security Archives • Linux Tips

How To: Cancel Your LastPass Account

This is just a PSA type of article, about how to cancel your LastPass account. Below are the reasons why you might want to cancel your LastPass account and how you can go about actually canceling that account.

Below is a copy of a recent email from LastPass:

Dear LastPass Customer, 
We recently notified you that an unauthorized party was able to gain access to a third-party cloud-based storage service which is used by LastPass to store backups. Earlier today, we posted an update to our blog with important information about our ongoing investigation. This update includes details regarding our findings to date, recommended actions for our customers, as well as the actions we are currently taking.
We thank you for your patience and continued support of LastPass.
The Team at LastPass

Click the link in the quoted text for more information.

I can no longer trust LastPass with my passwords and wanted to quit their services, closing my account. The only link I could easily find was at the bottom of their email – and that would simply unsubscribe you from their email list.

With the help of @Condobloke on Linux.org, I was eventually able to find how to close my LastPass account (so I’m told by LastPass). When closing my account, they asked for a reason. The reason I gave was:

I no longer have faith in your security

For the record, I had never used LastPass for anything. I had just signed up for an account. I never actually used the extension or their services.

Cancel Your LastPass Account:

The first link you’ll see is in their email, and all that option does is remove you from their mailing list. You’re ONLY unsubscribing to their email list, not actually removing your account.

That’s this link:

http://417-klk-478.mktoweb.com/lp/logmeintransact/UnsubscribePage.html?mkt_unsubscribe=1

Link left plain on purpose. That link will ONLY remove you from their mailing list. It will not delete your account. So, I recommend deleting your account before removing yourself from the mailing list.

To delete your account, you need a link provided by @Condobloke:

https://lastpass.com/delete_account.php

Again, the link is left plain on purpose. That link will only get you started.

When you have logged in and clicked the button to remove your account, your account is still not deleted. You need to check your email and they send you an additional link. You can use that link to remove your account, remembering to confirm it when they ask time and time again.

When they ask you for a reason as to why you’re removing your account, you might want to tell them that it’s because you can no longer trust their security. They had the chance to be secure and failed. They might be making the ‘right steps’ now, but those steps should have been made before now.

What You Can Do:

If you’re going to use a password manager, you are better off getting one where you control the data. That means you want an ‘offline password manager’ that’s free and (hopefully) open source (so it can be audited, if need be).

I do not have enough experience with offline password managers to make a recommendation. I also am not going to be the one to suggest a specific product only to find out I sent you barking up the wrong tree. So, my suggestion is that you use your favorite search engine and look up ‘offline password manager’. Then, pick what you think works best for you.

I’ve done some looking and this article looks solid. I make no recommendations based on that link, it just looks pretty thorough to me. The article may contain errors and I’m not responsible for that, as I lack the time to dig deeper into this due to a rather impressive winter storm.

Good luck and do due diligence before deciding on a specific offline password manager platform. Read reviews, check security history, make sure it’s easy enough for you to use, and make sure it works with the software you intend it to work with.

Closure:

Well, I don’t use the ‘News’ category often, but this seemed like an important article to get out there. It’s time sensitive so it’s not going to be scheduled for publication, it’ll be published as soon as I’m done proofreading it.

Stay safe out there. Remember, “Practice safe hex!”

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

EDIT: Fixed a typo.

Smash a button!

[Total: 3 Average: 5]

Show Failed SSH Login Attempts

Today’s article is pretty straightforward, I’m going to show you how to show failed SSH login attempts. It should be a pretty short article, as I’m just going to show you two ways for a couple of system types. This is Linux, so there are certainly more ways to go about it, but I’ll show you a couple of them.

Yes, I’ve written about SSH a great deal. It is, in my opinion, one of the greatest remote administration tools ever conceived. But, attackers know this and any public-facing computer, with an IP address that can be reached externally, will be subject to port scanning and intrusion attempts.

I’ve written some SSH security articles, but one of the best things you can do is change the port that SSH uses. This will stop a bunch of malicious intrusion attempts. However, smart hackers will quickly scan for open ports with automated tools. Some of them will inevitably find your SSH port.

These people will then try to login. Securing your SSH is pretty important. I’ve written a few articles, so here’s a search of SSH-related articles previously published. Feel free to browse them at your leisure. I really need to do an article about Fail2Ban, but I haven’t gotten that far yet. One of these days!

So, like I said, you can show failed SSH login attempts. One of the things you can do with this information is scan for commonalities. You can also check to see if the hackers are using a username that already exists. If they’re using a username that already exists, it could be coincidental or it could mean they already have some insider information.

