Archive for the ‘Tips’ Category

Newer Entries »

Bypass NTFS File Permissions

Friday, May 1st, 2009

I knew it would be possible to write a program to run as a system service and allow me bypass NTFS file permissions, but I hoped I could find a way to do it a lot simpler, and I’ve finally found it.

CREATE THE SERVICE WITH THIS COMMAND: (Copy and paste this as one line)
sc create SuperCMD binPath= “C:\WINDOWS\system32\cmd.exe /c c:\windows\system32\cmd.exe” type= own type= interact

START THE SERVICE WITH THIS COMMAND:
sc start SuperCMD

The first command pretty much registers CMD.exe starting CMD.exe as a system service, and allows it to interact with the desktop so you can see it. The second command starts the service, which really opens up a command prompt running with system privileges, thus allowing you to navigate into folders that you don’t have permission to enter. The second command will give an error, but as long the little black box is open, it doesn’t matter.

You can also run programs as the system account by typing the name of the program (sometimes you’ll need the full path), but explorer.exe will open as your regular user account, so if you want a GUI file manager, you’ll have to find something else. I actually used 7-Zip since since it was already installed on my computer and it worked fine.
VMware Fusion
This is a big help when working with customer’s hard drives as I can easily go through their profiles to remove malware files (with some special vb scripts I will release open sourced someday) or for copying their files to a FAT32 partition when Windows needs re-installed from scratch or a blank hard drive.

Tags: ,
Posted in Tips | No Comments »

Computer Maintenance Made Simple

Friday, May 1st, 2009

Computer Maintenance Made Simple

Just like cleaning is an important part of any maintenance procedure, whether it is your automobile or whether it is your house, it is important for you to cleanup your PC while performing computer maintenance as well. In this article, we are going to discuss a few handy tools that enable you to cleanup your PC and maintain it in a good working condition.

Registry Cleaner Tool

The Windows registry is like the brain of your Windows PC. Even a small activity, such as browsing the Web or opening a Word document, affects the registry in some way or another. As your PC grows older, the registry, where all configuration information of your system is stored, gets cluttered with loads of outdated, obsolete, and incorrect data. This digital junk causes your registry to grow at an uncontrollable speed, eventually damaging it. A damaged registry generates frequent system errors and causes system freezes and crashes.

To fix registry errors and free it from all the junk data, you need to use a reliable and efficient registry utility. Using a registry utility, you can perform several registry repair tasks, such as scan, detect, and remove unwanted files, defrag the registry to make it contiguous, and create regular registry backups that can be restored easily if the registry fails.

Disk Cleanup Tool

Just like the registry, your hard disk also bears the load of unwanted program installation files, obsolete temporary files, and loads of other outdated, unwanted files and folders. The Disk Cleanup tool that is shipped with your Windows XP operating system is one tool that you can use to get rid all this unwanted data in one go. The Disk Cleanup tool also enables you to uninstall unwanted applications and Windows components, delete obsolete System Restore snapshots and compress old files.

To start the Disk Cleanup tool, open the Start menu, select All Programs, select Accessories, select System Tools and then select Disk Cleanup.

After you have cleaned your hard disk with the Disk Cleanup tool, you may use the Disk Defragmenter tool—also available in System Tools—to analyze your hard disk for fragmented files and make them contiguous.

Windows Uninstaller Tool

The Add or Remove Program option available in Windows systems to uninstall applications from your system, usually fails in completely removing the applications. To counter this problem, many advanced third-party tools are available on the Internet. These tools come in handy when you are cleaning up your PC. They work by scanning your entire system and registry for any files and folders related to the program you want to uninstall, and enable you to delete them, and to completely get rid of the application you are uninstalling.

Antivirus and Antispyware Tools

Last but not least, the PC cleanup process requires you to scan your system for any malicious files and registry entries added by malware programs, such as virus, Trojans, worms, spyware and aware, and delete them. In order to perform these tasks, you need to use the Antivirus and Antispyware tools. You must always keep these tools updated with the latest virus definitions to ensure that your PC is protected against the latest threats. It is also recommended that you opt for tools that provide you with the real time protection feature. This feature, as the name implies, works in real time and blocks malicious files from infiltrating your system.

Using the above tools regularly not only helps you in maintaining a PC free from junk, but also enables you to enjoy an excellent computing experience for a long time to come.

Tags: , , , , , , , ,
Posted in Info on malware spam and viruses, Tips | No Comments »

Places where viruses and Trojans hide on start up

Wednesday, February 11th, 2009


1. START-UP FOLDER. Windows opens every item in the Start Menu’s
Start Up folder. This folder is prominent in the Programs folder of the Start Menu.

Notice that I did not say that Windows “runs” every program that is represented in the
Start Up folder. I said it “opens every item.” There’s an important difference.

