| 13:29 : kushal |
#startclass
|
| 13:29 : |
Roll Call
|
| 13:29 : GeekyShacklebolt |
Shiva Saxena
|
| 13:29 : newrg |
Rajat Gupta
|
| 13:29 : sehenazparvin |
Sehenaz Parvin
|
| 13:30 : sjha2048 |
sahil
|
| 13:30 : RJ722 |
Rahul Jha
|
| 13:30 : kushal |
Kushal Das
|
| 13:30 : prabhu |
Prabhu Sharan Singh
|
| 13:30 : Sarques_ |
Gajendra Saraswat
|
| 13:30 : ankit774 |
Ankit Upadhyay
|
| 13:30 : devesh_verma |
Devesh Verma
|
| 13:30 : sourabhdeshmukh |
sourabh deshmukh
|
| 13:30 : Ved_Sinha |
Ved Sinha
|
| 13:30 : priyankasaggu119 |
Priyanka Saggu
|
| 13:30 : cypher_ |
Naman Sharma
|
| 13:30 : kvy |
romeo, One more thing when kushal say roll call type your full name.
|
| 13:30 : vshuklajr |
Vivek Shukla
|
| 13:30 : sourabh1031 |
Sourabh Pruthi
|
| 13:30 : RatanShreshtha |
Ratan Kulshreshtha
|
| 13:30 : Saksham_19o9 |
Saksham Srivastava
|
| 13:30 : pr97 |
Priyanka Sharma
|
| 13:30 : AdityaPatil |
Aditya Patil
|
| 13:30 : snandi__ |
shamiki nandi
|
| 13:30 : meanjeet |
Manjeet Mehta
|
| 13:30 : Callowidealist |
Jitendra Kumar Tripathi
|
| 13:30 : kvy |
kumar vipin yadav
|
| 13:30 : bhavin192 |
Bhavin Gandhi
|
| 13:30 : prodyte |
pawan
|
| 13:30 : kps |
Karan Pratap
|
| 13:30 : adityad97 |
Aditya Deshpande
|
| 13:30 : AnantaOne1 |
Ananta Anil Shahane
|
| 13:30 : Rakshit__ |
Rakshit Airani
|
| 13:30 : schubisu |
Robin Schubert
|
| 13:30 : fml |
Aranya Sinha
|
| 13:30 : pdas |
Priyam Das
|
| 13:30 : mzeeqazi |
Muhammad Zeeshan Qazi
|
| 13:30 : dharmateja |
C Dharmateja
|
| 13:30 : romeo |
Romeo
|
| 13:30 : akshayg96 |
Akshay Gaikwad
|
| 13:31 : kushal |
Okay.
|
| 13:31 : |
We will start with some amount of review, and then we will get into some interesting new things.
|
| 13:32 : |
Any questions from the homework chapters of LYM.
|
| 13:32 : gutsytechster |
Roll Call: gutsytechster
|
| 13:32 : kushal |
?
|
| 13:32 : jasonbraganza |
Jason Braganza
|
| 13:32 : BhaveshSGupta[m] |
Bhavesh Gupta
|
| 13:32 : ankit774 |
!
|
| 13:32 : gutsytechster |
Roll Call: Prashant Sharma
|
| 13:32 : kushal |
next
|
| 13:32 : championshuttler |
Shivam Singhal
|
| 13:32 : singha2 |
Ashwani singh
|
| 13:32 : storymode_7 |
Mayank Singhal
|
| 13:32 : ankit774 |
what is the use of she-bang?
|
| 13:32 : prokbird |
Roll Call: tabrez khan
|
| 13:32 : NityaNidhi |
Nitya sharma
|
| 13:32 : sehenazparvin |
!
|
| 13:32 : ankit774 |
and what does #! imply?
|
| 13:32 : yolossn |
Santhosh nagaraj
|
| 13:32 : kushal |
ankit774, Have you read https://en.wikipedia.org/wiki/Shebang_(Unix) ?
|
| 13:33 : |
next
|
| 13:33 : sehenazparvin |
kushal, What is a Tar file?
|
| 13:33 : ankit774 |
!
|
| 13:33 : kushal |
sehenazparvin, Have you read this https://en.wikipedia.org/wiki/Tar_(computing) ?
|
| 13:33 : romeo |
kushal, can i ask a question ?
|
| 13:34 : vishalIRC |
Roll call: Vishal Kushwaha
|
| 13:34 : kushal |
romeo, you will have to type ! and then wait for your turn.
|
| 13:34 : |
next
|
| 13:34 : ankit774 |
does the which command kind of gives the pre-processor directive of a command?
|
| 13:34 : romeo |
!
|
| 13:34 : mzeeqazi |
!
|
| 13:34 : yesh |
Roll call:Yesh pareek
|
| 13:34 : soniya29_ |
Roll call:Soniya Vyas
|
| 13:34 : bhavin192 |
sehenazparvin, http://bfy.tw/Il3m
|
| 13:35 : vamshisai |
Roll call: Vamshi Sai Kiran
|
| 13:35 : sehenazparvin |
kushal, Thank you.
|
| 13:35 : kushal |
ankit774, No, it shows the full path of the executable.
|
| 13:35 : pooja |
Roll call:pooja sulakhe
|
| 13:35 : ananyo |
Ananyo Maiti
|
| 13:35 : kushal |
next
|
| 13:35 : ankit774 |
what exactly does executable mean here?
|
| 13:35 : sidntrivedi012 |
Roll Call:Siddhant N Trivedi
|
| 13:36 : romeo |
batul, i am trying to solve a python program of spell checker. how do we compare two strings index by index with different length
|
| 13:36 : sidntrivedi012 |
!
|
| 13:36 : kushal |
romeo, That is off topic for the session, there are many here who can help you with that after the session is over.
|
| 13:36 : |
next
|
| 13:36 : |
ankit774, oh I missed your question.
|
| 13:37 : romeo |
kushal, alright i didn't know the current topic
|
| 13:37 : mzeeqazi |
Kushal, do all linux system follow FHS or there are exceptions
|
| 13:37 : ankit774 |
kushal, what does full path of the executable mean here?
