Insights For Success

Strategy, Innovation, Leadership and Security

Search

Access paywalled content legally for free

GeneralEdward Kiledjian

What is Paywalled Content?

Paywalled content refers to articles, research papers, and other online resources that require a subscription or a one-time payment for access. News websites, academic journals, and other platforms that provide exclusive or specialized information may have paywalls. A subscription or payment is often required before users can access this content.

Why are Paywalls Used?

Publishers and content creators use paywalls for a variety of reasons:

  1. To sustain their operations, pay their staff, and invest in the production of high-quality content, many websites and publications rely on subscription revenues.

  2. Paywalls allow publishers to create a sense of exclusivity by offering subscribers premium content not available elsewhere for free.

  3. A paywall allows publishers to maintain control over their intellectual property, preventing unauthorized use or distribution.

The Frustrations of Paywalled Content

The use of paywalls can be frustrating for readers despite their intended purpose:

  1. Paywalls can limit access to information, making it difficult for those without means to gain access to important research or news.

  2. Readers may find themselves juggling multiple subscriptions as more websites adopt paywalls, which can be expensive and time-consuming.

  3. The inconvenience of paywalls is that they can interrupt the seamless browsing experience that users have come to expect, causing them to seek alternative means of accessing the content they seek.

How to legally bypass a paywall

For this example, I will use a paywalled article on The Globe and Mail

All you have to do it add archive.is/ between the https// and the www.

You will then be presented with the archive of the different versions archive.is has stored. NOrmally I recommend picking the last version available.

Now you will be able to read the article from archive.is for free

When the content isn’t already cached

Archive.is does a fantastic job of archiving most of the content you will want to read, but once in a while, you may stumble on something that isn’t archived yet. you will then see this screen. Click on “archive this url

Then click on the Save button

You will get a Loading page that may take 5-10 minutes to complete

And voila, the site is cached and fully displayed for your reading pleasure.

What is archive.is?

Archive.is (formerly Archive.today) allows users to save snapshots of web pages for future reference. Using the platform, you can preserve the content of web pages even if the original source is removed or modified, ensuring that valuable information remains available.

Archive.is was founded by an anonymous individual who prefers to remain anonymous. They created the platform to provide users with a free and easy-to-access tool for preserving web content for various purposes, including research, legal evidence, and personal records.

Archive.is serves several key purposes:

  1. This service allows users to save snapshots of web pages, ensuring that important information is preserved even if the original source is removed, edited, or otherwise altered.

  2. In some instances, Archive.is provides snapshots of websites that would otherwise be restricted, allowing users to bypass paywalls.

  3. The platform provides a valuable resource for researchers, journalists, and other users who require access to historical web content.

Keywords: #ArchiveIs #BypassPaywalls #LegalAccess #FreeContent #WebPreservation #OnlineResearch #PaywallHacks #UnlockKnowledge #DigitalArchiving #OpenAccess #ContentFreedom #NoMorePaywalls #PaywallSolutions #KnowledgeForAll

Fun with Shodan and IOT

Edward Kiledjian

Read this related article: Find phishing and malware with a simple search

Search engines have become a favourite starting point for threat actors, so it should also be your starting point. Beyond Google, there are a bunch of specialized search engines that are powerful and scary. This article talks a bit about Shodan. Think of this article as a gentle introduction.

What is shodan

Shodan is often called the world's most dangerous search engine. Shodan attempts to catalogue metadata about its targets and its targets are often Internet of Things (IOT) devices. Hackers and security researches use Shodan daily to find vulnerable webcams, open traffic light systems, SCADA in manufacturing plants and much more.

I'm going to assume you have a free Shodan account.

Browse the categories

If you visit the Shodan Explore section, you can find all kinds of interesting systems listed.

Unprotected webcam

For this example, I searched for the Axis 212 webcam which is known to have many vulnerabilities and a known default password.

As an example, the webcam I highlighted seems to be in a daycare facility and isn't even password protected.

I've blurred out the children and teacher.

Some are unprotected. Some have kept their default passwords (there are lots of default password lists like this one). Obviously many of these cameras are made by a handful of manufacturers in China and are never updated. Once you find a vulnerability on one model it is often workable on dozens of others.

Routers

You can search Shodan for common router brands like Belkin, D-Link, Netgear, etc and then try to log in using the default admin passwords. Above is an example of a Linksys router exposed to the internet without a password. Others are exposed with the default password.

Intel AMT Exposed to the internet

There is a major Intel AMT vulnerability but Shodan shows that 4,647 devices with AMT (on July 22) were connected to the internet.

If you search for "http intel active management" in Shodan, you will get a listing of these devices.

Other searches you can perform

Netgear device with port 80 open to the internet

Bitcoin servers

You can even use the Shodan ShipTracker dashboard to track realtime ship

ShipTracker is harmless on its own, but combined with data available from other sources and the knowledge that many ship systems use default passwords and it is a disaster waiting to happen.

There is a known vulnerability that allows a threat actor to steal or modify information from a Memcached server. This vulnerability was used to target GitHub with a massive DDoS attack. Not all Memcached servers are vulnerable ( I won't show you how to find the vulnerable ones) but how would you search for Memcached servers on the net? The answer is with a Shodan query.

 

Conclusion

Obviously, this is just the tip of the iceberg. A true threat intel specialist will be able to automate Shodan queries and then combine them with known vulnerabilities, exploits or default credentials. I am hoping this article created a bit of interest in you to learn more. 

For this article, I only chose examples that were exposed to the internet and were not password protected. Be careful as laws differ around the world. In some countries even testing default passwords could be considered "hacking". 

You're going to love the DuckDuckGo Terms of Service

GeneralEdward Kiledjian

Terms of service are professionally written notices you agree to every time you use a new smartphone, install a new software or sign up for a new web service. Consumers are rightfully annoyed by 50+ page terms used by large companies.

Sometimes, you stumble on a company that has "good" terms of service in that they actually protect you (the consumer). This write up is about DuckDuckGo because I receive several dozen emails from readers every month asking if they really are a good alternative (from a security perspective to use). 

In this article, I am only tackling their terms of service. As specified on their privacy site "DuckDuckGo does not collect or share personal information."

DuckDuckGo says they don't save your searches. They don't send your searches or information to any other site. They don't store any personal information about you. 

They only save cookies to your browser if you enable a function that needs it (like persistent settings). 

They save search information but only as aggregated data without any personally identifying information. 

So DuckDuckGo lives up to its promise of personal secure web searching, which is great. I give it an A grade for protection in their TOS.

Google asking users to validate telephone numbers?

technologyEdward Kiledjian

When searching for a telephone number on my smartphone, I head straight to Google and enter the name of the establishment.

I then clicked on the Call button and was presented with an interesting new dialog box (which I saw once the call was completed and I was returned back to Safari Mobile).

Google was asking me to validate the number it had provided. 

I tried to reproduce this dialog box by clicking the call button (for the same establishment and some others in the area) but it never reappeared. 

Maybe the number was flagged as wrong by someone? Maybe Google periodically checks the validity of all numbers? Have you ever seen this before?

Google providing better voice search than SIRI on IOS

technologyEdward Kiledjian
The sultan of Search (aka Google) announced that it will update its IOS [universal] search application to enclude an enhanced voice search function. Google claims IOS performance will be on par with that of Jelly Bean voice search.
Google expects Apple to approve the new version in the next couple of days. 
In the meantime, pour yourself another hot chocolate, get close to the warmth of your screen and check out this video demonstration.