_ntp_server2

And that’s it.

Verifying the NTP association is working

To verify your device it’s connected properly to the time server, use the following command:

switch#show ntp status

You should see an output like this:

Clock is synchronized, stratum number, reference is ip_address_of_ntp_server
and more information about the clock offset and the precision of the sync.

You’re all set! Good luck.

uBlock Origin Change of Permissions

So you started up your (always awful) Monday with this Chrome warning and you’re panicking because your trusted extension uBlock which is supposed to protect you from evil (ads) is turning into the Devil himself.

ublock

Read and CHANGE my data? Change my privacy settings? Hell no!

Well, it turns out that it kind of always has been this way and it’s needed for the reasons cited in this link here: https://github.com/gorhill/uBlock/wiki/About-the-required-permissions

But if you need the recap (TL;DR):

uBlock, and other ad-blockers need to read your data so

  • They can cancel requests to the network (like the ads, right?)
  • To block popups
  • To disable the “quick loading of web pages”.. wait what? yes, so no connections are opened to unwanted sites. So, this is for your own good.

In conclusion: It’s safe, it’s normal and just click re-enable 🙂

Good day!

Telling Firefox to Never Remember History or Clearing it on Exit

1. Click the menu button New Fx Menu and click over Options.

firop

2. Click on Privacy on the left panel. Select Firefox will: to Never Remember History or if you want to be Granular Use custom settings for history.

customhistory383. If you opted for Use custom settings for history click the box for Clear history when Firefox closes.
clear history auto fx38
  • To specify what types of history should be cleared, click the Settings button next to Clear history when Firefox closes.
  • In the Settings for Clearing History window, check the items that you want to have cleared automatically each time you quit Firefox.
    history fx38
  • After selecting your options, click OK to close this Window.
  • Close the Options tab in the browser, marked as: about:preferences page.

Removing your Internet History from almost everywhere

For any reason you want to remove your Internet activities and thus hide them from your spouse, boss, potential employer or another entity, here are some tips and directions:

Deleting your Internet History from your Browser 

Google Chrome

  1. Locate the Chrome Control Center upper right corner of the browser. You should see a symbol with some horizontal lines

g1

2. Click on History as the Figure below shows:

g2

3. Your browser Internet history will appear. Click on the button “Clear browsing data”

g3

4. In the next window you can select which elements to delete and the time range. If you want to delete only your history, check only the first 2 options. If you check Passwords, for instance, all the passwords previously saved in your favorite websites will be removed.

g4

5. Click on Clear browsing data again.

6. Excellent job!

Note: Chrome lacks the feature to remove history on exit, but there are several extensions you can integrate to the browser to accomplish that function.

Firefox

  1. In the upper right corner of the Firefox Window locate a symbol with some horizontal lines.
  2. Click on it and the windows below will appear.
  3. Cllick on the History symbol

f2

After you’ve clicked the History option. The following window will appear:

4. Click on “Clear Recent History”

f3

That option will take you to the next window.

  • Here you can delete ALL your history (Everything) or just the last few hours or the last day, as well as select WHICH elements you want to delete, not just History but Cookies and Cache, Form-saved fields, etc.

f4

5. Click on Clear Now and You’re Done!.

In Firefox you also have the option to delete the history while closing the browser.  For more detailed instructions click on this post.

Internet Explorer

Are you kidding? Use another browser.


Automatic Tools

If you use more than one browser it makes sense not to want to do this individually. Worry not, there are apps for that (well, actually computer programs)

You might want to check:

Both programs would let you not only to delete your internet history (and related content), but empty your Trash Bin, delete the lists of the files you’ve recently used on Windows (MRU), among other advanced features.

Also, if you don’t want your browser to store any History information anymore you could always use incognito mode.

Removing your Google Internet Search History 

Ok, now you’re computer is rid of your whole internet activities. That doesn’t mean your activity on the sites you’ve visited is gone. Don’t worry, most sites would delete that info after a while (sometimes they have to store that info for legal/law issues), but what about what you’ve searched on Google? Yeah, you want that gone too, you want that gone now!

Well, I was going to take some screenshots but Google Help has this documented nicely. Just click here to get directions on how to remove your Google History from your Computer or Smartphone. Also (like myself) to disable the History records.

Going Anonymous

If for some legitimate or paranoid reasons you wish to go anonymous on the Internet, you can use Tor, an anonymity browser which doesn’t store anything on the browser and which doesn’t let the sites know your real IP. Covering Tor, its capabilities, disadvantages and potential legal issues, is quite extensive for this post.

Good luck!