|
| 13:37 : kushal |
ankit774, https://en.wikipedia.org/wiki/Executable
|
| 13:37 : ankit774 |
kushal, thanks
|
| 13:37 : kushal |
ankit774, Full filesystem path, say /usr/bin/bash
|
| 13:38 : |
instead of ./bash
|
| 13:38 : |
mzeeqazi, Mostly yes.
|
| 13:38 : |
next
|
| 13:38 : sidntrivedi012 |
kushal, I couldn't understand the difference between soft links and hard links
|
| 13:38 : kushal |
sidntrivedi012, we will try to explain after the session.
|
| 13:38 : |
next
|
| 13:38 : |
Any other questions?
|
| 13:39 : ananyo |
!
|
| 13:39 : VirtualRcoder |
Roll call: Shubham Sharma
|
| 13:39 : kushal |
next
|
| 13:40 : sourabh1031 |
!
|
| 13:40 : gozmit |
Roll call: Mayank
|
| 13:40 : ananyo |
In chmod command what dies the 3rd digit indicate?
|
| 13:40 : kushal |
ananyo, example?
|
| 13:40 : kvy |
!
|
| 13:40 : ananyo |
Like chmod 777 file.txt
|
| 13:41 : Sarques_ |
ananyo rwx, x is for executable permission
|
| 13:41 : ananyo |
First 2 is for user and group
|
| 13:41 : jasonbraganza |
ananyo, third is others/world
|
| 13:41 : ananyo |
What is thr third for ?
|
| 13:41 : Sarques_ |
oops!
|
| 13:41 : ananyo |
Ok what does others/world mean?
|
| 13:42 : jasonbraganza |
ananyo, after session?
|
| 13:42 : ananyo |
Ok sure
|
| 13:42 : Rakshit__ |
those number the octal base system representation of the files attributes (like if it is executable or not)
|
| 13:42 : sidntrivedi012 |
!
|
| 13:42 : kushal |
ananyo, any user who is not the owner nor in the same owner group.
|
| 13:42 : |
next
|
| 13:42 : sourabh1031 |
Is root directory different for different users ?
|
| 13:42 : kushal |
sourabh1031, no, / is the root directory
|
| 13:43 : |
The home directory is different
|
| 13:43 : |
next
|
| 13:43 : kvy |
kushal , why I can't able to make hard link of a directorys ?
|
| 13:44 : sourabh1031 |
Kushal Then guest users can also make changes to root directory
|
| 13:44 : kushal |
kvy, Have you typed the same in duckduckgo.com?
|
| 13:44 : kvy |
kushal, this time i don't do so.
|
| 13:44 : kushal |
sourabh1031, no one other than root can make changes to that? They need to be either root or with root access.
|
| 13:45 : |
next
|
| 13:45 : sidntrivedi012 |
I am extracting a tar.gz file using tar -xzvf but it is showing: error 1: command not found in command substitution called on standard input . but i think that the command is correct.
|
| 13:45 : kushal |
kvy, do that, first answer :)
|
| 13:45 : kvy |
ok , I will be back after searching.
|
| 13:45 : kushal |
sidntrivedi012, can you please paste the full command the error log in paste.debian.net and show us?
|
| 13:46 : sidntrivedi012 |
ok.but the filename is wordpress-4.9.6(1).tar.gz. and I am using fish and 1 is showing red while the else filename is blue
|
| 13:46 : sourabh1031 |
Kushal is root user password == root password
|
| 13:46 : kushal |
sourabh1031, yes
|
| 13:46 : |
sidntrivedi012, I don't know about fish, but the name should be something like this:
|
| 13:46 : sourabh1031 |
Thanks
|
| 13:47 : kushal |
wordpress-4.9.6\(1\).tar.gz
|
| 13:47 : |
sidntrivedi012, use tab completion
|
| 13:47 : sidntrivedi012 |
kushal, ok.thanks
|
| 13:47 : j605 |
sidntrivedi012: or just use quotes 'wordpress-4.9.6(1).tar.gz
|
| 13:47 : |
'
|
| 13:48 : sidntrivedi012 |
j605, okay.
|
| 13:48 : kushal |
next
|
| 13:48 : ankit774 |
!
|
| 13:48 : sidntrivedi012 |
j605, yes,the quotes worked.
|
| 13:48 : kushal |
next
|
| 13:49 : sidntrivedi012 |
j605, but why was it so?are filenames to be mentioned in quotes?
|
| 13:49 : ankit774 |
https://paste.debian.net/plain/1030659; see herein, i used chmod with values 600, then why not executable has been added; instead i had to use +x
|
| 13:49 : kushal |
ankit774, 6 == 4 + 2
|
| 13:50 : |
ankit774, But, you are missing the 1 for executable :)
|
| 13:50 : j605 |
sidntrivedi012: no, some characters are interpreted by the shell. using single quotes makes it literal
|
| 13:50 : sidntrivedi012 |
kushal, the forward slash method worked too.but I am not able to understand why it worked?
|
| 13:50 : ankit774 |
kushal, sorry, thanks
|
| 13:50 : jasonbraganza |
ankit774, try this http://www.zz9.co.za/chmod-permissions-flags-explained-600-0600-700-777-100-etc/
|
| 13:50 : kushal |
next
|
| 13:50 : ankit774 |
and what about the bad interpreter?
|
| 13:51 : sidntrivedi012 |
j605, oh.thanks.
|
| 13:51 : j605 |
sidntrivedi012: read https://www.gnu.org/software/bash/manual/html_node/Quoting.html
|
| 13:51 : kushal |
ankit774, I am guessing you are using Ubuntu.
|
| 13:51 : ankit774 |
kushal, yes
|
| 13:51 : kushal |
Then the interpreter path should be /bin/bash
|
| 13:52 : ankit774 |
kushal, ok, thanks, will do that
|
| 13:52 : avik |
sidntrivedi012, \ is used to mention special characters (which otherwise shell thinks of them differently), like space in names and brackets
|
| 13:52 : codejacker |
!
|
| 13:53 : kushal |
next
|
| 13:54 : codejacker |
su - command giving authentication failure
|
| 13:54 : |
tried searching they asked to use su -i
|
| 13:54 : kushal |
codejacker, means you are not typing correct root password.
