Experian Glitch Exposing Credit Files Lasted 47 Days

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.

The tip about the Experian weakness came from Jenya Kushnir, a security researcher living in Ukraine who said he discovered the method being used by identity thieves after spending time on Telegram chat channels dedicated to cybercrime.

Normally, Experian’s website will ask a series of multiple-choice questions about one’s financial history, as a way of validating the identity of the person requesting the credit report. But Kushnir said the crooks learned they could bypass those questions and trick Experian into giving them access to anyone’s credit report, just by editing the address displayed in the browser URL bar at a specific point in Experian’s identity verification process.

When I tested Kushnir’s instructions on my own identity at Experian, I found I was able to see my report even though Experian’s website told me it didn’t have enough information to validate my identity. A security researcher friend who tested it at Experian found she also could bypass Experian’s four or five multiple-choice security questions and go straight to her full credit report at Experian.

Experian acknowledged receipt of my Dec. 23 report four days later on Dec. 27, a day after Kushnir’s method stopped working on Experian’s website (the exploit worked as long as you came to Experian’s website via annualcreditreport.com — the site mandated to provide a free copy of your credit report from each of the major bureaus once a year).

Experian never did respond to official requests for comment on that story. But earlier this week, I received an otherwise unhelpful letter via snail mail from Experian (see image above), which stated that the weakness we reported persisted between Nov. 9, 2022 and Dec. 26, 2022.

“During this time period, we experienced an isolated technical issue where a security feature may not have functioned,” Experian explained.

It’s not entirely clear whether Experian sent me this paper notice because they legally had to, or if they felt I deserved a response in writing and thought maybe they’d kill two birds with one stone. But it’s pretty crazy that it took them a full month to notify me about the potential impact of a security failure that I notified them about.

It’s also a little nuts that Experian didn’t simply include a copy of my current credit report along with this letter, which is confusingly worded and reads like they suspect someone other than me may have been granted access to my credit report without any kind of screening or authorization.

After all, if I hadn’t authorized the request for my credit file that apparently prompted this letter (I had), that would mean the thieves already had my report. Shouldn’t I be granted the same visibility into my own credit file as them?

Instead, their woefully inadequate letter once again puts the onus on me to wait endlessly on hold for an Experian representative over the phone, or sign up for a free year’s worth of Experian monitoring my credit report.

As it stands, using Kushnir’s exploit was the only time I’ve ever been able to get Experian’s website to cough up a copy of my credit report. To make matters worse, a majority of the information in that credit report is not mine. So I’ve got that to look forward to.

If there is a silver lining here, I suppose that if I were Experian, I probably wouldn’t want to show Brian Krebs his credit file either. Because it’s clear this company has no idea who I really am. And in a weird, kind of sad way I guess, that makes me happy.

For thoughts on what you can do to minimize your victimization by and overall worth to the credit bureaus, see this section of the most recent Experian story.

Stupid Easy Way to Transfer Small Files to or from Ubuntu 22.04

There are quite a few ways to transfer files between different machines. For Ubuntu and most other Linux, here’s an easy way for choice.

Usually, I use a USB cable or a messenger app for transferring photo images between my personal PC and mobile devices.

However, my USB cable is always NOT near at hand and I hate to scan QR code again and again on PC for logging 3rd app. In this case, creating a temporary http file server with Python is an easy and good choice.

Upside and downside

Python is pre-installed in most Linux Distros. So this is an universal method for Linux. It also works in Windows and macOS with Python programming language installed.

As a simply http server, any devices with a web browser can download (or upload) files from/to the server side either over local network or internet.

However, http is NOT designed for transferring files. It’s OK to handle small files (e.g., photo images and short videos less than a few hundred MB). But for large files with a few GB or more file size, it may not work! As well, it’s NOT secure for accessing important files outside from local network.

Single command to create a Python http server:

For those who are new to Linux, user may first open file manager, navigate to the folder that contains the files to share with other device, right-click on blank area and select “Open in Terminal”.

It will open a terminal window and automatically navigate to that folder as working directory.

