Security

Security is one of the most significant considerations when owning any technology, as you can lose data and finance if not careful. You’ll find articles here that cover various apps and options, threats to browser and device security, and some tips.

paypal spam

Ingenious PayPal mimicing spam

About 2 days ago, I received a quite clever spam email in my Gmail account. It's still pretty new, so I do take a look when I occasionally get spam to filter […]

Why Hackers take advantage of global events

Hundreds of websites have been prepared or compromised to take advantage of the Benazir Bhutto Assassination in Pakistan. Users searching for news on the assassination using search engines like Google or Yahoo might land on a website that has been specially prepared to download Javascript code that in turn downloads additional malicious software to the host PC.

Why you should always log out off Gmail

Let me narrate a story to you. A story of someone who has an Gmail account and a domain registered to his name. This someone checks his Gmail account regularly and visits other sites afterwards. It is so convenient to stay logged in at Gmail in case you want to check again. Maybe Gmail is open all the time in another tab for even further comfort.

security privacy complete

Security and Privacy Complete

My last review of Security and Privacy Complete dates back to December 2006 and I thought it would be a good idea to take a look at this application again. The software is a security solution for Windows and lets you disable privacy and security related features of Windows.

Internet Explorer 6 crashes when loading websites after update

A lot of users are still working with Internet Explorer 6 either because their company did not make the switch to Internet Explorer 7 yet or because they don't know that a new version is already out. They might be perfectly happy with it but some will probably consider switching to IE7 or another browser when they experience the following odd behavior.

blowfish advanced

Blowfish Advanced File Encryption and Security Tool

Blowfish Advanced manages to provide the user with several security and encryption features that I have not seen before in one utility. The first purpose of Blowfish Advanced is to encrypt - and decrypt - files offering eight different encryption algorithms, three data compression algorithms and keys with a length of up to 1024 bit.

password-recovery

Distributed Password Recovery using Geforce 8 Video Cards

The software Elcomsoft Distributed Password Recovery was designed for distributed recovery of lost passwords providing hardware acceleration for NTLM password recovery using GeForce 8 video cards which speeds up the process by a factor of up to 25).

pc wordwide virus infection

Infected or Not: Is your PC Infected ?

I'm not that fond of online virus scanners because they always need special file access privileges and scan your files which could be a privacy issue as well. Infected or Not from Panda Antivirus however catched my attention by providing interesting statistics about infected computers on a worldwide and country wide scale.

ADVERTISEMENT
trojan melissa strips

Melissa Strip Captcha Breaker Trojan

I bet you have never seen such a tempting Trojan before. The Trojan named Melissa Strip, identified as TROJ_CAPTCHAR.A by TrendMicro and Trj/RompeCaptchas.A by Panda, starts by asking the user if he wants to play a game where she (Melissa) will strip for the user if the enters the correct code.

password hasher

Use one password on all websites

Many Internet users tend to have a handful of passwords at the most that they use for every website that they signup for. Those passwords are normally weak passwords that can be easily remembered. The danger of this approach is that those users will most likely see a chain reaction of hacked accounts once one account gets hacked.

orbitnet

Is Orbitnet.exe spyware ?

A reader send me an email last night asking if I had any information about the orbitnet.exe process that was started when Orbit Downloader was active. Zonealarm would describe the process as "P2P service of Orbit Downloader" and that seemed to have rang some alarm bells because P2P services are often used as spyware.

hate mozilla

I dnt hate Mozilla but use IE or else…. Worm

I dnt hate Mozilla but use IE or else... is what I got when I tried to start Firefox sometime back. Just as the window opened, a box with this message popped […]

Type Text with your Mouse to increase security

Keyloggers record anything that you type and where you type it on your PC in a log and transfer those logs to the person - better thief - who did install the keylogger on your computer. He can then find out all the urls you visited, the passwords that you entered on those websites and what you did there as well.

Why I decided to uninstall my Antivirus software

I have been using Antivirus software for a very long time and even though I kept it up to date it never catched a single virus, worm or Trojan. It did however slow down system startup and the scan of new files also used system resources. This let to my conclusion that I did not need a Antivirus software, because frankly, Antivirus software is basically preventing the user from doing something stupid.

virustotal

Check a File using multiple antivirus engines

If you need to quickly check a file for malicious code that you downloaded then Virus Total might be something you might want to take a closer look at.This service stands out because it uses multiple antivirus engines instead of just one or two. The antivirus engines list looks pretty impressive because it contains 32 engines.

port forwarding tester

Port Forwarding Tester

You might have encountered the term Port Forwarding when configuring bittorrent on your computer or analyzing slow or none existing traffic with bittorrent. One of the first answers of those helpful support guys in all forums is always check Port Forwarding, but what the heck is it ?