|
| 13:54 : codejacker |
but how do i know my root password
|
| 13:54 : mzeeqazi |
codejacker, have you tried sudo su
|
| 13:55 : codejacker |
nope
|
| 13:55 : bhavin192 |
codejacker, Fedora 28?
|
| 13:55 : kushal |
codejacker, eh, who installed linux on your computer?
|
| 13:55 : codejacker |
kushal,ubuntu
|
| 13:55 : j605 |
mzeeqazi: that is “useless use of cat”
|
| 13:55 : caffeinatednerd |
nickserv prabhu
|
| 13:56 : avik |
unbuntu disables root a/c by default, isn't it?
|
| 13:56 : sk56 |
what is today's topic
|
| 13:56 : |
?
|
| 13:56 : avik |
*Ubuntu
|
| 13:56 : |
codejacker, try sudo -i
|
| 13:57 : rishibit |
!
|
| 13:57 : sjha2048 |
i had to create new password for root account
|
| 13:57 : caffeinatednerd |
nick prabhu
|
| 13:57 : codejacker |
avik, i tried it says invalid option
|
| 13:57 : sourabh1031 |
avik sorry to interrupt but what do you mean by disable
|
| 13:57 : codejacker |
'i'
|
| 13:57 : kushal |
avik, no.
|
| 13:57 : kvy |
codejacker, In ubuntu use sudo only.
|
| 13:58 : romeo |
what is today's topic?
|
| 13:58 : avik |
sourabh1031, they dont give an option to create one while installation
|
| 13:58 : kushal |
romeo, we are right now discussion about hometasks
|
| 13:58 : avik |
much like F28
|
| 13:58 : brute4s99 |
i'm sorry i'm late... did i miss anything important ?
|
| 13:58 : romeo |
ok nick
|
| 13:58 : codejacker |
kvy, but i want to try root
|
| 13:58 : sk56 |
roll call - sunny khandare
|
| 13:59 : kushal |
codejacker, use sudo to become root
|
| 13:59 : avik |
kushal, last time I installed ubuntu on a friends pc, it had no root a/c option! The user I created was in sudoers list by default!
|
| 13:59 : kushal |
codejacker, we can discuss this after the session.
|
| 13:59 : jaydeep_borkar |
roll call - Jaydeep Borkar
|
| 13:59 : sd30 |
Roll call- Shruti Dash
|
| 13:59 : prabhu |
!
|
| 14:00 : jasonbraganza |
codejacker, https://linuxconfig.org/how-to-set-a-root-password-on-ubuntu-18-04-bionic-beaver-linux
|
| 14:00 : kushal |
next
|
| 14:00 : brute4s99 |
are w having QA today too ?
|
| 14:00 : |
we*
|
| 14:00 : rishibit |
Pass
|
| 14:00 : kushal |
after prabhu's question, we will move to new topic.
|
| 14:00 : |
next
|
| 14:00 : sjha2048 |
codejacker, try sudo passwd root, set a new password then try logging in
|
| 14:01 : prabhu |
In the virtual box, I am unable to install the Fedora OS in Dynamic memory but it is installing in static memory. Why?
|
| 14:01 : codejacker |
kushal tried it alone but it gave me options for different command options like whch i can use eg- sudo -h. Which i cn use rather than using sudo alone.
|
| 14:01 : kushal |
prabhu, I don't know the difference, I am guessing you are talking about the static allocation of the storage
|
| 14:01 : prabhu |
Its showing 1023kIb free out of 30 GB I allocated to it
|
| 14:01 : kushal |
I still don't know why.
|
| 14:01 : |
prabhu, you will have to ask in #fedora
|
| 14:02 : prabhu |
okay
|
| 14:02 : kushal |
Okay moving to new topic.
|
| 14:02 : sk56 |
thanqss sir
|
| 14:02 : |
thanks*
|
| 14:03 : kushal |
sk56, what sir?
|
| 14:03 : kvy |
sk56, no sir use nick to call anyone
|
| 14:03 : sk56 |
ohk @kushal
|
| 14:03 : dharmateja |
sk56, no need of `@`
|
| 14:04 : kushal |
From EFF website: Security isn’t about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.
|
| 14:04 : |
Today we will try to learn a few bits about it.
|
| 14:04 : |
I want to ask you 5 questions.
|
| 14:05 : |
Write down the answers in a plain text file (say: threatmodel.txt ) DO NOT SHARE THIS FILE.
|
| 14:05 : |
With anyone.
|
| 14:05 : |
But, this file is for yourself.
|
| 14:06 : |
If I ask you to think about everything you do in your life, and all the important things in you life, and then:
|
| 14:06 : |
What do you want to protect?
|
| 14:06 : |
Who do I want to protect it from?
|
| 14:06 : |
How bad are the consequences if I fail?
|
| 14:06 : |
How likely is it that I will need to protect it?
|
| 14:06 : |
How much trouble am I willing to go through to try to prevent potential consequences?
|
| 14:07 : |
These are the 5 questions you all will try to answer.
|
| 14:07 : sk56 |
personal info
|
| 14:07 : kushal |
Not right now, but later.
|
| 14:07 : |
sk56, you have to write in details for yourself.
|
| 14:07 : sk56 |
ohk kushal
|
| 14:08 : kushal |
If I am asking the same questions to myself, then they will sound like:
|
| 14:08 : |
What do I want to protect?
|
| 14:08 : |
Who do I want to protect it from?
|
| 14:08 : |
How bad are the consequences if I fail?
|
| 14:08 : |
How likely is it that I will need to protect it?
|
| 14:08 : |
How much trouble am I willing to go through to try to prevent potential consequences?
|
| 14:08 : |
To answer 1. An asset is something you value and want to protect.
|
| 14:08 : |
Say username/passwords.
|
| 14:09 : |
emails, phone numbers, contact list
|
| 14:09 : |
photos
|
| 14:09 : |
can be many things
|
| 14:09 : |
Who do I want to protect it from?: To answer this question, it’s important to identify who might want to target you or your information. A person or entity that poses a threat to your assets is an adversary.
|
| 14:09 : |
This also varies person to person.
|
| 14:11 : |
The adversaries for a CEO are different from a college student.