Or, you can also open terminal from start menu and run cd command to navigate directory. For example, run the command below to navigate to user’s Pictures folder:

cd ~/Pictures

Then, run the single command to start a http file server (For some Linux, replace python3 with python in command):

python3 -m http.server

By default, it listens to port 8000. If the port is already in use, use python3 -m http.server 9090 to set another port number (change number 9090 as you want).

After that, visit http://ip-address:8000 (change number 8000 if you set another port) in any device via a web browser. You can then open and/or right-click save as to download any file from that folder.

Create python http server with upload support

1. If you want to send files from any device to Ubuntu Linux, open terminal and run command:

python3 -m pip install --user uploadserver

Install pip first via sudo apt install python3-pip if the command above does not work. This command will install a Python module uploadserver.

2. Then open or navigate to your desired folder in terminal window, and run command to create simple http file server with both download and upload support:

python3 -m uploadserver

Also specify port number if you want, for example, python3 -m uploadserver 9990

3. Finally, visit http://ip-address:8000 in any device via web browser can access and download files. Or, go to http://ip-address:8000/upload for uploading files.

For security reason, you may add a token authentication so client machines need to verify before being able to upload a file. To do so, run the command below instead in Ubuntu Linux:

python3 -m uploadserver -t password_here

How to Create Large Files in Linux

How to Create Large Files in Linux

Creating files in Linux is something we do all the time. Mostly you create an empty text file with the touch command and then add content to it.

But what about creating new files of a certain size?

When you are troubleshooting something or want to test in some particular scenario, you may require large files bigger than a certain size. Let’s say 500 MB or 2 GB.

Now, you cannot create an empty file and then start writing garbage text in it. You can never be able to create a file of 1 GB in size this way.

Thankfully, you don’t have to manually create large text files. There are various commands that allow you to create large files of predefined size. They won’t have desired tex. Just some random garbage but you’ll get the file of your desired size.

Let me show how to do that.

Creating large files using the dd command

The dd command is used for copying and converting files. Its most common use can be found in creating live Linux USBs.

Let’s say you want to create a text file named testfile.img of 2 GB size. Here’s what you can do:

dd if=/dev/zero of=testfile.img bs=2G count=1

Depending on the size of the file, the command will take some time to complete.

How to Create Large Files in Linux

Here, you created a file of 2 GB in size that has a single block (count 1) of size (bs, block size) 2 G. The file contains the NULL characters (/dev/zero).

You can change the block size and count of blocks as you per your need. For example, you could have used 1M as bs with 1024 as count to get file of 1024 Mb. You can mix and match as you like.’

💡
Since the file only contains NULL, you cannot count lines in it. If you want some text content instead of NULL, you can use /dev/random as the input in the dd command.

Using the truncate command to create huge files

The truncate command reduces or increases the size of each FILE to the desired size.

Extra data is lost if a FILE is bigger than the required size. If a FILE is too short, it is expanded, and the extra portion (hole) is accessed as zero bytes.

Let’s use the truncare command to create file of 2 GB in size.

truncate -s 2G testfile.img

You will see no output from the above command, however, the resultant file can be seen using the ls command:

ls -lh testfile.img
How to Create Large Files in Linux
💡
By default, the truncate command will create new files if the requested output file does not already exist. You can use the option -c to avoid creation of new files.

Using the fallocate command to create huge files

The fallocate command is my recommended way for creating a large file because it is the fastest.  

To create a file of 1 GB, use it like this:

fallocate -l 1G testfile1.img

Now check the output file:

ls -lh testfile1.img
How to Create Large Files in Linux

It is far quicker to use fallocate than to create a file by populating it with zeroes.

Conclusion

The files created by the dd and truncate are sparse files. In the computer world, a sparse file is a special file that tries to utilize the space on a file system in a very efficient manner when the blocks assigned to a file are mainly empty.

Sparse files have varying apparent file sizes (the largest size to which they can expand) and true file sizes (how much space is allocated for data on disk).

You can see the apparent size and the true size with the du command:

How to Create Large Files in Linux

This is why I prefer using fallocate command. It is faster and it does not create sparse files.

Find Files by Name in Linux

Find Files by Name in Linux

Most often, you are looking for a file on Linux and you do not exactly know its true location on the system disk.