Programs represented in the
Start Up folder will run, of course. But you can have shortcuts in the
Start Up folder that represent documents, not programs.

For example, if you put a Microsoft Word document in the Start Up folder, Word will run and automatically open that document at bootup; if you put a WAV file there, your audio software will play the music at bootup, and if you put a Web-page Favourites there, Internet Explorer (or your own choice of a browser) will run and open that Web page for you when the computer starts up. (The examples cited here could just as easily be shortcuts to a WAV file or a Word document, and so on.)

2. REGISTRY. Windows executes all instructions in the “Run” section of the Windows Registry. Items in the “Run” section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above.

3. REGISTRY. Windows executes all instructions in the “RunServices” section of the Registry.

4. REGISTRY. Windows executes all instructions in the “RunOnce” part of the Registry.

5. REGISTRY. Windows executes instructions in the “RunServicesOnce” section of the Registry. (Windows uses the two “RunOnce” sections to run programs a single time only, usually on the next bootup after a program installation.)

7. REGISTRY. Windows executes instructions in the HKEY_CLASSES_ROOT\exefile\shell\open\command “%1″ %* section of the Registry. Any command imbedded here will open when any exe file is executed.

Other possibles:

[HKEY_CLASSES_ROOT\exefile\shell\open\command] =”\”%1\” %*”
[HKEY_CLASSES_ROOT\comfile\shell\open\command] =”\”%1\” %*”
[HKEY_CLASSES_ROOT\batfile\shell\open\command] =”\”%1\” %*”
[HKEY_CLASSES_ROOT\htafile\Shell\Open\Command] =”\”%1\” %*”
[HKEY_CLASSES_ROOT\piffile\shell\open\command] =”\”%1\” %*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command] =”\”%1\”
%*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command] =”\”%1\”
%*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] =”\”%1\”
%*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command] =”\”%1\”
%*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command] =”\”%1\”
%*”

If keys don’t have the “\”%1\” %*” value as shown, and are changed to something like “\”somefilename.exe %1\” %*” than they are automatically invoking the specified file.

8. BATCH FILE. Windows executes all instructions in the Winstart batch file, located in the Windows folder. (This file is unknown to nearly all Windows users and most Windows experts, and might not exist on your system. You can easily create it, however. Note that some versions of Windows call the Windows folder the “WinNT” folder.) The full filename is WINSTART.BAT.

9. INITIALIZATION FILE. Windows executes instructions in the “RUN=” line in the WIN.INI file, located in the Windows (or WinNT) folder.

10. INITIALIZATION FILE. Windows executes instructions in the “LOAD=” line in the WIN.INI file, located in the Windows (or WinNT) folder.

It also runs things in shell= in System.ini or c:\windows\system.ini:

[boot]
shell=explorer.exe C:\windows\filename

The file name following explorer.exe will start whenever Windows starts.

As with Win.ini, file names might be preceeded by considerable space on such a line, to reduce the chance that they will be seen. Normally, the full path of the file will be included in this entry. If not, check the \Windows directory

11. RELAUNCHING. Windows reruns programs that were running when Windows shut down. Windows cannot do this with most non-Microsoft programs, but it will do it easily with Internet Explorer and with Windows Explorer, the file-and-folder manager built into Windows. If you have Internet Explorer open when you shut Windows down, Windows will reopen IE with the same page open when you boot up again. (If this does not happen on your Windows PC, someone has turned that feature off. Use Tweak UI, the free Microsoft Windows user interface manager, to reactivate “Remember Explorer settings,” or whatever it is called in your version of Windows.)

12. TASK
SCHEDULER. Windows executes autorun instructions in the Windows Task Scheduler (or any other
scheduler that supplements or replaces the Task
Scheduler). The Task
Scheduler is an official part of all Windows versions except the first version of Windows 95, but is included in Windows 95 if the Microsoft Plus Pack was installed.

13. SECONDARY INSTRUCTIONS. Programs that Windows launches at startup are free to launch separate programs on their own. Technically, these are not programs that Windows launches, but they are often indistinguishable from ordinary auto-running programs if they are launched right after their “parent” programs run.

14. C:\EXPLORER.EXE METHOD.

C:\Explorer.exe

Windows loads explorer.exe (typically located in the Windows directory)during the boot process. However, if c:\explorer.exe exists, it will be executed instead of the Windows explorer.exe. If c:\explorer.exe is corrupt, the user will effectively be locked out of their system after they reboot.

If c:\explorer.exe is a trojan, it will be executed. Unlike all other autostart methods, there is no need for any file or registry changes – the file just simply has to be named c:\explorer.exe

15. ADDITIONAL METHODS.

Additional autostart methods. The first two are used by Trojan SubSeven 2.2.