|
| 14:11 : |
In my case: If you have a 3 years old child at home, that is a strong adversary against your home infrastructure.
|
| 14:12 : brute4s99 |
!
|
| 14:12 : kushal |
How bad are the consequences if I fail?
|
| 14:12 : |
These are potential threats.
|
| 14:12 : |
There are many ways that an adversary can threaten your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.
|
| 14:12 : |
How likely is it that I will need to protect it?
|
| 14:13 : |
This is called Risk.
|
| 14:13 : |
Risk is the likelihood that a particular threat against a particular asset will actually occur. It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
|
| 14:13 : |
At the end: How much trouble am I willing to go through to try to prevent potential consequences?
|
| 14:13 : |
Answering this question requires conducting the risk analysis. Not everyone has the same priorities or views threats in the same way.
|
| 14:13 : |
For example, an attorney representing a client in a national security case would probably be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.
|
| 14:13 : |
next
|
| 14:14 : brute4s99 |
"While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low"
|
| 14:14 : |
how is it hand in hand with capability ? I didn't get it
|
| 14:15 : kushal |
Means your mobile phone provider a lot more about you because the capability to handle/see all of your communication.
|
| 14:15 : sourabh1031 |
!
|
| 14:15 : kushal |
They can record your phonecalls.
|
| 14:15 : |
next
|
| 14:15 : sourabh1031 |
What is funny cat and email
|
| 14:16 : kushal |
sourabh1031, if you search Internet about funny cat photos, you will find many such examples.
|
| 14:16 : |
random example in this case.
|
| 14:16 : sourabh1031 |
*can you please rephrase what do you mean by that
|
| 14:17 : brute4s99 |
!
|
| 14:17 : avik |
sourabh1031, https://en.wikipedia.org/wiki/Cats_and_the_Internet
|
| 14:17 : kushal |
avik, Thanks
|
| 14:18 : sk56 |
kushal can you please make me understand what we learnt ?
|
| 14:18 : avik |
kushal, :)
|
| 14:18 : sourabh1031 |
What has encrypted emails has to do with funny cats ?
|
| 14:18 : kushal |
sourabh1031, two separate points.
|
| 14:18 : avik |
sourabh1031, exactly the point!
|
| 14:18 : vshuklajr |
sourabh1031: nothing
|
| 14:18 : kushal |
sourabh1031, A lawyer may try to do a lot of extra steps to send encrypted emails.
|
| 14:19 : |
sourabh1031, A normal person sending funny cat photos or videos will not do that.
|
| 14:19 : meanjeet |
sourabh1031, that was just an example . That some mails are worthless.
|
| 14:19 : avik |
encrypted emails need to be protected while cat vedios are not!
|
| 14:19 : sourabh1031 |
Okay thanks all
|
| 14:19 : kushal |
avik, Other way, important information needs to be protected.
|
| 14:19 : |
That is why encryption.
|
| 14:19 : |
next
|
| 14:19 : avik |
here, cat videos is just an example of everyday random emails
|
| 14:20 : kushal |
avik, correct.
|
| 14:20 : avik |
kushal, yes thanks for rephrasing! meant that only!
|
| 14:20 : brute4s99 |
Phone provider has HIGH capability, but we possess LOW risk of data leak ... right ? but hand-in-hand would mean direct proportionality, right ? what did I miss ?
|
| 14:21 : jeet__ |
sourabh1031, Here kushal referred to the importance of your data that you are generating or holding. It was just an example.
|
| 14:21 : sourabh1031 |
jeet_ thanks i got it know
|
| 14:22 : kushal |
brute4s99, Yes, unless you are someone important enough that phone company will target you.
|
| 14:22 : |
brute4s99, if you are politician, then people in power may target you.
|
| 14:22 : brute4s99 |
okay, now i got it !
|
| 14:22 : sk56 |
kushal when are we going to learn about git
|
| 14:22 : brute4s99 |
same as with funny cats and encryption... lol
|
| 14:22 : kushal |
sk56, Later.
|
| 14:23 : brute4s99 |
thanks kushal
|
| 14:23 : kushal |
Now, you will have to make list for yourself, and keep doing the same exercise regularly.
|
| 14:24 : |
So that you can improve your own security/privacy.
|
| 14:24 : jeet__ |
kushal Can phone voice calls be encrypted?
|
| 14:24 : kushal |
jeet__, not the normal phone call, but, we can use applications to do so over Internet.
|
| 14:24 : |
https://summertraining.readthedocs.io/en/latest/threatmodel.html is the chapter for this part of the sesion.
|
| 14:24 : |
* Session.
|
| 14:24 : avik |
jeet__, yes if its VoIP
|
| 14:24 : sourabh1031 |
Sorry to interrupt in between but what is the use of this in free software world where everything is open
|
| 14:25 : kushal |
sourabh1031, means you are now reading the home tasks given.
|
| 14:25 : |
sourabh1031, read this later https://kushaldas.in/pages/hacker-ethic-and-free-software-movement.html
|
| 14:25 : sourabh1031 |
No security that you just explained
|
| 14:26 : |
Kushal thanks
|
| 14:26 : kushal |
Going to next thing.
|
| 14:27 : |
https://summertraining.readthedocs.io/en/latest/opsec.html In this chapter we have many things.
|
| 14:27 : |
We will slowly go through a few of those now.
|
| 14:27 : |
1. Passwords
|
| 14:27 : |
Type in a good example of password here please.
