How to reset Raspbian forgotten password if you still have SSH login

There’s bunch of instruction talking about how to reset password on raspbian. But they all require physical access to the raspberry pi and take out the SD card and need keyboard and monitor the reset the password.

My case is I forgot my password of course. There’s many reasons: The system is seldomly used. Forgot to put the password into password manager app. The login credential is remembered in SSH client. However, because the credential is kept in SSH client which means I can still log into the raspbian, only thing is I don’t know the password now, and no way to change it.

I tried all possible ‘dictionary attack’ to my pi but no success. Then at the last resort, I figured out something works.

Continue reading “How to reset Raspbian forgotten password if you still have SSH login”

Security Trends Forecast 2025

The IT technologies are changing from closed on premise infrastructure to cloud platform. Security is no longer segregated trusted zone but more zero trust approach. What will happen in 2025 of Information Security industry? Any focusing areas and new opportunities? Here’s my point of view.

Continue reading “Security Trends Forecast 2025”

Force kids device to Google SafeSearch and Safe Youtube

Leveraging Pi-Hole, you can force kids to redirect google search traffic to google safesearch, safe youtube and etc.

Here’s the script I use in Pi-Hole dnsmasq configuration.

Continue reading “Force kids device to Google SafeSearch and Safe Youtube”

Mikrotik RouterOS Dynamic Update Script for OpenDNS

There is a need to provide some level of parent control and kids safe Internet access at home. Using OpenDNS is a easy and cost free solution.

To customize the web security filtering policies for your own case, you need to update home Internet public IP to OpenDNS so that the customized your policy will be applied. In a dynamic IP situation, it is essential to keep telling OpenDNS the latest correct Internet IP. Instead of install OpenDNS updater client on MAC/WIN/LINUX, we can use Mikrotik RouterOS scripts to update the IP directly.

Continue reading “Mikrotik RouterOS Dynamic Update Script for OpenDNS”

Mikrotik RouterOS work with Cisco Aironet AP


I have a spare Cisco Aironet 3702i but I do not have Cisco Wireless Controller to manage it. But I do like its wireless capability and I want it to replace ASUS RT-AC68U as home main wireless access point.

I also have a Mikrotik hex POE 960PGS router to provide both connectivity and power to surveillance camera.

I want to fully utilize the gears I have and just use a cost effective solution to achieve secure home wireless network.


  • Multiple SSIDs with different VLANs, different encryption and authentication methods
  • Each SSID network needs to be segregated with others
  • One SSID needs to be in the same subnet of local wired network

Continue reading “Mikrotik RouterOS work with Cisco Aironet AP”

Some Cyber Security tips

Trust Is Tops

  • Only use trusted apps or software.Download apps directly from trusted app stores such as iTunes and software from well-known sites. Be especially careful of apps or software you’ve never heard of or malware posing as legitimate apps. If you’re unsure if an app is legitimate, check the ratings and reviews in the app store. If it’s a major retailer and it only has one review or a low rating, it might be a copycat.
  • Don’t trust every search result.Just because you get dozens of search results for “free golf handicap spreadsheet calculator” doesn’t mean you should download each one to try them all.
  • Office documents and spreadsheets are notorious for hosting malware within embedded macros. If you frequent forums or communities of interest, ask what software others have used.
  • Beware of extras when installing software.Even legitimate software or browser add-ons can be accompanied by malware. Remember that every new app or software you install is a new potential entry point for cybercriminals. Be sure to uncheck extra software options unless you really need them.

Don’t Click That

  • Beware of unexpected emails. IBM X-Force has observed scammers using fraudulent package tracking emails, for example, to spread malware such as Locky ransomware. Be cautious and wary of unsolicited emails.
  • Double-check links. Scrutinise links in emails and social media posts. Hover over the URL to make sure a link directs to a legitimate website before clicking it.

Protect Your Passwords

  • Don’t save your info. Yes, it’s a pain to retype your info every time you want to order something online, but you should never save your password or credit card information in retail or bill payment sites, especially those you don’t frequent.
  • Use a special shopping email address and password. Have a separate email address just for retail websites and create unique passwords for each account. Use a password wallet to store your login credentials.
  • Get creative with password reset questions.When filling out account information, opt for the password reset question that doesn’t involve public information. For example, don’t use your high school mascot, since that could be found online. Instead, pick a subjective question (favourite dessert, favourite song, etc.) and enter answers that only you would know.
  • You can also create unique answers to each question and store them securely in a password wallet.