Critical Account Information from JPMorgan Chase Bank phishing email

I received two of those fake emails today and thought that it would be a good opportunity to dissect it to show how phishing emails try to lure customers into a trap. The first and most obvious hint that something is wrong with this email is if you think about the subject of the email.

Optimize and Secure Windows with PC Pal

PC Pal is a software that is currently in Beta that checks your Windows installation for weaknesses and possibilities to optimize it. The process is very user friendly and requires minimal user interaction. Basically the user pushes one button and PC Pal checks the computer for problems related to security, networking, printing and performance.

Check if a website is revealing email addresses

You need to use the tools of the trade to check if your website is revealing emails from visitors or yourself. Most webmasters have a contact form somewhere on the page which is sometimes revealing the real email address of the webmaster. But even tricks like adding spaces to the email address, a REMOVEME part, writing (at) instead of @ and other means are recognizable by some email harvesters that do nothing else but to harvest websites and the websites that they link to for new email addresses.

the WordPress Comment Blacklist listing

Block 'wrote an interesting post today' spam

I'm sick and tired of a new kind of blog spam that is appearing on the Internet in general and on my site in particular. So called auto-blogs, that is blogs that are running an automated script adding content to their website without user interaction, are pinging the blogs that they rip off like crazy for a reason.

A look at the XeroBank Browser

XeroBank Browser, or xB Browser which was previously called Torpark, is a portable browser based on Firefox with security and privacy add-ons that can be run out of the box. The burden of installing all those extensions and softwares and making sure that they work correctly is taken of the users hand which should appeal to many users who do not have the time or knowledge to take care of that by themselves.

Protect your data from physical access

Experts are able to gather sensitive data from your computer if they gain physical access to it. This can be achieved by various means like Live CDs, accessing unprotected accounts or administrators that take a look in your profile folders. They can search the files on your hard drives, read documents, look at your Internet cache, the mailboxes which contain all of your mails - even the deleted ones - and histories of downloaded files.

Quick Way to Remove the Skype Worm

If you do not know yet there is a Skype worm spreading around that is affecting Skype Windows clients. The virus automatically sends a chat message to other Skype users containing a link to an image on a website where he is prompted to download a file with the .scr extension using a simple redirection

FDF File Spam is on the rise

If there is one thing for sure it is that spammers are creative in finding new ways to bypass anti spam filters. They send distorted pictures, add random text to their messages, zip their spam, use excel files, pdf files and nowadays fdf files. Fdf files ? What's that again ?

Rootkits: Sony does it again

I would have never thought that a company like Sony would not learn from its mistakes especially after the first rootkit debacle which was a major public relations fiasco for Sony. The first rootkit was placed on several audio CDs that were distributed in 2005 and led to a $6 million settle case in the United States. While the rootkit was intended to make it impossible (albeit ineffectively) to copy music from the CDs it was effectively used by producers of malware, trojans and spyware to hide their code from antivirus software.

How to filter fake membership and e-card spam mails

The Internet community has been pestered with yet another wave of spam mails containing fake membership information and e-cards. The spammers use two attack vectors if you click on the ip that is listed in those emails. They try to convince you to download a so called Secure Login Applet which is nothing more than an infected executable named applet.exe and also try to use several known exploits.

Secure USB Device called Flash Padlock

I barely finished the article about the first USB devices with an build in Iris scanner when the next developer announced a system to secure data on USB devices called Flash Padlock. It is basically a a USB stick with one or two Gigabytes of space that is protected by a pin that has to be entered on the device itself to be able to access the data on the stick.

How to defeat most keyloggers on public computers

Keyloggers can generally be classified as either software or hardware keyloggers. Software keyloggers are running as a background task on the system while hardware keyloggers are little devices that are most of the time connected between pc and keyboard recording every keystroke in their own memory.

Things to do before you sell your digital camera

Many people sell their old digital camera when they buy a new one. Those cameras are often sold on sites like eBay and it is a wise move to make sure that all photos in the internal memory and on external smartcards are not readable anymore. This might not be a big problem if you simply took some pictures of landscapes all the time but it soon becomes one if you took personal and private pictures with that camera.