|
| 14:28 : romeo |
@@@ahskru#123@$$$
|
| 14:28 : cypher_ |
PasswordName#321
|
| 14:28 : snandi__ |
jp@123
|
| 14:28 : ankit774 |
@akn!t774
|
| 14:28 : dharmateja |
alksfd#(*#232
|
| 14:28 : jaydeep_borkar |
#Alexa@20202#
|
| 14:28 : RatanShreshtha |
thisissurvivaofthefittest
|
| 14:28 : sjha2048 |
*IlFoVeMh*
|
| 14:28 : mzeeqazi |
Q@1A#ZiZeEsHa#N
|
| 14:28 : kvy |
hello 3699 @vip
|
| 14:28 : Callowidealist |
!jk,***
|
| 14:28 : inkaps |
1nk@ps^^/
|
| 14:28 : Rakshit__ |
Pink_Fl0yd1965
|
| 14:28 : vshuklajr |
v!v#k.$
|
| 14:29 : pooja |
Pooja@1997
|
| 14:29 : shaikhfarhan |
hii kushal sir im new here & new to programming i have no idea about linux i want to learn from basic like which one is better for me fedora of ubuntu
|
| 14:29 : AdityaPatil |
#jtExrTf983F!EF
|
| 14:29 : man-jain |
laji@$14928
|
| 14:29 : newrg |
gregory!1d5
|
| 14:29 : sourabh1031 |
*##778abc123ABC##**
|
| 14:29 : brute4s99 |
We@Re1
|
| 14:29 : inquiridortechie |
Strong_p@SsWoRD#
|
| 14:29 : man-jain |
Lanau@$12938
|
| 14:29 : pr97 |
P@!3good197abCd..
|
| 14:29 : prokbird |
con_2956#ALWR$@11
|
| 14:29 : pdas |
asd@12$345
|
| 14:29 : codejacker |
hackit**
|
| 14:29 : jasonbraganza |
ipXsPLgKEicJihwC{Wdj)RCGkVbAv3vJRWFdUF=saVyQiw7C*PM2KYbfLPTmstZj
|
| 14:29 : mzeeqazi |
shaikhfarhan, avoid sir in open source world
|
| 14:29 : avik |
jasonbraganza, :)
|
| 14:29 : kushal |
shaikhfarhan, After the session
|
| 14:30 : kvy |
jasonbraganza, how could you remember it
|
| 14:30 : rohanvivek |
v5d9#9SA
|
| 14:30 : jasonbraganza |
kvy, use an app
|
| 14:30 : avik |
kvy, u dont! use a good password maneger!
|
| 14:30 : ankit774 |
jasonbraganza, i guess its just random?
|
| 14:30 : jaydeep_borkar |
kvy, exactly the point :P
|
| 14:30 : kushal |
avik, u?
|
| 14:30 : avik |
*manager
|
| 14:30 : jasonbraganza |
ankit774, yes
|
| 14:31 : kushal |
Trying to remember a good password is difficult.
|
| 14:31 : ananyo_ |
q2w3e4r5t6y7
|
| 14:31 : kushal |
Also having those extra special characters will not help against powerful modern computers.
|
| 14:31 : ankit774 |
jasonbraganza, even if i remember it correctly; i won't be in a mood to type that just to login :)
|
| 14:32 : romeo |
a good password is something which u always remember with some special characters at the start and also and the end including some numbers u can remember
|
| 14:32 : kushal |
https://en.wikipedia.org/wiki/Diceware is a technique which can help us this case.
|
| 14:32 : jasonbraganza |
ankit774, like kushal said. use a password manager
|
| 14:32 : kushal |
Everyone please be silent
|
| 14:33 : |
I personally prefer a tool written in Python for the same, called diceware.
|
| 14:33 : |
bhavin192, already has a patch in the project :)
|
| 14:33 : codejacker |
jsonbragnanza, which application should we use? i think its better to remember instead of sharing it with an unknown app.
|
| 14:33 : jasonbraganza |
codejacker ^
|
| 14:33 : kushal |
you can simply install it using pip or dnf.
|
| 14:33 : |
For Fedora users: use: sudo dnf install diceware
|
| 14:34 : codejacker |
okk got it thanjs
|
| 14:34 : kushal |
I don't think it is packaged for debian, that case you can use the pip command
|
| 14:34 : |
pip install diceware --user
|
| 14:34 : bhavin192 |
kushal, it is packaged for debian as well ;)
|
| 14:34 : kushal |
Use passwords at least 6-7 words long.
|
| 14:35 : brute4s99 |
kushal, someone did make a random word generator for pip, so you can also use that for word generation
|
| 14:35 : kushal |
ah good to know.
|
| 14:35 : |
example command:
|
| 14:35 : |
diceware -n 7
|
| 14:35 : |
This will give you a good strong passphrase
|
| 14:35 : |
But. remembering these will be difficult.
|
| 14:36 : |
So we all have to use a good password manager: https://summertraining.readthedocs.io/en/latest/opsec.html#use-password-managers
|
| 14:37 : |
Use KeePassXC as a good local option
|
| 14:37 : |
https://medium.com/@mshelton/keypass-for-beginners-dc8adfcdad54
|
| 14:37 : |
Then you will have to remember only one big master passphrase, not everything.
|
| 14:38 : |
Who all here has a webcam in their laptop? say me if you have one.
|
| 14:38 : jasonbraganza |
me
|
| 14:38 : romeo |
but what if the password manager gets compromised ?
|
| 14:38 : ankit774 |
me
|
| 14:38 : ashwani |
me
|
| 14:38 : Saksham_19o9 |
me
|
| 14:38 : GeekyShacklebolt |
me
|
| 14:38 : kvy |
me
|
| 14:38 : sjha2048 |
me
|
| 14:38 : AdityaPatil |
me
|
| 14:38 : priyankasaggu119 |
me
|
| 14:38 : pr97 |
me
|
| 14:38 : sd30 |
me
|
| 14:38 : jaydeep_borkar |
me
|
| 14:38 : newrg |
me
|
| 14:38 : romeo |
me
|
| 14:38 : codejacker |
me
|
| 14:38 : inkaps |
me
|
| 14:38 : cypher_ |
me
|
| 14:38 : meanjeet |
me
|
| 14:38 : snandi__ |
me
|
| 14:38 : prokbird |
me
|
| 14:38 : vshuklajr |
me
|
| 14:38 : schubisu |
me
|
| 14:38 : mzeeqazi_ |
Me
|
| 14:38 : adityad97 |
me
|
| 14:38 : storymode_7 |
me
|
| 14:38 : sourabh1031 |
me
|
| 14:38 : dharmateja |
me
|
| 14:38 : inquiridortechie |
me
|
| 14:38 : shaikhfarhan |
me
|
| 14:39 : avik |
me
|
| 14:39 : brute4s99 |
kushal i read it. you want us to tape it, right ?