There are multiple ways to find files in the Linux command line. Most common and most reliable way is to use the find command.

The find command is extremely versatile and has way too many usages but here I’ll focus on finding files by their name.

I’ll explain how to use the ‘find’ command for:

  • Searching files using their name
  • Searching files with their exact name
  • Searching files for a particular pattern
  • Searching multiple files
  • Excluding certain files from the search results.

Besides these, I’ll also show how to use the grep command with the output from the find command. Let’s first start with an overview of the find command.

The utility ‘find’ looks for files that match a certain set of parameters like the file’s name, its modification date, its extension, etc. It has the following format:

find path pattern

If a path is not specified, it searches in the current directory and its sub-directories.

Searching for Files Using their Name

Looking for a file with its name is a commonly used operation with the find command. The -iname option looks for a file regardless of its case.

For example, suppose you have two files abc.txt and ABC.txt. Both of them have the same name but different cases. Using the find command, you get both files in the results:

find -iname abc.txt
Find Files by Name in Linux
Find files with their name while ignoring the case

Searching for Files Using their Exact Name

The -name option is case-sensitive in contrast to the -iname option, so you are going to get files with the exact name.

For example, let us look for a file with the name abc.txt :

find -name abc.txt
Find Files by Name in Linux

The name of the file can be composed of wildcards as you will see later in this guide.

Searching for Files With a Particular Pattern

You can also filter files that follow a given pattern. For that, you can use wildcards.

Say, for instance, you are looking for all the configuration files on your system that end with the ‘.conf’ extension:

find /etc -type f -name "*.conf" | grep client.conf
Find Files by Name in Linux
Find files with a certain extension

In the same way, you can also search for files with the same name but with any extension of three characters as:

find ~ -name "abc.???" 
Find Files by Name in Linux
Find files with the same name but any extension

If you have several file names that contain a common string, say ‘VM’, the find command in this scenario will be as:

find -name '*VM*' 
Find Files by Name in Linux
Find files with a matching pattern

So far we have used a single directory (the home directory) with the ‘find’ command.

You can also search in multiple directories by specifying them on the CLI:

find ~/Desktop/example1/ ~/Desktop/example2/ -name 'abc*.*'
Find Files by Name in Linux
Find files in multiple directories

Searching for Multiple Files and Multiple Patterns

Suppose you want to find multiple files in a directory having .msi and .txt as file types.

Here you need to use both the name and type options on the CLI as:

find -type f ( -name "*.txt" -o -name "*.msi" )
Find Files by Name in Linux
Search for multiple files and multiple patterns

In a similar approach, you can extend the above command for more files by using extra -o options.

Excluding Certain Files from the Search Results

The find command can also exclude certain types of files from the search result:

find -name '*abc*' -type f ( ! -name '*.msi' )
Find Files by Name in Linux
Exclude certain files from find search results

Here, the ‘find’ command will look for all the files having ‘abc’ string in their name. However, it will filter out the .msi type of files.

Other Common Examples of the ‘find’ Command

You have more options that can be used with the ‘find’ command. Let me share a few such examples:

System reporting low disk space? Find bigger files like this:

find -size +2000M

Using the above command, you can find files occupying more than 2000 Megabytes of space.

In case you need to save your findings for later investigation, redirect it to a file:

find -name '*abc*' -type f ( ! -name '*.msi' ) > mysearch.txt
Find Files by Name in Linux
Save the result of the find command

The type option with the find command opens many opportunities.

You can combine it with different file descriptors for different types of files. For example, ‘f’ for a regular file, ‘d’ for a directory, ‘l’ for a symbolic link, etc.

find /var/log -type f -name "*.log" 

Conclusion

In this guide, I explained how to search for files by their names using the find command. You saw multiple ways to narrow down the search path and most importantly, how to incorporate the ‘wildcards’ for pattern searching.

There are many more uses of the find command. Like you can use it to find recently modified files. Here are a few more common examples if you are interested.

15 Super Useful Examples of Find Command in Linux
Learn the super powerful and super useful find command with these practical examples.
Find Files by Name in Linux

You can always search man pages to get extensive insights into the various options with the ‘find’ command.