Control Your Credit Cards

  • Opt for credit over debit cards. Use credit cards instead of debit cards whenever possible. Credit card providers offer protection if your card is compromised and won’t dock your checking account if there’s an issue.
  • Use one-time credit cards. You may want to consider a one-time credit card when buying from a nontrusted or entirely new retailer. That way, you can avoid putting your personal card data at risk.

Some Security Links


  1. Is TLS fast yet – A great site debunking the myths of SSL/TLS speed cost
  2. Firesheep – A watershed moment for SSL by demonstrating the ease with which unprotected traffic can be intercepted and sessions hijacked
  3. Qualys SSL Labs – Tests a variety of attributes of the SSL implementation by pointing it at any URL
  4. CloudFlare – Get SSL for free on any website
  5. Let’s Encrypt – It’s coming, and it promises to fix the current mess that is CAs and configuring certs
  6. Betsy’s free wifi – Shows a young girl standing up a rogue wifi hot spot
  7. Chromium HSTS preload list – All the sites submitted for HTTP strict transport security preload (a depressingly small number of them)
  8. HTTP Shaming – Sensitive data sent insecurely? Name and shame!

Continue reading “Some Security Links”

警惕Nokia S60V3平台短信息功能假死漏洞

According to this post at
F-Secure’s site (, at the 25th Chaos Communication Congress in Berlin, a
presentation titled ‘Security Nightmares 2009′ showed a demonstration
of a ‘Curse of Silence‘ exploit that reportedly affects S60 2nd Edition
phones, and even S60 3rd Edition, up to Feature Pack 1 (Feature Pack 2
phones are reportedly immune, as is S60 5th Edition). The exploit
apparently involves sending a specially formatted SMS to the recipient,
and renders the messaging capabilities of the phone completely useless.

This ‘attack’ cannot be achieved via an application, or over Bluetooth.
Only by receiving an SMS. With the Nokia N95, the attacker must send a
multitude of messages before the critical limit is reached, and the
user is presented with a ‘Not enough memory to receive message(s).
Delete some data first.’ and a blinking envelope in the top corner of
the screen.

If you get attacked with this, you’ll need to hard reset your phone.
You cannot use any backup/restore features, as that will reportedly
only restore the offending messages, recreating the problem.

用N95 8G给N73发送一条能激活该漏洞的短信




  1. 重新启动中招手机,问题依旧。
  2. S60 2.8/3.1系统的诺基亚手机,在收到十余条该短信时会出现“内存不足,请先删除一些短信”类似提示,并且无法收到新短信。
  3. 其他上述提及系统的诺基亚手机,收到一条该短信后便无法收到新短信,且无任何提示。



3.手动清除办法(仅限于已破解过的手机):N82受到攻击后(11条短信)出现短信无法接收的问题,提示存储空间不足^ ^攻击成功.接下来就是手动修复,方法很简单,先把短信存储改成E盘,之后关闭权限验证,进入c:private 删除1000484B然后再把短信存储改回C盘。记住,在转存的时候,不要复制原先的内容。(我忘记什么提示,好象是选择2个否)之后重新启动手机,短信功能恢复正常。(转自opda)


德国信息安全部警告:网民忌用Google Chrome上网!

据一位Philipp Lensen的博客透露到:BSI的一位发言人在《柏林日报》上称,网民在使用Chrome时要十分小心,最好不要使用Chrome上网。这位发言人指出,谷歌现在覆盖了搜索引擎、电子邮件,现如今又加上浏览器等领域,这样将造成用户数据过多地集中在一家企业,这是十分危险的。





Chrome的读写居然都达到了两三百兆字节,这时候仅仅是打开了一个百度静态页,资源和缓存应该都已读写完毕,但I/O还在不断增加,可以确定的是Chrome一定在做与浏览器无关的事情,干什么会占用这么高的I/O使用率呢, 这让人不得不联想到Chorme正在扫描硬盘,分析数据。



The conflict between Business and Security

The main purpose of business dpt. is to develop business and earn money.

The main purpose of Security dpt. is to secure the core business by spending money.

Every time business hopes low cost and easy use, while the security hopes secure enough no matter how trouble it takes.

Business always breaks rules while the security defines strict rules.

Business is the core of the company which earn money. Security is just the internal supporting which spend endless money without obvious profit.

So the high level managers like business and hate security. Without high level support, security lacks the power to fight with business. Without good security protection, business get affected in several security incidents. Company’s reputation becomes worse and the business goes down. So that less incoming money makes even worse security protection. Security incidents again and again… That’s the bad loop.

It is quite clear, the conflict or the gap can be fixed.

Business should understand the important of security and accept security’s advice.

Security should balance the security requirement VS. cost effect and try to make security methods easy to use.