|
| 14:39 : Callowidealist |
Me
|
| 14:39 : pdas |
me
|
| 14:39 : ananyo_ |
me
|
| 14:39 : pooja |
me
|
| 14:39 : akshayg96 |
me
|
| 14:39 : RatanShreshtha |
me
|
| 14:39 : bhavin192 |
me
|
| 14:39 : rohanvivek |
me
|
| 14:39 : kushal |
romeo, I will answer after this.
|
| 14:40 : romeo |
kushal, ok
|
| 14:40 : kushal |
How many of you have taped the webcam?
|
| 14:40 : kvy |
me
|
| 14:40 : prokbird |
me
|
| 14:40 : sjha2048 |
me
|
| 14:40 : avik |
me
|
| 14:40 : ashwani |
me
|
| 14:40 : rishibit |
me
|
| 14:40 : brute4s99 |
nope
|
| 14:40 : kushal |
So that no one can see even if they break into your computer and try to see/record?
|
| 14:40 : jasonbraganza |
me
|
| 14:40 : Callowidealist |
Me
|
| 14:40 : inkaps |
nope
|
| 14:40 : shaikhfarhan |
no
|
| 14:40 : adityad97 |
No
|
| 14:40 : pooja |
me
|
| 14:40 : pdas |
nope
|
| 14:41 : brute4s99 |
!
|
| 14:41 : sourabh1031 |
Always worried about but not taped
|
| 14:41 : ananyo_ |
not me
|
| 14:41 : pr97 |
no
|
| 14:41 : jaydeep_borkar |
nope
|
| 14:41 : snandi__ |
no
|
| 14:41 : priyankasaggu119 |
no
|
| 14:41 : brute4s99 |
kushal I believe uninstalling the driver for the webcam would work the same?
|
| 14:41 : kushal |
https://summertraining.readthedocs.io/en/latest/opsec.html#cover-up-your-webcam
|
| 14:41 : |
brute4s99, then using the webcam when required is difficult.
|
| 14:42 : jeet__ |
Why do you want to harm the driver brute4s99. You have an easier solution.
|
| 14:42 : brute4s99 |
taping leaves adhesive... not hygienic
|
| 14:42 : sourabh1031 |
cracker can also install the driver remotely :P
|
| 14:43 : Saksham_19o9 |
kushal but won't our wwebcam cue light glow when someone is using it?
|
| 14:43 : kushal |
Saksham_19o9, It most cases no.
|
| 14:43 : |
Saksham_19o9, if you search, you will find many examples where attacker can access it without the light turned on.
|
| 14:43 : avik |
brute4s99, print yourself a slider or buy one from amazon! thats a better option!
|
| 14:43 : Saksham_19o9 |
it is supposed to. How can it be otherway around?
|
| 14:44 : |
kushal, ok.
|
| 14:44 : kushal |
Saksham_19o9, we will discuss more ideas :)
|
| 14:44 : |
I have hardware (plastic) cover.
|
| 14:44 : |
We also have reusable sticker covers.
|
| 14:45 : |
Next topic: Keep your machine updated https://summertraining.readthedocs.io/en/latest/opsec.html#keep-your-machine-updated
|
| 14:45 : |
Can anyone tell me why?
|
| 14:46 : brute4s99 |
we get hotpatches !
|
| 14:46 : sjha2048 |
latest security patches
|
| 14:46 : mzeeqazi |
security patch
|
| 14:46 : dharmateja |
For security patches
|
| 14:46 : shaikhfarhan |
update have new security patches
|
| 14:46 : ankit774 |
so that efficient performance is maintained and security
|
| 14:46 : Rakshit__ |
kushal, so new bugs and expliots are patched
|
| 14:47 : priyankasaggu119 |
updates are there to resolve the flaws in older versions. Hackers can use them as loop holes.
|
| 14:47 : shaikhfarhan |
updated security patches are less vulnarable
|
| 14:47 : kvy |
kushal, for security purposes and to got new updates
|
| 14:47 : kushal |
Correct, and most of that time, this simple step helps us more than anything else.
|
| 14:47 : Saksham_19o9 |
security updates, in one of ankit fadia's lecture he told about how one can do os fingerprinting and later on check for loopholes online but it wont work for updated systems.
|
| 14:47 : kushal |
Saksham_19o9, that is someone you really don't want to learn from.
|
| 14:47 : romeo |
kushal, if the existing machine has some bugs which are vulnerable, they might be fixed in the next update. so always keep machine updated
|
| 14:48 : kushal |
The story is different for mobile phones, because the story in the android land.
|
| 14:48 : Saksham_19o9 |
i never really did. that is why i am here. :)
|
| 14:48 : kushal |
How many of you have latest Android?
|
| 14:48 : sjha2048 |
me
|
| 14:48 : kushal |
Tell me if you don't.
|
| 14:48 : |
Saksham_19o9, :)
|
| 14:48 : romeo |
saksham_19o9 He is a self claimed hacker
|
| 14:48 : shaikhfarhan |
me
|
| 14:48 : ankit774 |
me
|
| 14:48 : Saksham_19o9 |
me
|
| 14:48 : Rakshit__ |
me , i run a custom rom
|
| 14:48 : codejacker |
me
|
| 14:48 : sd30 |
Me
|
| 14:48 : Callowidealist |
Me
|
| 14:48 : pradhvan_ |
not me
|
| 14:48 : kvy |
me
|
| 14:48 : ananyo_ |
not me
|
| 14:48 : man-jain |
Me
|
| 14:48 : jaydeep_borkar |
me
|
| 14:48 : cypher_ |
me
|
| 14:48 : brute4s99 |
me ! with June security patch !
|
| 14:48 : mzeeqazi_ |
Me
|
| 14:48 : rishibit |
me
|
| 14:48 : prokbird |
me
|
| 14:48 : jeet__ |
me :(
|
| 14:48 : romeo |
not me
|
| 14:48 : pooja |
me
|
| 14:48 : snandi__ |
me
|
| 14:48 : sehenazparvin |
me
|
| 14:48 : AdityaPatil |
I don't. Custom ROM but not updated.