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\explorer\Usershell folders

Icq Inet
[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\test]
“Path”=”test.exe”
“Startup”=”c:\\test”
“Parameters”=”"
“Enable”=”Yes”

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\]
This key specifies that all applications will be executed if ICQNET Detects an Internet Connection.

[HKEY_LOCAL_MACHINE\Software\CLASSES\ShellScrap] =”Scrap object”
“NeverShowExt”=”"
This key changes your file’s specified extension.

Tags: , ,
Posted in Info on malware spam and viruses, Security, Tips | No Comments »

Malware Removal – Viruses/Spyware/Adware

Sunday, January 4th, 2009

Hey Everyone,

Since there has been a huge influx of people reporting Viruses, Spyware, and Adware both here,  I figured I would offer a “walk-through” of sorts to successfully remove these annoying items that plague us all. However, in this post I have made a few of assumptions.

These are:

1. You are a local administrator of your computer, and you know all of the passwords to your computer.
2. You have Internet access
3. You are able to boot successfully in to Windows XP SP3 (Latest)
4. You understand that there is absolutely no way to prevent Viruses and other forms of Malware 100% of the time.

So, lets begin.

First you will need to boot to Windows in normal operating mode. This is your standard operating environment. Once in Windows perform the following steps to turn off the System Restore function built-in to Windows XP. This is a useless feature anyway:

1. RClick on My Computer -> Select Properties
2. Choose the “System Restore” tab
3. Select/Check the checkbox that says “Turn off System Restore on all drives”
4. Click “Apply” -> Click “OK”

Now you will go download your prefferred removal utility. As a Systems Engineer I am constantly searching for softwares that are able to successfully remove dangerous malware/spyware. Currently, I am recommending the following softwares:

http://www.malwarebytes.org
http://www.superantispyware.com
http://free.avg.com
http://www.spybot.net

These are all free software programs. Absolutely no charge, but work extremely well when used in conjunction with eachother. Of the four software titles, SpyBot works the least and should be used last.

Once you have downloaded your preferred softwares you will need to install them. Once you have installed the software titles, make sure you update them to their latest definitions. When you are positive you have the latest definitions for all of your software tools shut your computer down completely.

At this point you will need to press the power button on your system to power the machine on. Once you have done so, and have received your POST beep-code begin pressing the F8 key once every second. This is most frequently found above the number 7/8 keys accross the top. After a time you will be prompted to select a Windows Startup mode. You are going to go all the way to the top, and select “Safe Mode”. Then press Enter.
*Important* At this point you will see a ton of directorys and files flood the screen, and your system will halt at the end for approximately 1-3 minutes while the safemode environment loads. This is normal. *DO NOT TURN OFF YOUR COMPUTER*

Once you have entered Safe-Mode you will be prompted with a Yes / No dialog box informing you that the computer is running in safe mode. Please Click Yes to continue running in safe mode. Then log in as the local Administrator.

Now that you are in safe mode, open the first of your preferred removal utilities. I recommend using MalwareBytes first for those of you using my recommended list. Perform a full system scan. This will take approximately 1-2 hours depending on the size of your computer, and the number of files it must scan. Once this is complete, move on to remove the items listed. Do not be concerned if any items are not able to be removed successfully. Remember: You have more software titles to run!

Now run the second of your preferred removal softwares. I recommend using SuperAntiSpyware at this time, if you are using my recommended list. Perform a Quick system scan. This will take approximately 1 hour. Perform appropriate removal.

Now run your Antivirus utility. If using my recommended tools, this will be a quick system scan using AVG Free Antivirus. This will take approximately 1 hour. Removal will be performed automatically with AVG in Safe Mode.

Finally, perform the same steps using your last scan using another alternative removal utility. This is when I would determine if I need to run SpyBot, or if I am comfortable with the results I have received with my other tools. Perform the appropriate steps for removal.

Now you can reboot your computer. I know, that was a long process but well worth it! 2-4 hours is better than rebuilding your system OS, and then having to reinstall all of your applications and drivers!

Once you have rebooted in to your normal Windows Operating environment, you can choose to re-enable the Windows XP System Restore feature I had you disable previously. I strongly recommend leaving it disabled, but some people swear up and down that stupid feature actually works. I just don’t agree.

At this time your system should be virus, spyware, and adware free! (Relatively speaking)

Remember folks: The only way to be 100% certain you will never receive Malware is to simply not use the Internet and to not allow ANYONE to touch your computer. This is usually not a viable option, particularly for gamers so BE CAREFUL!

I hope this is found helpful by at least one person.