Check a system for rootkits with Gmer

Gmer is primary a free rootkit scanner which offers additional functionality such as offering an Intrusion Prevention System and a Firewall. The interface looks very user friendly but the settings, options and the results require at last basic knowledge of rootkits and other means of harming the system to apply and interpretate them in the correct way. Gmer does notify the user if it spots something suspicious and displays those results in red in the main window. The two screenshots below show two typical scan results after performing a scan of your computer with Gmer.

flash player settings manager

Flash Cookies explained

Flash cookies are a new way of tracing your movement and storing a lot more information about you than with normal cookies. One major disadvantage of flash cookies is that you can't locate them in your browser. They are not shown in the list of cookies that you can see when you take a look at the cookies that are currently saved in your web browser. Normal HTTP cookies can't save more than 4 Kilobyte of data while Flash cookies can save up to 100 Kilobyte. If you want to try out how they work you could do the following.

How to erase file information on unused disk space

We all know that it is important to securely delete all files on a hard drive before giving it to someone else. This holds especially true if you plan on selling the hard drive on Internet sites such as eBay. I know that some users buy used hard drives on eBay purely for the thrill of trying to find data that was deleted on that drive. This could get you in a world of trouble if you think of the private information that you save on your computer.

A Sandbox for Applications

Sandboxie does what virtual machines such as VMware Player, Virtual Box and Microsoft Virtual Pc do with the difference that it works on the application level and not the operating system one. Instead of running a virtual operating system that makes it safe to try and test software it lets you run software in a sandbox on your current operating system with the same result. The normal process in an operating system is that applications can read and write date from the system.

How Logistep catches file sharers

It is no secret that companies like Logistep are monitoring p2p networks to sue file sharers who are offering software from clients like Zuxxez, a German company who recently sued 500 British p2p users claiming that they illegally distributed the game Dream Pinball 3D. The website Torrentfreak got their hands on a copy of one of those letters that have been send out which details the process of how Logistep determines which users are illegally distributing the game.

Private Torrent Sites are being infiltrated

I read an rather obvious article over at the TorrentFreak blog that was entitled "Piracy Investigators Infiltrate Private Torrent Sites" which confirmed that piracy investigators have been getting access to private torrent sites by either joining them when they were still open for registration or being invited from a man in the inside. It was always pretty obvious to me that private could not really mean private if the site owners did not know each of the users personally. This system was bound to fail right from the beginning and the article on TorrentFreak only confirms this.

The Compact Disk Eraser

Let me ask you a question: What do you do with old CDs and DVDs that have data on them ? Do you simply throw them away, recycle them ? What do you use to destroy the data on the disks ? If you never thought about this matter before and have a stash of used disks lying around you might want to take a look at the compact disk eraser. The disk eraser is a handy compact tool that wipes out CDs and DVDs environmentally friendly keeping the disks intact. You slide the disk once or more through the disk eraser creating a wide strip that can't be polished out.

What is your Security Concept?

Many novice users use the software that comes preinstalled with their purchased computer and rely on these to be safe from the dangers that lurk on every corner in the Internet. Trojans, Malware, Spyware, Phishing and worse are threats that every user should know about and be able to deal with. It is pretty easy to detail my security concept, it is not the most secure on earth but even those are not secure at all. If you want security do not connect to the Internet at all, that is my advise.

AVG Anti Rootkit free

Rootkits received a publicity boost with Sony's rootkit infested CDs that was supposed to be some kind of copy protection. Since then rootkits have become an ever growing threat on the Internet in line with Viruses, Trojans, Phishing and Spam. The major problem with rootkits is that most users think that their virus scanner protects them from rootkits as well which is most of the time not the case. Rootkits are much harder to detect by normal means and software that can scan systems for rootkits should be used by inexperienced users to be able to detect at least the most common ones.

Send Windows to Nirvana with an animated cursor

One of the many disadvantages of every new Windows edition is the fact that the operating system becomes more and more bloated. Microsoft adds new features to Windows which could then be used to exploit the system.Instead of concentrating on fast efficient systems they produce heavy systems that look shiny but have problems under the surface. Recently a vulnerability in Windows Animated Cursor Handling was discovered. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

true crypt encryption

Create a secure data safe with True Crypt

This article is going to show everyone, even the inexperienced, how to create a data safe that can store as much personal information and files as you want using the open source program True Crypt. True Crypt makes it very easy to encrypt almost every piece of hardware including partitions, hard drives, usb keys and other storage devices. Once everything is setup you would mount the True Crypt container using the password that you have selected while creating the encrypted container. This is actually the only password that you have to remember, everything else can be kept in the encrypted container for safety reasons.


SPREAD THE WORD

GHACKS NEWSLETTER SIGN UP

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up