|
| 14:48 : vshuklajr |
not me
|
| 14:49 : priyankasaggu119 |
don't have
|
| 14:49 : gutsytechster |
not me
|
| 14:49 : pdas |
nope
|
| 14:49 : adityad97 |
don't have
|
| 14:49 : pr97 |
don't have
|
| 14:49 : brute4s99 |
AdityaPatil some custom ROMs do support OTA updates ! :)
|
| 14:49 : sourabh1031 |
don't have
|
| 14:49 : brute4s99 |
checkout AOSP and PixelExperience
|
| 14:49 : inkaps |
no
|
| 14:49 : jeet__ |
Is it true that enabling root access in Android increases the vulnerability to be attacked? kushal
|
| 14:49 : newrg |
no
|
| 14:50 : sourabh1031 |
Yes custom rom do but they are not as stable as stock one
|
| 14:50 : kushal |
jeet__, I don't know the details, but, it sounds so.
|
| 14:50 : bhavin192 |
sourabh1031, the stability depends on the maintainer of the ROM for your device as well
|
| 14:51 : Rakshit__ |
jeet__, not exactly , root access provides you with absolute control over your phone and so with great power comes great responsibility
|
| 14:51 : kushal |
Also this brings in a new topic https://summertraining.readthedocs.io/en/latest/opsec.html#do-not-download-and-install-random-software-from-internet
|
| 14:51 : brute4s99 |
jeet__ if you've unlocked the bootloader, anyone can do anything with your phone if she gets her hands on it
|
| 14:51 : kushal |
Do not install software from random places in the Internet.
|
| 14:51 : sourabh1031 |
bhavin192 right
|
| 14:51 : kushal |
Means, do not run any random docker container
|
| 14:51 : |
or copy paste shell scripts to install software
|
| 14:52 : brute4s99 |
kushal, (offtopic) will we get to know more about docker/kubernetes in future here ?
|
| 14:52 : kushal |
brute4s99, maybe
|
| 14:52 : |
https://summertraining.readthedocs.io/en/latest/opsec.html#take-regular-backups
|
| 14:52 : |
Backups are important.
|
| 14:52 : |
Remember to take regular backup
|
| 14:53 : avik |
!
|
| 14:53 : ananyo_ |
!
|
| 14:53 : kushal |
But, that also brings in the discussion about encrypted drives https://summertraining.readthedocs.io/en/latest/opsec.html#take-regular-backups
|
| 14:53 : brute4s99 |
kushal, honestly one would love to maintain backup, but they are just too large. Cloud storage capacities are so minute compared to that, what to do ?
|
| 14:53 : kushal |
Wrong link: https://summertraining.readthedocs.io/en/latest/opsec.html#encrypt-all-usb-drives
|
| 14:54 : |
brute4s99, you backup the most important parts.
|
| 14:54 : |
Buy small usb drives, encrypt them and then use that.
|
| 14:54 : AnantaOne1 |
I no longer use android I am on iOS 12 Developer Beta 2
|
| 14:54 : brute4s99 |
okay, most important parts, got it kushal
|
| 14:55 : kushal |
If you all open the disks application on your gnome system, that can also help to encrypt your new usb drives in a GUI.
|
| 14:56 : |
https://summertraining.readthedocs.io/en/latest/opsec.html#do-not-click-on-random-links-in-emails-or-from-anywhere-else
|
| 14:56 : Saksham_19o9 |
kushal are we not supposed to install shell extensions to terminals so that we can run different languages?
|
| 14:57 : kushal |
Saksham_19o9, What do you mean by different languages?
|
| 14:57 : |
https://ssd.eff.org/en/module/animated-overview-protecting-your-device-hackers
|
| 14:57 : |
and also https://ssd.eff.org/en/module/how-avoid-phishing-attacks
|
| 14:57 : |
are two links you should read tonight
|
| 14:57 : Saksham_19o9 |
like c++ or python, kushal.
|
| 14:57 : jeet__ |
Saksham_19o9 Most languages have official websites from which you can download the softwares.
|
| 14:57 : shaikhfarhan |
ok
|
| 14:58 : kushal |
Saksham_19o9, NO, a big NO.
|
| 14:58 : |
Saksham_19o9, you should install the official packages from your linux distribution.
|
| 14:58 : brute4s99_ |
kushal i believe the fundamental access point for any machine is a PORT. if we close all ports except crucial ones (for eg:RDP,TCP ports) that would completely safeguard me against threats won't it ?
|
| 14:58 : kushal |
brute4s99_, no, if you get malware on your system, they will bypass your firewall.
|
| 14:59 : |
https://summertraining.readthedocs.io/en/latest/opsec.html#use-the-following-browser-plugins-for-better-privacy here are 3 plugin suggestions for your daily browser.
|
| 15:00 : man-jain |
!
|
| 15:00 : kushal |
next
|
| 15:00 : |
next
|
| 15:01 : |
next
|
| 15:01 : |
next
|
| 15:01 : Callowidealist |
!
|
| 15:01 : avik |
kushal, name a software by which we can backup the system and restore stuffs seamlessly!
|
| 15:01 : ananyo_ |
Is using cloud storage like google drive/dropbox suggested for backup?
|
| 15:01 : man-jain |
Running the latest softwares and os needs the latest hardware to run smoothly but in our country many of us still use old hardware. What should be done in this case?
|
| 15:01 : kushal |
avik, rsync
|
| 15:01 : Saksham_19o9 |
!
|
| 15:01 : ankit774 |
!
|
| 15:01 : brute4s99_ |
!
|
| 15:01 : kushal |
man-jain, my desktop is almost 8 years old
|
| 15:01 : |
or more than that.
|
| 15:01 : avik |
kushal, okay! I mean the whole system can be backed up in a eHDD?
|
| 15:02 : kushal |
man-jain, it just works.
|
| 15:02 : |
avik, yes, use an encrypted hard drive.
|
| 15:02 : avik |
kushal, okay! thanks
|
| 15:02 : man-jain |
But you must be having a good configuration desktop
|
| 15:03 : kushal |
man-jain, normal desktop, I bought extra ram later though.
|
| 15:03 : |
next
|
| 15:03 : Callowidealist |
But Disconnect.me is a premium service. And how only these 3 plugins are usable.
|
| 15:03 : ananyo_ |
Is using cloud storage like google drive/dropbox suggested for backup?