CA Anti-Virus 2009

Tags: , , , , , , , , ,
Posted in Info on malware spam and viruses, Security, Tips | No Comments »

How to remove Antivirus 2009 (Uninstall Instructions) (Updated)

Saturday, January 3rd, 2009

What this programs does:

Antivirus 2009 is a new rogue anti-spyware program from the same family as Antivirus 2008 and Doctor Antivirus . Antivirus 2009 is installed and advertised through the use of misleading web sites that attempt to make you think your computer is infected with a variety of malware. Once installed, Antivirus 2009 will scan your computer and list a variety of fake infections that can’t be removed unless you first purchase the software. These infections are fake, though, and only being shown to scare you into purchasing the software.

When Antivirus 2009 is installed, a Internet Explorer browser helper object is also installed that displays fake messages when using Internet Explorer. These messages range from a line at the top of the browser stating an infection was found to adding a box to the Google homepage stating Google detected that your computer was infected. These tactics are just two more methods where Antivirus 2009 uses false information to scare you into purchasing their software.

[
Screen shot of Antivirus 2009
For more screen shots of this infection click on the image above.
There are a total of 4 images you can view.

This guide will walk you through removing the Antivirus 2009 program and its associated malware for free.

Tools Needed for this fix:

Symptoms that may be in a HijackThis Log:

Note: Some of these entries are random named.

O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O4 - HKCU\..\Run: [75319611769193918898704537500611] C:\Program Files\Antivirus 2009\av2009.exe
O4 – HKCU\..\Run: [ieupdate] “C:\WINDOWS\system32\ieupdates.exe”

Guide Updates:

06/28/08 – Initial guide creation.

Automated Removal Instructions for Antivirus 2009 using Malwarebytes’ Anti-Malware:

  1. Print out these instructions as we will need to close every window that is open later in the fix.
  2. Download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:Malwarebytes’ Anti-Malware Download Link
  3. Once downloaded, close all programs and Windows on your computer, including this one.
  4. Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
  5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button.
  6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
  7. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Antivirus 2009 related files.
  8. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
  9. When the scan is finished a message box will appear as shown in the image below.

    You should click on the OK button to close the message box and continue with the Antivirus 2009 removal process.

  10. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  11. A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

  12. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
  13. You can now exit the MBAM program.

Your computer should now be free of the Antivirus 2009 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

Associated Antivirus 2009 Files:

Note: Some of these entries are random named.

%UserProfile%\Desktop\Antivirus 2009.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
%UserProfile%\Start Menu\Antivirus 2009
%UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
c:\Program Files\Antivirus 2009
c:\Program Files\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\WINDOWS\system32\scui.cpl
c:\WINDOWS\system32\winsrc.dll

Associated Antivirus 2009 Windows Registry Information:

Note: Some of these entries are random named.

HKEY_CURRENT_USER\Software\75319611769193918898704537500611
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “75319611769193918898704537500611″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ieupdate”

This is a self-help guide. Use at your own risk.

System Techs can not be held responsible for problems that may occur by using this information.

Tags: , , , , , , , , , , , , , , ,
Posted in Info on malware spam and viruses, Tips | 1 Comment »

Securing Your Wireless Network

Wednesday, December 17th, 2008

Securing Your Wireless Network in 10 Easy Steps

Securing your wireless is as important as securing your house by locking your doors and closing windows. There are many ways how intruders and hackers can access your network, but there are also many efficient ways to prevent them. For an average home user securing the wireless network can be a frustrating experience.

Following 10 steps should make this process a bit easier.

1) Change Your Router’s Default Password

This is the first brick in your defense wall. Many users often forget to change default password, putting themselves into risk of being hacked. Also, majority of computer users choose passwords easy to remember, which can be dangerous too. It’s been suggested that you should change your router password immediately after the login. Create a strong password with a mix of upper and lowercase letters and numbers, as well as symbolic characters. Password length should be between 8 and 15 characters, or longer in length, and should not be familiar word obvious to you (such as kids or wife name, birthdays, nicknames, etc). If your wireless router requires a username, it’s a good idea to change it to another name other than the default name.

2) Upgrade Your WiFi Encryption

Side by side with changing the default router password is using encryption, which encodes the data transmitted between your PC and your wireless router. Most routers ship with encryption turned off, and many users don’t know how to turn it on, leaving themselves completely exposed to hackers.
Go with WPA or WPA2 when possible, since WEP is relatively easy to be cracked. The keys used by WPA and WPA2 change dynamically, which make them harder to hack.

If your hardware does not support WPA2, use WPA. Creating a strong shared key (PSK) will lessen the chance of attackers successfully breaking into your network. If you have older router that supports WEP only, and you’re concerned about security, you’ll be safer if you use 128-bit WEP keys. You may also consider upgrading to a new router along with your PC NIC cards.