Enable Thumbnails for EPub / MOBI Files in Ubuntu 22.04 | 20.04 & Other Linux

Got some ePub and/or MOBI books in your PC? Debian / Ubuntu has recently includes a package in their repository for generating thumbnails for these files.

As you may know, Linux Mint 21 was released recently with a thumbnail generators for AppImage, ePub, MP3 and RAW files. Debian/Ubuntu now has similar tool called gnome-epub-thumbnailer, though it’s only for ePub and MOBI books.

With the package installed, the default file manager will no longer display the universal “e” image with green background for all ePub files. Instead, it shows thumbnail book covers.

Don’t know if Ubuntu 22.10 will come with it out-of-the-box, since it’s not released yet. But, user may manually install the package by running the apt command below in terminal.

Open terminal (Ctrl+Alt+T) and run command to install gnome-epub-thumbnailer in Ubuntu 22.10 or Debian Unstable:

sudo apt update && sudo apt install gnome-epub-thumbnailer

NOTE: the package is only for the default GNOME Desktop! Install the Foliate eBook reader from system repository will also install it as recommend dependency package.

Enable EPub / MOBI Thumbnails in Ubuntu 22.04 | 20.04

The package is not available in the current LTS releases. Ubuntu 22.04 user can however download the .deb package directly from the build page:

Click the little triangle for Ubuntu 22.10 (Kinetic Kudu) build to expand, and select download the amd64.deb for modern PC/laptop, arm64/armhf for ARM, or other format depends on your devices.

Finally, double click to open the .deb package via “Software Install” (Ubuntu Software) and install it.

For Ubuntu 20.04 user, I’ve upload the package into this unofficial PPA for 64-bit (amd64) computers support.

To add the PPA and install the package, press Ctrl + Alt +T on keyboard to open terminal and run 3 commands one by one:

sudo add-apt-repository ppa:ubuntuhandbook1/apps
sudo apt update
sudo apt install gnome-epub-thumbnailer

NOTE: The first command will asks for password authentication, though there’s no asterisk feedback. Just type in mind and hit Enter to continue.

Enable EPub / MOBI Thumbnails in Fedora, Arch, SUSE Linux

Most other recent Linux systems have also added the package into their official repositories. If you want to get it, open terminal and run command:

  • For Fedora, use command:
    sudo dnf install gnome-epub-thumbnailer
  • Arch and Manjaro Linux can install it via:
    sudo pacman -S gnome-epub-thumbnailer
  • And, openSUSE user may run command:
    sudo zypper install gnome-epub-thumbnailer

Uninstall the Thumbnails

Thumbnails generate automatically once you installed the package. If somehow you want to get rid of them, open terminal and run command:

sudo apt remove gnome-epub-thumbnailer

Replace apt depends your system. For Arch, use sudo pacman -R gnome-epub-thumbnailer.

Removing the package won’t clear existing thumbnail images, until you removed the content under “~/.cache/thumbnails” either from file manager or by running command:

rm -R ~/.cache/thumbnails/*

Find Files Modified in Last N Minutes in Linux

Find Files Modified in Last N Minutes in Linux

Finding recently modified files is a helpful parameter when troubleshooting your code or server.

What log files were modified? What files changed when I ran this command? The versatile find command can help you get the answers.

The command below will find all the files that have been modified in the last five minutes in the current directory.

find . -type f -mmin -5

That’s just one example. Let me share how you can list files that are accessed and created in the last n minutes/days in detail.

Finding modified files in Linux

Before jumping to the explanatory part, first, I’d like to share the syntax of how you can use the find command to find files that are modified at the last n minute.

find [path] -type f -mmin n

Here, n indicates how many minutes you want to check for. But you also have some options such as:

  • -n will check for files modified in less than n minutes
  • +n will check for files modified in more than n minutes
  • n will check for files modified exactly n minutes ago

Similarly, you can also use -mtime instead of -mmin to check for files modified days ago.

Finding files modified in the last 5 minutes

So let’s suppose I want to list find files that are just modified in the last 5 minutes in the var directory; my command will be as follows:

find .var/ -type f -mmin -5
Find Files Modified in Last N Minutes in Linux
Finding modified files in the last 5 minutes

As you can see, it just throws files, and I don’t find the given list useful and readable.