|
| 15:04 : avik |
man-jain, no matter how modern softwares get, they still have a starting point for hardware requirement! If a pc even lacks that, then its time to move on I guess!
|
| 15:04 : codejacker |
!
|
| 15:04 : kushal |
Callowidealist, use the basic version if you want,
|
| 15:05 : |
ananyo_, yes, but depends on the data.
|
| 15:05 : brute4s99_ |
can I use github private repository as backup destination ? it would also help to compare previous and new backup !
|
| 15:05 : kushal |
ananyo_, for example: you should not backup your private keys or private copy of your password manager to the could.
|
| 15:06 : |
brute4s99_, git is not good for binary files.
|
| 15:06 : |
next
|
| 15:06 : Saksham_19o9 |
kushal, what are your views about show Mr. Robot? it is also about saving our privacy and other stuff like that?
|
| 15:06 : kushal |
Saksham_19o9, it is off topic.
|
| 15:06 : sd30 |
!
|
| 15:06 : Saksham_19o9 |
ok
|
| 15:07 : kvy |
Saksham_19o9, you can discus all off topic problems when session ends. :)
|
| 15:08 : shaikhfarhan |
sir any suggestion for a completly new user for linux
|
| 15:08 : kvy |
shaikhfarhan, do not use sir call everyone by using there nicks.
|
| 15:08 : Saksham_19o9 |
kushal i have an important errand to run. i need to leave. I will read logs afterward. Can you please tell me today's homework?
|
| 15:09 : shaikhfarhan |
ok
|
| 15:09 : meanjeet |
Saksham_19o9, i think homework is already given.
|
| 15:10 : ankit774 |
i guess kushal is afk
|
| 15:10 : kushal |
I primary network just now went down
|
| 15:10 : kvy |
shaikhfarhan, start learning Linux. :)
|
| 15:10 : kushal |
Hometasks: watch a few documentaries
|
| 15:10 : vshuklajr |
ankit774: afk?
|
| 15:11 : j605 |
brute4s99_: duplicity, borg et. al have incremental backups which will help you version your backups.
|
| 15:11 : kvy |
vshuklajr, away from keyboard
|
| 15:11 : kushal |
i have given link to one on Friday, here is the next https://www.youtube.com/watch?v=M3mQu9YQesk
|
| 15:11 : ankit774 |
vshuklajr, away from keyboard ;)
|
| 15:11 : shaikhfarhan |
kushal which one is better fedora or ubuntu
|
| 15:12 : Rakshit__ |
rollcall: Rakshit Airani leaving, have some work .
|
| 15:12 : j605 |
shaikhfarhan: again, ask after typing "!" to get in the queue and when called upon
|
| 15:12 : newrg |
kushal: thanks for the documentaries,really informative and enjoyable at the same time
|
| 15:12 : brute4s99_ |
j605 on it ! thanks !
|
| 15:13 : shaikhfarhan |
ok
|
| 15:13 : |
!
|
| 15:13 : Saksham_19o9 |
Thanks kushal.
|
| 15:15 : ankit774 |
i guess kushal's primary network went down again ;(
|
| 15:15 : mzeeqazi_ |
Is this session over??
|
| 15:15 : GeekyShacklebolt |
mzeeqazi_, not yet.
|
| 15:15 : brute4s99_ |
nope
|
| 15:15 : jasonbraganza |
ok folks
|
| 15:16 : |
kushal has network issues
|
| 15:16 : |
so here is the secoond hometask
|
| 15:16 : |
watch nothing to hide here, https://www.youtube.com/watch?v=M3mQu9YQesk
|
| 15:16 : ananyo |
Yup Watched The Internet's Own Boy documentary
|
| 15:16 : jasonbraganza |
let’s close the session here
|
| 15:16 : ananyo |
Really good and informative
|
| 15:16 : jasonbraganza |
roll call
|
| 15:16 : GeekyShacklebolt |
Shiva Saxena
|
| 15:16 : j605 |
shaikhfarhan: I will take your question. No distro is faster than the other. It depends on what you want and what you prefer
|
| 15:17 : bhavin192 |
Bhavin Gandhi
|
| 15:17 : sourabh1031 |
Sourabh Pruthi
|
| 15:17 : newrg |
Rajat Gupta
|
| 15:17 : sehenazparvin |
Sehenaz Parvin
|
| 15:17 : vshuklajr |
jasonbraganza: kushal gave the same link
|
| 15:17 : mzeeqazi_ |
Muhammad Zeeshan Qazi
|
| 15:17 : sd30 |
Shruti Dash
|
| 15:17 : kvy |
kumar vipin yadav
|
| 15:17 : priyankasaggu119 |
Priyanka Saggu
|
| 15:17 : RatanShreshtha |
Ratan Kulshreshtha
|
| 15:17 : j605 |
Jagannathan Tiruvallur Eachambadi
|
| 15:17 : olajayi__ |
olajayi__
|
| 15:17 : rishibit |
Rishikesh Bamdale
|
| 15:17 : brute4s99_ |
Piyush Aggarwal
|
| 15:17 : ankit774 |
Ankit Upadhyay
|
| 15:17 : inquiridortechie |
Neeraj kumar Arya
|
| 15:17 : gutsytechster |
Prashant Sharma
|
| 15:17 : schubisu |
Robin Schubert
|
| 15:17 : vshuklajr |
Vivek Shukla
|
| 15:17 : man-jain |
Manank Patni
|
| 15:17 : AdityaPatil |
Aditya Patil
|
| 15:17 : shaikhfarhan |
shaikh farhan
|
| 15:17 : jaydeep_borkar |
Jaydeep Borkar
|
| 15:17 : Call |
Jitendra kumar Tripathi
|
| 15:17 : cypher_ |
Naman Sharma
|
| 15:17 : j605 |
vshuklajr: first is writing out your threat assesment
|
| 15:17 : ananyo |
Ananyo Maiti
|
| 15:17 : inkaps |
Nupur Kapur
|
| 15:17 : ashwani |
ashwani singh
|
| 15:17 : prokbird |
tabrez khan
|
| 15:17 : akshayg96 |
Akshay Gaikwad
|
| 15:17 : BhaveshSGupta[m] |
Bhavesh Gupta
|