3) Change Default SSID Broadcast on your Wireless Router

Usually, manufacturers assign identical SSID sets to their devices, and probably 80 percent of WiFi home users leave their system on the default setting and with the default name. Leaving your network SSID on default can be strong signal to hackers that you didn’t perform necessary steps to protect your network.
Change the SSID name to something other than the default immediately when you configure your LAN. This may not completely offer any protection as to who gains access to your network, but configuring your SSID to something personal, i.e. Chuck Norris Network may discourage hackers from targeting you and also differentiate your network from other “Defaults”.

4) Use MAC Addressing Filter on Your Wireless Router

If you already had an experience with unsecured networks, be sure that at least one of your neighbors used it to connect to the Internet. In order to check who has been using your network, you’ll have to check the MAC address. Many routers allow you to restrict access to known MAC (Media Access Control) addresses. Each network device, such as computer network cards, has unique MAC address. By allowing access only to predefined MAC addresses you can reduce the risk of rogue users and neighbors connecting to your home network.
Be aware that this feature is not as powerful as it may seem. While it will stop your neighbor with average knowledge or some amateur hacker, professional hackers will use advanced software programs to fake MAC addresses.

5) Change the Default Router IP Address Setting

Router manufacturers set every router with certain IP address. For example, Linksys routers are usually configured with an IP address of 192.168.1.1.
These address settings are well known and published, and can be easily discover by hackers if they find out the router manufacturer and type.

Changing the IP address during the setup process to something different than default will not secure the router, but will make any hackers guessing for the IP address. Changing this setting will automatically change the DHCP IP addresses handed out by your router to PCs with an access to your network.

6) Use a Firewall

Two important security layers are router firewall and your individual PC’s firewall. Make sure to use them both. Router firewalls come with related built in security featured which block anonymous internet requests or pings. This will help hide your presence to the internet, and thus help protect your network, making harder for hackers to infiltrate what they can’t find.

Also, it’s recommended that HTTPS is enabled for connecting to the router administration setup over your local network. Disable remote access over the Internet setting as well. If you have to use it, enable it only when needed and change the default management port setting to something other than 8080.

7) Enable and Monitor Your Wireless Access Logs

Check your logs frequently for rogue access or clients attached to the network. If you spot unknown clients connected to your network, change your WEP or WPA code immediately.
Additionally, check the status screen that shows the MAC addresses of all clients currently connected to the network, and verify if they are known devices.
8) Position the Wireless Router Correctly

WiFi signals usually don’t know where your house ends and your neighbor’s begins. This signal leakage gives hackers and neighbors the opportunity to find your wireless network and access it. The further your signal reaches out of your house, the easier it is for others to detect and exploit.
Make sure to position the router or access point in the center of the home rather than near windows or doors. Signal sometimes cannot pass through certain materials, so you should take that into consideration when installing the network. Mounting your WiFi in a closet may be a good idea in order to reduce signal strength.

9) Stop Publicly Broadcasting your Network

Renaming your network is a good idea, but wouldn’t it be even better if hackers didn’t know you had a WiFi setup at all? By default, your access point or router is programmed to broadcast the network name (SSID) over the air at regular intervals. While broadcasting is essential for businesses or mobile, it’s not needed at home, so you can turn it off.
Depending on your router model, you have to check the manual for your hardware for specific instructions on how to disable broadcasting for your router.

10) Turn off Your Wireless Router When Not in Use

When your router is powered off, your network cannot be compromised. Consider doing this when you go on vacation or if you won’t use you network for extended periods of time.
It’s inconvenient, but shutting down the network is effective security measure that can protect your network when you are not around to protect it from hackers.

Also, when using your laptop in public places, always turn your WiFi radio off when you’re not at a hotspot. Hackers can use it to create peer-to-peer Wi-Fi connections with your computer and access it directly.

Bonus Tips

Change your router password occasionally. Also change your PSK several times a year. Limit the maximum number of DHCP users allowed on your network to just number of PC’s in your house.

All mentioned should help you in managing your home wireless network safe and secure.

Tags: , , , , , , , , , , , , , , ,
Posted in Security, Tips | No Comments »

Ten Basic SEO Tips

Wednesday, November 26th, 2008

It is not hard to go the wrong way when it comes to getting search engine traffic because there is so muchout of date information being circulated.

That is why it is always best to also learn many other traffic generation methods like viral marketing for example.

Not only is there out of date or invalid SEO advice getting around, there is also information which if acted upon, can result in your pages being banned.

The SEO tips below should assist the reader in forming a basic understanding of how to create human friendly web pages which are easily understood by the most popular search engines.

Know this. There are thousands of search engines but only two of them will bring you most of the traffic. They are google and yahoo. Another search engine that brings me a little traffic is msn but I do not focus too much on tactics for that engine.

Focus your attention on the engines that will bring you the most visitors first and work your way down.

