Security

Security is one of the most significant considerations when owning any technology, as you can lose data and finance if not careful. You’ll find articles here that cover various apps and options, threats to browser and device security, and some tips.

password chart

Make your passwords stronger with a password chart

Password chart is an online service that helps you improve the quality of your passwords. The principle is pretty easy: You enter a phrase at the beginning which will be used to create the password chart. An example would be "Make your passwords stronger with passwordchart.com" or "https://www.ghacks.net/ is gr3at". The password chart will be displayed on the right side of the screen changing while you are adding new chars to the phrase. You can opt to add numbers and punctuation for increased security, they will be added to the chart on the right.

web proxy

Free Web Proxy List, Custom Proxy Server Guide

A web proxy is becoming more and more important in todays internet. Schools and Companys tend to block sites pretty quickly nowadays, especially when the blocking is directed at just a few websites and not every website in that category. Web Proxys might be able to sneak past this policies and display the site in your browser even though it is banned in the network.

ip-lookup

How to lookup your own IP

I have written a small php script that lookups your IP, your browser, the refering site and the remote port. The website has no ads at all and loads pretty fast. This might be useful for those who are using proxys and want to check if those proxys are spilling their IP address or not. The RIAA for example is identifying downloaders by their IP address.

IceSword the better Rootkit Revealer?

IceSword is a new contender for the title of the best rootkit revealing and removing program out there at the moment. It is rather hard to find a working download of IceSword but as always I provide a fast way to download the latest version of Icesword named IceSword1.18.rar. Click the link to download the rootkit scanner from rapidshare. In contrast to other rootkit scanners like Blacklight Icesword can not be run automatically. Icesword only provides perhaps the most powerful utilities to scan your system for rootkits and other information.

How to disable the ad popup in AntiVir

AntiVir is probably the best free antivirus software. It´s free for non commercial use and updates its virus definitions regulary just like in the professional version. The free version however has the habit to display a advertisment popup after each update, which normally means that you see this ad every single day. It is always the same ad and I don´t see a reason for this at all, once is fine but everyday ?

secure website phishing

Anti-Phishing Tips

Phishing is a popular method to capture personal data such as passwords, transaction numbers and credit card details. The company I´am working with locks several user accounts each day to prevent harm done to them due to phishing. It normaly starts with an email asking you to update your profile, to download a security update or a email that reveals that you are the highest bidder of an ebay auction (that you do not know about).

seconfig xp

Configure your Windows XP system securely with Seconfig XP

What a great little freeware application. Seconfig is only 37K in size and can be right from the location that you decided to unpack it to. The freeware has three main functions: Restrict Lan-like access, Service settings and TCP/IP settings. You may disable netbios, SMB and RPC over TCP/IP in the first, those are major entry points for worms and hackers.

Top 100 Network Security Tools

Great list of the top 100 network security tools voted by 3243 users of the nmap-hackers mailing list. Every tool mentioned has a description, a homepage link to the developers, icons that tell you if it works on your system and if it costs money. All utilities belong to a category, you have the option to display every category. (like vulnerability scanners)

ADVERTISEMENT

Six WiFi Security Myths

There have been lots of articles lately that explain how to secure a wireless network. Most of this articles contain at least one measure that is not enhancing security at all. This does not neccessarily mean that it is lowering the security on the other hand though. Let us take a look at the six dumbest ways to secure a Wirelss Lan.

SQL Injection Attacks by Example

SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Security without Firewalls discussion

You might remember that I wrote an article in late november called Beginners Guide to securing your pc. You might even remember that I suggested that there was no need for a desktop firewall at all. And you might even remember that I got some pretty bad comments about my suggestion in the comments section.

high securiy password generator

Ultra High Security Password Generator

If you´re ever in the need of a high security password the Ultra High Security Password Generator Website might be exactly what you´ve been looking for. Everytime you visit or refresh the website it will display three randomly generated passwords, one 64 random hexadecimal charakters password, one 63 random printable ASCII chars and finally a 63 random alpha-numeric characters password.

logmein

Avoid Web Filters with LogMeIn

LogMeIn is another service that gives you remote control over a computer. It uses a java applet that has to be executed be the computer that should be controlled and a website that gives you control over the computer (or more than one) with the applet. That means you don´t have to install software or use a usb stick to run programs on the other computer, you simply open a website and control the computer at home.

zfone

Secure VOIP by encrypting it with ZFone

A new public beta of Zfone has been released a few days ago for windows xp, linux and mac os x. Zfone uses a new protocol called ZRTP, which is better than the other approaches to secure VoIP. "(ZRTP) achieves security without reliance on a PKI (Public Key Infrastructure), key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world," Zimmermann explains.

