Don’t Give Away Historic Details About Yourself

  • Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as :undefined:“:undefined:What was your first job,:undefined:”:undefined: or :undefined:“:undefined:What was your first car?:undefined:”:undefined: The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to :undefined:“:undefined:secret questions:undefined:”:undefined: that can be used to unlock access to a host of your online identities and accounts.

    I:undefined:’:undefined:m willing to bet that a good percentage of regular readers here would never respond :undefined:—:undefined: honestly or otherwise :undefined:—:undefined: to such questionnaires (except perhaps to chide others for responding). But I thought it was worth mentioning because certain social networks :undefined:—:undefined: particularlyFacebook :undefined:—:undefined: seem positively overrun with these data-harvesting schemes. What:undefined:’:undefined:s more, I:undefined:’:undefined:m constantly asking friends and family members to stop participating in these quizzes and to stop urging their contacts to do the same.

    On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.

    Consider, for example, the following quiz posted to Facebook bySan Benito Tire Pros, a tire and auto repair shop in California. It asks Facebook users, :undefined:“:undefined:What car did you learn to drive stick shift on?:undefined:”:undefined:

    I hope this is painfully obvious, but for many people the answer will be the same as to the question, :undefined:“:undefined:What was the make and model of your first car?:undefined:”:undefined:, which is one of several :undefined:“:undefined:secret questions:undefined:”:undefined: most commonly used by banks and other companies to let customers reset their passwords or gain access to the account without knowing the password.

    This simple one-question quiz has been shared more than 250 times on Facebook since it was posted a week ago. Thousands of Facebook users responded in earnest, and in so doing linked their profile to the answer.

    Probably the most well-known and common secret question, :undefined:“:undefined:what was the name of your first pet,:undefined:”:undefined: comes up in a number of Facebook quizzes that, incredibly, thousands of people answer willingly and (apparently) truthfully. When I saw this one I was reminded ofthis hilarious 2007 Daily Show interview whereinJon Stewart has Microsoft co-founderBill Gates on and tries to slyly ask him the name of his first pet.

    Almost 5,000 Facebook users answered this common password reset secret question. asked a variation on this same question of their huge Facebook following and received an impressive number of responses:

    Here:undefined:’:undefined:s a great one, an e-commerce site in the United Kingdom. It asks users to publicly state the answer to yet another common secret question: :undefined:“:undefined:What street did you grow up on?:undefined:”:undefined:

    More than 500 Facebook users have shared this quiz with their network, and hundreds more shared the answer using their real names and links to their profiles.

    This question, from the Facebook account :undefined:—:undefined: a site for owners of recreational vehicles :undefined:—:undefined: asks: :undefined:“:undefined:What was your first job?:undefined:”:undefined: How the answer to this question might possibly relate to RV camping is beyond me, but that didn:undefined:’:undefined:t stop people from responding.

    The question, :undefined:“:undefined:What was your high school mascot:undefined:”:undefined: is another common secret question, and yet you can find this one floating around lots of Facebook profiles:

    Among the most common secret questions is, :undefined:“:undefined:Where did you meet your spouse or partner?:undefined:”:undefined: Loads of people like to share this information online as well, it seems:

    This common secret question has been shared on Facebook almost 10,000 times and has garnered more than 2,300 responses.

    Here:undefined:’:undefined:s another gem from the Womenworking Facebook page. Who hasn:undefined:’:undefined:t had to use the next secret question at some point? Answering this truthfully :undefined:—:undefined: in a Facebook quiz or on your profile somewhere :undefined:—:undefined: is a bad idea.

    Incredibly, 6,800 Facebook users answered this question.

    Do you remember your first grade teacher:undefined:’:undefined:s name? Don:undefined:’:undefined:t worry, if you forget it after answering this question, Facebook will remember it for you:

    I:undefined:’:undefined:ve never seen a :undefined:“:undefined:what was the first concert you ever saw:undefined:”:undefined: secret question, but it is unique as secret questions go and I wouldn:undefined:’:undefined:t be surprised if some companies use this one. :undefined:“:undefined:What is your favorite band?:undefined:”:undefined: is definitely a common secret question, however:

    Giving away information about yourself, your likes and preferences, etc., can lead to all kinds of unexpected consequences. This practice may even help turn the tide of elections. Just takethe ongoing scandal involving Cambridge Analytica, which reportedly collected data on more than 50 million Facebook users without their consent and then used this information to build behavioral models to target potential voters in various political campaigns.

    I hope readers don:undefined:’:undefined:t interpret this story as KrebsOnSecurity endorsing secret questions as a valid form of authentication. In fact, I haverailed against this practice for years, precisely because the answers often are so easily found using online services and social media profiles.

    But if you must patronize a company or service that forces you to select secret questions, I think it:undefined:’:undefined:s a really good idea not to answer them truthfully. Just make sure you have a method for remembering your phony answer, in case you forget the lie somewhere down the road.

    Many thanks to RonM for assistance with this post.

  • Make ISO from DVD

    In this case I had an OS install disk which was required to be on a virtual node with no optical drive, so I needed to transfer an image to the server to create a VM

    Find out which device the DVD is:



    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 465.8G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 464.8G 0 part ├─centos-root 253:0 0 50G 0 lvm / ├─centos-swap 253:1 0 11.8G 0 lvm [SWAP] └─centos-home 253:2 0 403G 0 lvm /home sdb 8:16 1 14.5G 0 disk /mnt sr0 11:0 1 4.1G 0 rom /run/media/rick/CCSA_X64FRE_EN-US_DV5

    Therefore /dev/sr0 is the location , or disk to be made into an ISO

    I prefer simplicity, and sometimes deal with the fallout after the fact, however Ive repeated this countless times with success.

    dd if=/dev/sr0 of=win10.iso

    Where if=Input file and of=output file

    I chill out and do something else while the image is being copied/created, and the final output:

    8555456+0 records in 8555456+0 records out 4380393472 bytes (4.4 GB) copied, 331.937 s, 13.2 MB/s


    read more
  • Recreate postrgresql database template encode to ASCII

    UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';

    Now we can drop it:

    DROP DATABASE template1;

    Create database from template0, with a new default encoding:

    CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE'; UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1'; \c template1 VACUUM FREEZE;

    read more