Basic SEO

1. Insert keywords within the title tag so that search engine robots will know what your page is about. The title tag is located right at the top of your document within the head tags. Inserting a keyword or key phrase will greatly improve your chances of bringing targeted traffic to your site.

Make sure that the title tag contains text which a human can relate to. The text within the title tag is what shows up in a search result. Treat it like a headline.

2. Use the same keywords as anchor text to link to the page from different pages on your site. This is especially useful if your site contains many pages. The more keywords that link to a specific page the better.

3. Make sure that the text within the title tag is also within the body of the page. It is unwise to have keywords in the title tag which are not contained within the body of the page.

Adding the exact same text for your h1 tag will tell the reader who clicks on your page from a search engine result that they have clicked on the correct link and have arrived at the page where they intended to visit. Robots like this too because now there is a relation between the title of your page and the headline.

Also, sprinkle your keywords throughout your article. The most important keywords can be bolded or colored in red. A good place to do this is once or twice in the body at the top of your article and in the sub-headings.

4. Do not use the exact same title tag on every page on your website. Search engine robots might determine that all your pages are the same if all your title tags are the same. If this happens, your pages might not get indexed.

I always use the headline of my pages as the title tag to help the robots know exactly what my page is about. A good place to insert the headline is within the h1 tag. So the headline is the same as the title tag text.

5. Do not spam the description or keyword meta tag by stuffing meaningless keywords or even spend too much time on this tag. SEO pros all agree that these tags are not as important today as they once were. I just place my headline once within the keywords and description tags.

6. Do not link to link-farms or other search engine unfriendly neighborhoods.

7. Do not use doorway pages. Doorway pages are designed for robots only, not humans. Search engines like to index human friendly pages which contain content which is relevant to the search.

8. Title tags for text links. Insert the title tag within the HTML of your text link to add weight to the link and the page where the link resides. This is like the alt tag for images.

My site contains navigation menus on the left and right of the page. The menu consists of links not images. When you hover over the link with your mouse, the title of the link appears. View the source of this page to see how to add this tag to your links.

9. Describe your images with the use of the alt tag. This will help search engines that index images to find your pages and will also help readers who use text only web browsers.

10. Submit to the search engines yourself. Do not use a submission service or submission software. Doing so could get your site penalized or even banned.

Here is the submission page for google: http://www.google.com/addurl.html

Submit only once. There is no need to submit every two weeks. There is no need to submit more than one page. Robots follow links. If your site has a nice link trail, your entire site will get indexed.

My site has a nice friendly link trail which robots follow easily. All my pages get indexed without ever submitting more than the main index page once.

More SEO Tips

Get the facts here: http://www.google.com/webmasters/. This page will explain most of what you should focus on along with what you should forget about.

If you have been thinking about handing over the task of SEO to someone outside of yourself, you should read some warnings before you part with any money. http://www.google.com/webmasters/seo.html

SEO Discussion

Most SEO Professionals will not tell you about the goose that laid the golden egg. The following link will take you to a jealously guarded FREE SEO discussion.

http://groups.google.com/groups?q=google.public.support.general

You can search the forum for specific questions you may have. I like to just lurk around and read the messages.

Tags: , , , , , , ,
Posted in Tips | No Comments »

Data Recovery Tips and Recommendations

Friday, November 14th, 2008

System Techs has a number of recommendations that will assist you in the recovery of your data that should be followed in the event of a recovery event.

1. Do not run chkdsk. This is commonly the first mode of recovery an administrator will perform, but it is NOT a recovery tool. You should not do this especially in a RAID environment where precious striping data can be destroyed.

2. Check all connectors on all hardware.  The vibrations and oscillations that can be caused be loose equipment can cause delicate electronic connectors to strain and fail.

3. Heat Damages Everything. Keep your computing environment cool, heat can easily destroy the many components of the server, desktop or laptop it may not fail immediately but it greatly reduces the over all lifespan of the equipment.

4. Dust can reduce airflow causing heat and also adds to poor connectivity. Properly clean air vents to allow proper air flow.

5. Do not move drives within an enclosure. If the drive order is lost then the recovery becomes exponentially more difficult.

Tags: , ,
Posted in Tips | 1 Comment »

Common Passwords

Monday, November 10th, 2008

Most people are clueless as to how accounts are hacked and their passwords reflect that. If you find anything in common with the most common passwords below you have a weak password. This is to help people choose a strong password and possibly help site admins understand the risks.

Most Common Passwords

  1. 123456, 123, 123123, 01234, 2468, 987654, etc
  2. 123abc, abc123, 246abc
  3. First Name
  4. Favorite Band
  5. Favorite Song
  6. first letter of given name then surname
  7. qwerty, asdf, and other keyboard rolls
  8. Favorite cartoon or movie character
  9. Favorite sport, or sports star
  10. Country of origin
  11. City of origin
  12. All numbers
  13. Some word in the dictionary
  14. Combining 2 dictionary words
  15. any of the above spelled backwards
  16. aaa, eee, llll, 999999, and other repeat combinations

Common Extensions

Some sites force you to have passwords with both numbers and letters. For example bob’s password is football, and the site asks him to add some numbers to it to make it valid. Here’s what people usually add.