Wireless Security: Attacks and Defenses

The article wireless security attacks and defenses begins with a example how people who are new to the wireless world run their wireless devices carelessly and thus invite others (with more knowledge) to exploit this weakness. Those people run for example wireless routers at factory defaults because they don´t know better, they think the device is safe the way it´s preconfigured.

SQL Injection Walkthrough

You might already know what sql injection means, in case you did not i post the definition of wikipedia:

SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

How to check your system for rootkits

Rootkits have been in the press lately and it´s a good idea to be on the safe side and check your system from time to time to make sure it is not infected. I´am going to introduce two freeware utilities that scan your system and reveal rootkits if they are installed and running on your system.

firefox third party cookies

Introduction Series Part 4: Cookies

Many people consider themselves to be very secure when they are surfing the internet and that very well may be true. However, there are some things that are often forgotten about. The one thing is the cookie. This is not speaking about the edible version with chocolate chips, but instead the file that a good many web sites across the internet that put onto your system that tell the site that you have visited before and what you have done.

Introduction Series Part 2: Adware

Adware is another issue that seems to be plaguing the entire world these days and that means that people need to be aware that this is nothing anymore safe then the standard spyware is. There are many that will tell you that adware is nothing more than an advertising venue for online companies but that is false. Through adware these companies are actually collecting data about you so they can target your computer with advertising that will come up in parts as pop up windows or the computer can actually be hijacked and then all of your search options are then transported through the adware so the results that they want to bring to you can be filtered.

How to scan your Linux-Distro for Root Kits

Ghacks is running on a linux rootserver. It should be fairly secure but there is always a chance that someone might get access to it and comprimise the system. One of the biggest threats is the installation of a root kit which will be used to access the system at a later time and clean tracks of logins that might have occured.

Microsoft expands anti-piracy program

Microsoft Windows users who are living in the U.S., U.K., Malaysia, Australia or New Zealand have to deal with Microsofts next step in their fight against piracy. A user who opted for automatic security updates will recieve the new anti-piracy tool which will install and ask for a reboot. After that reboot the license of your windows operating system is checked. You might see the following message:

Defeating Hardware Keyloggers

You probably read my article about the bank heist in London where the robbers used a hardware keylogger to recieve sensitive information that allowed them to perform wireless transfers. The bank made the decision to super glue every cable to the back of the personal computer making it impossible to add the keylooger between the keyboard and the computer

Password Security: What Users Know and What They Actually Do

The study "password security: what users know and what they actually do" was conducted by the department of psychology from the Wichita State University. The study investigated the common password generation practices of online users. All participiants took part in a survey querying (1) the types and number of different password protected accounts maintained; (2) actual practices used in generating, storing and using passwords; (3) practices believed they should use in generating and storing passwords; and (4) general demographic information.

Hardware Keylogger

This little device has apparently been used to pull of one of the greatest bank heist in history. You attach this device to the keyboard cable at the back of the pc and it´s able to record 130000 keystrokes. The bank robbers installed this device inside the bank and got access to Sumitomo Bank's wire transfer capability. With all the information at their hand they proceeded to transfer more than 400 million $ to various foreign accounts.

bank secure website

How secure is my bank's website?

I don´t know a single large bank that does not offer its customers a way to use a website to do their transactions. There is unfortunatly no single standard set for bank websites and many companies tend to misjudge the importance of a secure website. The Secure Web Bank website did take a look at websites from US, Canadian and European institutes and check wether those provided a SSL Login page and Two Factor Auth for their customers.