Well then, let’s jump into the article…

Show Failed SSH Login Attempts:

Like oh so many of my articles, and this one involving SSH, you’re going to want an open terminal for this. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

By the way, if you’re this far into the article and don’t know what SSH, it’s ‘secure shell’ and a way to remotely connect to another computer. Basically, you login to a remote computer and then you’re using the remote computer’s terminal. However, you can do so with graphics, you just need to forward x11.

So, it’s a pretty useful tool. I use SSH often, even in my own home. What? It’s faster than walking to another room, and I often test things remotely. SSH makes perfect sense for this sort of stuff.

With your terminal freshly open and properly logged into the remote computer, you can show failed SSH login attempts pretty easily. Like I said, I’ll show you a couple of ways. The first is pretty universal and should work with all but a couple distros:

grep "Failed password" /var/log/auth.log

1	grep "Failed password" /var/log/auth.log

RHEL and CentOS (Fedora too? I have not tested.) may store the data elsewhere, so you can try this command to show failed SSH login attempts:

grep "Failed" /var/log/secure

1	grep "Failed" /var/log/secure

If you have failed SSH login attempts, one of those two commands should show you them. If the first doesn’t work, and you know you have failed attempts, try the second one. The logs are usually stored (as far as I know) in either of those two locations.

Closure:

See? It’s a nice and short article today, just like I said it would be. This time around, we’ve learned how to show failed SSH login attempts. Even if you’re using Fail2Ban and mandating certificate login, it’s always good to check to see what the bad guys are up to.

Smash a button!

[Total: 6 Average: 4.8]

Disallow SSH Login For A Specific User

In today’s article, we’re going to learn how to disallow SSH login for a specific user. The reasons you might want to do this should be obvious, so that’ll save some time! Read on to learn how!

I’ve covered SSH in many articles. If you search for “SSH”, you’ll find a bunch of articles covering the subject. I’m not sure why there are so many, but there are. I seem to have a lot of notes on the subject.

Here, this link will help you search for SSH articles.

SSH is “Secure Shell”, a method to login to remote computers so that you can manage them without being their physically. It’s used by systems administrators regularly, without ever needing a GUI to manage their Linux systems.

It’s also used by people like me, too lazy to walk to the other side of the room. I’m literally using SSH to manage stuff on my laptop from here on this desktop as I write this. On top of that, while not logged in right now, I was using SSH to manage a VPS earlier today.

So, SSH isn’t just for professional system administrators and, if you use SSH at home, you might as well know how to secure it. This article will help you secure your system – by learning how to disallow SSH login for a specific user.

Disallow SSH Login For A Specific User:

This article requires an open terminal on (and connection to) the computer you wish to change. That may require you to login to that computer remotely. If you’re on a local device and you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open. Otherwise, SSH into it like a boss.

With your terminal/connection now open, enter the following command:

sudo nano /etc/ssh/sshd_config

1	sudo nano /etc/ssh/sshd_config

Find a place to make a new line and enter the following with some care:

DenyUsers          <username>

1	DenyUsers <username>

Now, this one is a bit picky. Obviously, you substitute <username> with the real name – but in between “DenyUsers” and the username you absolutely MUST press the TAB key. If you try to just use spaces, it will not work! You MUST use the TAB key which will appear to insert spaces for you!

Assuming you’ve done everything correctly, you’ll need to restart SSH for the changes to take effect. You can do that with this command:

sudo systemctl restart ssh

1	sudo systemctl restart ssh

If you were logged into a remote system to make the changes on that system, the above command is gonna log you out and you’ll need to login again. You knew that, but I figure I’ll mention it.

Hmm… If you’re a barbarian that doesn’t use systemd, try this:

sudo service ssh restart

1	sudo service ssh restart

When SSH restarts, the prohibited user will get a “Permission Denied” message when they try to login. Ha! That’ll teach Jerry in accounting from thinking he’s a system admin!

Closure:

Whelp… You have another article. This one has shown you how to disable SSH login for a specific user (Jerry in accounting, who had no business accessing the server anyhow). You’re welcome!

Smash a button!

[Total: 3 Average: 5]

Bonus Article: KGIII Rants A Little About Security

The below ‘article’ is a rant about security – except it was written while really, really intoxicated. It’s not very good. I can’t even clean it up to make it good – but it does have some good bits scattered throughout and I’m just going to publish this as a ‘BONUS ARTICLE‘.