In this case, I’ll append -ls to have a much cleaner look and more info such as the file owner, permissions, and modification time.

find .var/ -type f -mmin -5 -ls
Find Files Modified in Last N Minutes in Linux
Using -ls for better visibility
💡
The find command allows a few actions on its result. The -ls is one of such actions. You don’t necessarily need to use find-exac or xargs for the ls command.

Finding files modified in the last n days

To find modified files in the last n days instead of n minutes, you just have to use -mtime instead of -mmin.

Suppose I want to find files that have been modified in the last one day, my command would be:

find /media/sagar/HDD/Downloads -type f -mtime -1 -ls
Find Files Modified in Last N Minutes in Linux
Finding files modified on the last one day

Find files older than X days

You can use the mtime parameter to find older files that have not been modified recently.

Let’s say you want to find files older than 30 days in the current directory. Use this command:

find . -mtime +30

Find modified directories in the last n minutes or days

The find command can also bring a list of modified directories.

Just change -type f with -type d, which will let you search for directories instead of files.

For demonstration, I’ll be showing how you can get the list of modified directories under /.cache/mozilla/firefox:

find .cache/mozilla/firefox/ -type d -mmin -5 -ls
Find Files Modified in Last N Minutes in Linux
Listing directories that are modified in the last 5 minutes

Similarly, you can find directories on which you worked a few days ago.

find Downloads/ -type d -mtime -1 -ls
Find Files Modified in Last N Minutes in Linux
Finding modified directories on the last 1 day

Finding files that have been recently accessed or created

So how about finding files that were accessed or created last n minutes?

To find files that were accessed in the last n minutes, you’ll have to use -amin instead of -mmin.

To find files that were accessed in the last 5 minutes inside my preferred directory, I’d be using the given command:

find /media/sagar/HDD/Downloads -type f -amin -5 -ls
Find Files Modified in Last N Minutes in Linux
Find files accessed in the last 5 minutes

In the same way, you can also find files created in the last n minutes by using -cmin instead of -amin.

find /media/sagar/HDD/Downloads -type f -cmin -5 -ls
Find Files Modified in Last N Minutes in Linux
Finding files created in the last 5 minutes

Conclusion

Basically, there is no limit to the use cases. You can modify it from -n to +n and you can search for older files. Use the ctime and you can get recently created or ancient files.

Learning the basics allows you to use the find command as per your need. I believe this tutorial gave you enough understanding of using the time parameter of thefind command.

Raider – Stupid Simple App to Shred Files in Linux Desktop

Looking for a file shredder app for Linux? Raider is the one with a stupid simple user interface.

There are already a few good ways to securely delete files in Ubuntu Linux, such as BleachBit and Nautilus wipe extension. But for a large list of files or those do shred files frequently, this app could be more efficient.

It’s Raider, also known as File Shredder, a free open-source GTK4 application. With it, you can just drag and drop files into app window, then shred as many files as you want via single mouse click.

File Shredder with Drag and Drop support

The default remove method is ‘wipesync‘ which also sync each obfuscated byte to disk. Though, you may set it to ‘wipe‘ that first obfuscate bytes in the name, or ‘unlink‘ to delete file name from the filesystem.

It by default overwrites file with random data, which however is a clue that the file has been shredded. User can choose to overwrite with zeros instead to hide shredding.

And there are options to specify how many times to shred file over, number of bytes to shred, and whether to override the file permissions.

How to Install File Shredder

The app is available to install via the universal Flatpak package, that works in most Linux.

1. For Ubuntu users, first press “Ctrl+Alt+T” on keyboard to open terminal. Then, make sure the daemon package is installed by running command:

sudo apt install flatpak

2. Next, install the tool via command:

flatpak install https://dl.flathub.org/repo/appstream/com.github.ADBeveridge.Raider.flatpakref

Once installed, launch it by either searching from ‘Activities’ overview, or using the command below:

flatpak run com.github.ADBeveridge.Raider

How to Remove File Shredder:

To remove the software, simply run command in a terminal window:

flatpak uninstall --delete-data com.github.ADBeveridge.Raider

And clear unused libraries via flatpak uninstall --unused.