True Crypt 4.2 released

You might know that I´am using True Crypt for some months now to encrypt and decrypt my entire removable hard disk that has 300 Gb capacity. All happens in realtime and I can´t see and witness any slowdowns so far. I´am able to download content to the drive with 14.2 Mbps and its working like every other hard disk. Yesterday a new True Crypt version was released and it has some amazing new features, let us take a look at some of them:

HTML Page Crashes Windows

Ok this seems to be serious. If you open a webpage that contains a certain html code your windows will crash. The html is looking like this:

netstat

Tracing a Hacker

Tracing a Hacker is a article aimed at beginners that want to learn the basics of finding out if there is someone connected to their system who should not be connected to it. It gives a rough introduction to some basic concepts like tcp/ip, ports and how hackers find their targets. This is a good read if you don´t know what they are about. After that Omar starts of by explaining the netstat command which lists all the sources that are connected or currently connecting to your computer. If you are running p2p software this can be a lot of connections. I suggest you start of by disabling most tools that you might be running while on the internet. So, no p2p, no messengers aso.

Charon 0.6 released

This is the follow up to the proxy filtering program Calamity. It provides a fully customisable way of filtering out unwanted proxies via control files, a proxy tester to check anonymity - and a fully functional search engine crawler to find lists of posted proxies. Included within the kit is a php checker which can be uploaded to your own webspace to spread the processor load and bandwidth of the actual testing. This is fully integrated into Charon where it will simply send your pages lists of proxies and harvest the results

microsoft windows malicious software removal tool

Microsoft Windows Malicious Software Removal Tool

A new version of the Microsoft Windows Malicious Software Removal Tool has been released as well yesterday. The new version is able to remove infections by specific prevalent malicious software. It´s able to detect 64 infections, that´s three more than the previous version. The three new infections that are detected are Locksky, Reatlle and Valla according to the german newsmag pcwelt.de.

250 web proxies

Lots of people are demanding more proxy sites because many have already been banned by their school or workplace. It´s not easy to find new ones but maybe the list from econsulting might help you. They have a list of 250 web proxies that might not be banned. I think it´s worth a try if you are that desperate.

Home Network Router Security Secrets

Todays world is becoming a wireless one. If you signup for a new internet provider you have most of the time the choice of a modem that uses cables and one that is wireless. Now, most people tend to chose the wireless one because their homes don´t look that messy after all, cables everywhere seems to turn certain people off quite a bit.

Setting up your own proxy server

Lot´s of people complain that webproxys are not working at their works / schools computer because they have been banned by administrators. A way around this would be to setup your very own proxy server that is being hosted a) by a free webhosting service that supports either php or cgi or b) your own website that is being hosted by a webhosting company.

ie proxy changer

IE Proxy Changer Program

I don´t think a lot of my visitors are still using the Microsoft Internet Explorer but there are some that do. My first advice would be to change the browser immediatly to firefox or opera, for those who are to lazy or have other reason to keep the insecure browser the IE Proxy Changer is a nice little addition to the internet explorer.

Password Recovery Speeds

Now this is an interesting analysis of password recovery speeds. It compares password length and chars used to the time different computers need to bruteforce the password, ranging from Class A (speed of a pentium 100) to Class F (supercomputers, large scale distribution) computers.

Altiris Software Virtualization Solution 2.0

I´ve written about virtual computers before and found a nice way program to make the same method available for virtual software installations. Altiris Software Virtualization Solution lets you install every kind of software in a protected environment that prevents access from this software to your core system. This is great if you want to try out some new alpha / beta software or software that you are suspicious about.

How to surf anonymously on the Internet

The question that many people ask is why would someone want to surf anonymously in the first place. Why would someone who does not do something illegal want to surf anonymously at all ? I can think of lots of reasons, here are a few:

10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

The guys of darknet.org.uk have posted a new article that lists the 10 best security live cd distros. Each distribution is introduced in a small paragraph and features links to the distributions homepage.

proxy

A new Proxylist

I found a new list of proxy sites, 300 in total. Should be something for everyone and I suppose you find some that work in your environment. Head over to proxylist.wordpress.com to check them out.

Windows Worms Door Cleaner

The little freeware application Windows Worms Door Cleaner has a very strange name if you ask me. It´s purpose is to disable certain services that worms rely on to attack your system.


SPREAD THE WORD

GHACKS NEWSLETTER SIGN UP

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up