Note: I may someday break this article down into bits and pieces, which is the only way I can think of to make it worth reading. At this point, I just don’t want the time to be wasted, so it might as well get published.

After trying to edit it, again while inebriated, I am not sure I can turn this into an article… I’m a bit inebriated. It’s perfectly legal here. I think I can… It’ll need to be pretty simple.

Let’s talk some basics about security!

You know what I get a kick out of? I get a kick out of seeing the people who move to Linux for “privacy reasons”, only to see them log back in to social media/forums to show that they have now moved to Linux.

They’ll login to accounts where they left plenty of personal information.

I’m not sure who they think they’re hiding from, but it’s not good privacy and they’re hiding from nobody important.

Real privacy is difficult, possibly next to impossible.

Seriously… Even the vaunted Tor is generally only as safe as you are smart, and then only on .onion domains. Once you hit the regular web, you’re probably not safe from a nation-state. Here are some theoretical attacks against Tor.

Realistically? How much privacy do you need or want? As you can guess, it’s a spectrum and and there are extremes on either end. There are also the law of diminishing returns on either end of the spectrum.

By the way, privacy is not security. Privacy is just one aspect of security.

So then, what is security?

Let’s start with the basics. For at least ‘good’ physical security, it should be ‘who you are’, ‘something you have’, and ‘something you know’.

For example, the security guard should check your ID to ensure who you are. The ID is something you have. The something you know is a password, a PIN, or a passphrase. That’s the least amount of security you can physically have to be any good.

Then, there are things you can do to improve it, for example. You can make it a rotating passphrase, make the guards work in pairs, require confirmation from someone proven to be in the building at the time, etc… You can do a layered approach where they may need all three of those things to enter yet another section and incorporate a man-trap between them.

Of course, on the other end of the spectrum is anyone and anything gets in and out. We tend to call those public spaces, when anyone can get in and out. As a general rule, you lose some rights to be in the public spaces – among those rights would be some degree of privacy (which will vary per jurisdiction). That’s pretty damned insecure. As far as security (and privacy goes) that’s the opposite.

So, again, there’s this giant spectrum of security. Where you want to be on that line is up to you. I find it’s a judgement call. We’re even willing to give up some privacy to be recognizable on a forum. Some of that lack of privacy is what keeps the forum secure and running smoothly. We give that privacy up because we get something in exchange.

At the same time, we might not want Google knowing everything we’re up to. We may be some dissident trying to reach a journalist to expose human rights violations and be under legitimate threat of death – or worse than death. We all make judgement calls about how much of our information we’re going to share.

And, really, unless you’re at the extremes, life is pretty good. It’s pretty easy to retain a little bit of privacy while participating in an online community. It’s less easy to do so with a typical Facebook account. where you are in some way connected to a more physical you.

Me? Oh, come on… I’ve long-since eaten the Google kool-aid. The ads here are from Google. I use their Analytics to better optimize the site, and all that – and more. Hell, I use Google Chrome and I’m logged in as the same user that does all those other things. I don’t use Gmail very often, so there’s that. I only use one of their accounts and that’s just to service my phone. But, that too is tied to all things Google.

The thing is, I know this. I know the privacy I give away. I made an informed decision to cede that privacy for those benefits. For me, the risks outweigh the benefits and I have a level of trust for Google.

That’s the right choice – for me. Y’all make your own choices. If you don’t know how to block Analytics (or ads), just go ahead and ask. Just because I use those things doesn’t mean you need to. You’re perfectly free to block anything you want. You’ll still show up and be counted in the raw server logs. I’ll still be able to see what you did on the site. (Don’t worry, I don’t much care – unless you’re harming the site. The site’s security automatically blocks hundreds of requests per day.) But, yeah, I could see your IP address.

Oh, man… Oh no!!! Your IP address?!?

And the things people think about their IP address, as though it’s some great secret. If you really care, use a VPN – but learn what a VPN actually is before buying into the hype. They tout it as some great security (and it actually can be, but not how you’re using it) but it’s not really. Especially if you’re logging into sites like the video site you’re unlocking!

By the way, it’s ‘security’ when you connect to a VPN ’cause a web access point is locked down so that it only takes inputs from one IP address. That’s not how you’re gonna be using your VPN. (Well, you might, if you keep reading these articles.)

No, your IP address isn’t important. There’s no l337 hacker out there that’s just waiting to learn your IP address before he dusts the Cheetos off his shirt and gets to work hacking you. It’s just bots scanning bots at this point and you’re behind a NAT anyhow. Keep your stuff secure, mostly by keeping it off the public internet.