  1. Their year of birth / marriage / graduation (or expected grad) from HS or college
  2. 007
  3. 0 – 9
  4. 69
  5. 000, 111, 4444 or other long combinations
  6. 123456, 123, 123123, 01234 and other retarded combinations

Years are usually added in different ways: football85, football1985, football04 instead of football4. There’s also the possibility of sub-connections like football_04 and football-84. Many sites require both numbers and letters so these are a more likely occurance since people tend to want to have the same pass for everything.

My opinion on an Ideal password

Mixed numbers and letters over 8 characters long. Memorize it once, use it forever.

How long it takes to hack a password

If they have hacked and downloaded the entire database it’s 10000 times faster than if they send requests guessing your passwords on certain websites. Most decent comps can check easily thousands possibilities per second. Most decent sites have captchas now which prevent brute force guesses.

Words in the Dictionary

If they steal a sites database you can get hacked fast, even if you use foreign words. The open office english spellcheck has around 70,000 words. Apps like passwordspro on my 2 Ghz cpu can check around 4,000,000 md5 possibilities a second, allowing to to breeze through several dictionaries, including possible variations like all uppercase/lowercase and backwards words. The latest nvidia cards with a coda gpu brute forcer can easily exceed 200 million md5s a second.

Numbers

If you have an all numbers password it’s much faster to crack than if it were mixed. Instead of having a massive array of words in memory and selecting an index from it, or even worse reading from disk every few seconds in a buffer, having a number just requires the computer to do what computers do fastest, count. At 2 Ghz my comp can check every number up to 14 million in 2 minute for salted md5s, making it possible to have a weak 8 character password. Adding 0s to the front of the number can help, but not really. A second pass with any number of 0s can be done afterwards. Maybe if you made it your zipcode+your best friends number or something VERY long it would be strong enough.

All Random letters

Every possible combination of 3 letter words is only around 17000 while every possible 4 letter word combination is 456976. It grows exponentially every time you increase just one letter. Most sites recommend 8 characters or more for a strong password. Adding just 1 character to your password helps expontentially. No dictionary words!

Why hackers usually don’t care about your Computer

Contrary to popular belief most malicious hackers do not give a damn about giving you trojans or making your stupid windows computer crash. Then why are there so many trojans in p2p networks? Because of retarted script kiddy teenagers and nigerians that fancy themselves hackers using prebuilt trojan software. Hackers target servers. Why?

  1. Massive bandwidth.
  2. Mail servers with proper mmx records that validate spam checks
  3. The possibility for phising.
  4. Most servers are unattended meaning it can be months before the person finds out there’s a malicious script bombing emails or phising people.
  5. Exploitation of social networks.

They can get a lot of credit card numbers or bank account information email bombing thousands of emails on a hijacked server rather than waiting to find a credit card number amongst all the instant messages and random typing you / your kids type throughout the month.

Sure there’s been a lot of home PCs infected, but usually this is the result of very efficient viruses that replicate and spread in-mass. Most people have decent antivirus software for hackers to want to waste their time flooding trojans. Some hackers use hijacked home PCs as DDoS zombies, but other than that you’re more likely just to get spyware that floods you with ads.

How hackers usually obtain your password

Most malicious hackers just wait for security update news. Whenever some forum or cms software like drupal, vbulletin, phpbb or invision board releases a security update, they try and find what the discovered exploit was. They google search for forums that may have the affected system and use the exploit. Forums can give tons of emails / passwords.

The ones who are skilled enough and actively attempt to discover the exploits are more rare.

Even worse is when the skilled programmers make simple automated exploit programs for script kiddies to use without even understanding the code. This is where the majority of the attacks come from, losers that use programs made by hacker and call themselves hackers.

It’s super rare that you would be targeted or your password has been hacked from large sites like google, hotmail or myspace. Most of the big sites have capchas and DDoS protection, which cripples speed, It’s more likely they hacked some other site that you long forgot about and found you conveniently use the same password for all your accounts including your email. From there they find even more passwords.. Most people get hacked from phising attempts or other forms of social engineering rather than real hackers, although they can use XSS vulnerabilities to help trick people. People also get trojans from opening email extensions and downloading pirate stuff off p2p without a decent antivirus. Hackers with skills enough to find open ports / exploit them and get shell access are much more rare than people claim.