Ah, yes… The MAC address people…

No, you don’t need to change your MAC. The only reason you’d want to do so would be for something local. It’s not hiding you from Google, ’cause it’s only seen at the very first hop in network traffic. Once the packet is beyond that point, it uses its own MAC address. While changing your MAC address is a useful skill (for local “Spoofing” purposes), it’s not gonna make you appear any different to the rest of the web.

Lemme see…

More security stuff to spew out onto the page?

I’ve been known to say, “Security is a process, not an application.” I’m probably not the first to express it similarly, but it doesn’t make it any less true. It is indeed a process. It starts best with a good plan and deciding where on the spectrum you’d like to be. Be sure to compare that with where on the spectrum you need to be to accomplish your computational goals. Somewhere in the middle is probably gonna be the sweet spot for you.

The thing is, you have to know where you can be on the spectrum involved. You have to know what the extremes are. You have to be aware of what techniques are available and what they really do. You need to be aware of what threats there are and what goals you want to accomplish. ‘Cause the only completely secure computer is one that doesn’t work and you might want to be extra sure by burying it in 25 feet of concrete.

Want some privacy? How about blocking third party cookies and scripting. How about you take a look at browser fingerprinting and deciding where you want to be on that spectrum? In pretty much every OS you can block DNS requests by using your hosts file. There are even curated lists that you can download and use.

Alright, I wrote this while impaired. I’ll eventually schedule it or delete it. I’ll probably proofread it, maybe trying to make it salvageable, and the likes.

Meh… After reading this sober, I’m just gonna submit it as a bonus article. It’s not very good. I just barely proofread it and it wasn’t nearly as good as it seemed while drunk!

Smash a button!

[Total: 3 Average: 5]

How To: Remove AppArmor From Ubuntu

In today’s article, we’re going to learn how to remove AppArmor from Ubuntu. This will work for other distros, like Debian. It’s actually not a very difficult task to remove AppArmor from Ubuntu, but it’s not something you necessarily want to do. Just because you can, doesn’t mean you should…

As many of you know, I write many of these articles based on the notes I’ve taken over the years. I’m a little reluctant to write this one, because removing AppArmor is probably not the best of choices.

AppArmor is similar to the various jails and application isolation techniques. It’s a security tool that restricts applications to a constrained set of resources. If the application is then compromised, it only has access to that set of resources and not to the whole system.

In other words, unless you know what you’re doing, you almost certainly don’t want to remove AppArmor from Ubuntu. In fact, if you don’t know what you’re doing then doing this is almost certainly a ‘not-bright’ choice.

If you’re going to remove AppArmor, you should consider replacing it with something else. SELinux is an option that’s similar, though I suppose you could use something like Firejail and be prepared to craft your own application profiles.

Again, removing AppArmor from Ubuntu (or whatever distro you’re using that has it) is probably not a good idea. I include the article because the information is already out there and because some folks may just decide to operate their system without such protections. This is Linux, you have the freedom to make bad choices. This isn’t even the first time I’ve shown you how to make bad choices.

Remove AppArmor From Ubuntu:

Like oh so many of these articles, you’re gonna need an open terminal. Just press CTRL + ALT + T and your default terminal should open. (I say that a whole lot on this site.)

We should first check to ensure AppArmor exists and is running. To do so, enter the following command:

sudo apparmor_status

1	sudo apparmor_status

What you’re looking for is several lines into the output. You’re looking for ‘apparmor module is loaded‘. If you see that, AppArmor both exists and is running. So, the next step in removing AppArmor is to stop the service. You do that with:

sudo systemctl stop apparmor

1	sudo systemctl stop apparmor

In case AppArmor is somehow installed again, we’ll make sure that it won’t start at boot by disabling the service entirely. That seems like a good idea.

sudo systemctl disable apparmor

1	sudo systemctl disable apparmor

Finally, we nuke AppArmor from existence with a purge command:

sudo apt purge apparmor

1	sudo apt purge apparmor

And that should do it. You probably want to reboot, just to make sure there are no tendrils sticking around – but stopping the service first should mean you don’t need to. Either way, you have now removed AppArmor from your system – assuming you followed the directions.

Closure:

Again, and I can’t stress this enough, don’t do this unless you know what you’re doing and unless you have something to replace AppArmor with. It’s really a bad idea and you’ll gain very little. I wouldn’t even do this with a system air-gapped from the network, unless I had a very good reason to do so.

Smash a button!

[Total: 3 Average: 5]