Common Types of Webhacks

SQL Injection
By far the most common serious error web programmers have is not validating user input well. Usually SQL injections are used to get username / passwords or other information in the database by adding a UNION statement to a select query. Despite it’s name its more rare to get an exploit where you can actually inject or insert data into the database since most programmers aren’t stupid enough to use GET requests for insert, most hackers are more lazy when it comes to spoofing post requests, and it’s a lot more tricky or impossible to add insert, create or drop queries to injected strings.
Local File Inclusion
Many web apps load modules or plugins through get or post variables. Lets say I use ?loadplz=file.php if I wanted to load /home/jimmy/htdocs/file.php a malicious person could say ?loadplz=../../../../../../../../../etc/passwd to try his luck for some unshadowed password goodness. Many times the NULL byte exploit is used to trick input validation. It is often used to include any CMS or Forum configuration files to get MySQL access.
Remote File Inclusion
Yikes, a lot of web apps have forms where you can upload pictures, texts or files Some have admin control panels that only the admin of the site can access but then there’s no input validation on the upload forms. Some just don’t validate the type of file you upload, meaning you can upload malicious code that does anything within the limits of the JIT compiler privileges.
Logged in User Exploits
Many sites often don’t validate the data you want to modify or delete is yours. They only check if you’re logged in. Sites that use Ajax are especially prone to overlook possible input validation problems.

How are passwords stored in a website

Most are stored as md5 hashes. If your password is stored without encryption you are screwed if the site gets hacked. It doesn’t matter how long your password is. Sites like thepiratebay and stage6 have gotten their passwords stolen, don’t think it can’t happen to big sites. You can tell if a site encrypts your password by using their password recovery form. If it gives you your password your password is not encrypted. If it asks you to enter a new one or it generates a password for you, it has your password encrypted. You should never purchase anything from sites that don’t encrypt your password, they may keep your credit card information or other sensitive data without encryption following their php for dummies guide

Dangers of md5

Sites like milw0rm and plain-text have millions, maybe billions of precomputed hash values in what are called rainbow tables. People can enter hashes in limited quantities to put on queue for cracking. md5 is a one-way hash, meaning it can’t be decrypted. Instead, they try every possible combination in a limited range. Encrypting many possibilities and comparing them to the original hash is extremely slow. Rainbow tables make it so that the possibilities are encrypted only once and the resulting hashes are saved into massive files called a Rainbow table. From there the real hashes are compared to all the possibility hashes in the rainbow table. This avoids recalculating the hashes for every possibility for every user but in exchange costs a lot of overhead loading the file into memory and comparing from memory. The time-memory trade off is worth it. Other sites are just searchable databases of hashes. You still should be ok if your pass is over 8 characters long. Some sites do double md5s or concatenate md5 encrypted passwords with an encrypted “salted” value, then encrypt the whole thing again. Because the salted value is different for each user, precalculating millions of hashes in rainbow tables would have to be done one user at a time, making it a worse option that brute forcing it. Brute force attacks use word lists separated by line breaks which are widely available around the net and can be easily created, they can also check all possible combinations for certain ranges and character sets.

Time taken testing all possible combinations

I made my own crappy brute force program just from boredom. It can check 1 million salted md5 possibilities (md5(md5(salt).md5($output))) in 6.8 seconds on a 2Ghz computer. It can check plain md5s in about half the time. Here’s the specs on the approximate calculation time:

Pass Length Letters Letters / Numbers
3 Characters 1s 2s
4 Characters 3s 10s
5 Characters 1m17s 6m
6 Characters 26min 3h30m
7 Characters 14hours 6 days
8 Characters 15days 205 days

Making your password case sensitive helps exponentially, specifically ^+26 lol, but it makes typing a pass a bit more inconvenient and not all sites support it. I’m sure my prog isn’t the most efficient possible and there are way faster comps out there so be careful.

Web Exploiters vs Program Crackers

People who exploit website vulnerabilities are not always the same as those who crack and keygen commercial software and games. The two require a few different skill sets. Web hacking requires mastery knowledge of the http protocol, cookies, php, asp, SQL, and the methods user input is usually validated. The skill is gained from a lot of practice writing safe web-apps and observing the exploits found often in others. Program crackers on the other hand usually have very intimate knowledge of assembly and non-JIT compilers. They use a debuggers to find exactly where in the program a certain procedure is executed in order to modify it. They are also apt in modifying and exploiting unvalidated user input in the memory with buffer overflows. Browser plugins are often the target to buffer overflow exploits. I’m not saying some people don’t have both skill sets.

What is hacking

Contrary to popular belief and the Hollywood culture, hackers are just people that can manipulate things on a bits and bytes level. They’re excellent programmers and the majority do not engage in illegal activity. Making something do what it wasn’t intended to is exploiting, not hacking.

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Tips | No Comments »

Newer Entries »