Posts Tagged ‘Security’

Optimize Boot Files

*******************

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Dfrg \ BootOptimizeFunction]

Under this key is a text value named Enable. A value of Y for this setting enables the boot files defragmenter. This setting defragments the boot files and may move the boot files to the beginning (fastest) part of the partition, but that last statement is unverified. Reboot after applying this tweak.

Advertisements

1. Click on “Start” in the bottom left hand corner of screen

2. Click on “Run”

3. Type in “command” and hit ok

You should now be at an MSDOS prompt screen.

4. Type “ipconfig /release” just like that, and hit “enter”

5. Type “exit” and leave the prompt

6. Right-click on “Network Places” or “My Network Places” on your desktop.

7. Click on “properties”

You should now be on a screen with something titled “Local Area Connection”, or something close to that, and, if you have a network hooked up, all of your other networks.

8. Right click on “Local Area Connection” and click “properties”

9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab

10. Click on “Use the following IP address” under the “General” tab

11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2 until i fill the area up).

12. Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.

13. Hit the “Ok” button here

14. Hit the “Ok” button again

You should now be back to the “Local Area Connection” screen.

15. Right-click back on “Local Area Connection” and go to properties again.

16. Go back to the “TCP/IP” settings

17. This time, select “Obtain an IP address automatically”

18. Hit “Ok”

19. Hit “Ok” again

20. You now have a new IP address

With a little practice, you can easily get this process down to 15 seconds.

P.S:

This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back


Here are some tips to ensure malware is not given access to your computer:

• Keep your computer up to date.

• Keep your browser up to date.

• Install good antimalware.

• Download free software only from sites you know and trust.

• Avoid clicking links inside pop-up windows.

• If you are offered antimalware programs while browsing, don’t install them. Stick with the software I outline in this handbook.

By following these rules, you’ll protect yourself and decrease the chances of getting malware on your system. The rest of this handbook will show you how to apply the first three tips listed above.

Malware – The generic term used for all forms of software designed with malicious intent. Viruses, worms, spyware etc. are all forms of malware. The term virus is often used when malware should really be used as it describes all forms of malicious software.

Virus – A computer virus acts very much like a human virus. Human viruses are spread, via thumb drives, floppy discs, network connections etc., to other PCs. Viruses need a host (like a free screensaver program) to spread. By pure definition: a virus has the ability to spread itself, via a host, to other computers.

Worm – A worm is much like a virus. The key difference is worms can spread between PCs without a host (free screensaver program, downloaded game etc.) These programsrely on computer networks and usually damage files and slow down networks in their path.

Trojan horse (Trojan) – A Trojan horse is a seemingly harmless program that looks to provide value. However, just as in Greek mythology, a Trojan horse has a secret agenda and acts as a backdoor to your computer. This backdoor can be accessed by a hacker to compromise your PC. Trojan horses are not self-replicating and spread due to users installing them manually on their PC.

Privacy-invasive software – A formal term used to describe software that invades your privacy. This software comes in different forms including spyware and adware.

Spyware – Spyware tracks a user’s activity by monitoring browsing habits and keyboard activity and can even take screenshots while you use your PC. This information is sent back to the creator or beneficiary of the spyware. Signs of spyware include: modified browser homepages, slow internet, and suspicious looking sites in place of legitimate sites (for example: banking sites.)

Adware – Like spyware, adware is software that may track visited websites and act as a key logger. Adware tracks this information to automatically display downloaded or installed adverts to a user. You may wonder why you are being offered “PC Super Anti Spyware 2011” when using your PC; this is adware at work. AIM, FlashGet, Deamon Tools, and RealPlayer are all examples of adware.

Backdoor – A backdoor is a point of access to a computer that does not require authentication. An unlocked house back door gives access to an otherwise secure home; a computer backdoor allows access to your PC without your knowledge or permission.

Key logger – Key loggers are used to monitor keyboard activity on a PC. These can be software-based (bundled with Trojan horses, adware, and spyware) or hardware-based (between the keyboard cable and the PC, acoustic etc.) Usually this information is retrieved across a local network, the internet, or from the physical device connected to the keyboard.

Firewall – A firewall both permits and blocks access to a network or PC. Firewalls are included with popular security software (e.g. AVG Internet Security and ESET Smart Security) and limit communication between your PC and devices that are not authorized to communicate with you.

Windows Firewall – Comes bundled with Windows XP, Vista, and 7. This is a great solution; however, due to a lack of comprehensive definition updates, Windows Firewall is not completely effective in blocking threats and allowing safe connections.

Antimalware / Antivirus / Antispyware – Software designed to remove or block malware (e.g. AVG Internet Security and ESET Smart Security.)

Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions. Data on an encrypted hard drive cannot be read by anyone who does not have access to the appropriate key or password. This can help prevent access to data by unauthorized persons and provides a layer of security againsthackers and other online threats.

The concept of hard-drive encryption is simple enough. When a file is written to the drive, it is automatically encrypted by specialized software. When a file is read from the drive, the software automatically decrypts it while leaving all other data on the drive encrypted. The encryption and decryption processes are transparent to all common applications such as word processors, databases,spreadsheets or imaging programs. A computer equipped with hard-drive encryption appears, from the user’s point of view, to function as any other computer would.

Windows Vista Enterprise and Ultimate editions offer a hard-drive encryption program called BitLocker that employs two-factor authentication.

E-Mail Spoofing

Posted: August 25, 2009 in Networking, Security
Tags: ,

Email “Spamming” and Email “Spoofing”

Two terms to be familiar with in these days of increased communication via electronic mail: email “spamming” and email “spoofing”.

Email “spamming” refers to sending email to thousands and thousands of users – similar to a chain letter. Spamming is often done deliberately to use network resources. Email spamming may be combined with email spoofing, so that it is very difficult to determine the actual originating email address of the sender. Some email systems, including our Microsoft Exchange, have the ability to block incoming mail from a specific address. However, because these individuals change their email address frequently, it is difficult to prevent some spam from reaching your email inbox.

Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Individuals, who are sending “junk” email or “SPAM”, typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator.

Malicious Spoofing

There are many possible reasons why people send out emails spoofing the return address: sometimes it is simply to cause confusion, but more often it is to discredit the person whose email address has been spoofed: using their name to send a vile or insulting message.

Sometimes email spoofing is used for what is known as “social engineering”, which aims to trick the recipient into revealing passwords or other information. For example, you get an email from what appears to be the LSE’s email administrator, or from your ISP, asking you to go to a Web page and enter your password, or change it to one of their choosing. Alternatively, you might receive an email asking for detailed information about a project. The From field suggests that the message comes from the LSE, but instead it is from a competitor.

Dealing with a Spoofed Email

There is really no way to prevent receiving a spoofed email. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn’t make any sense, then you may want to find out if it is really from the person it says it’s from. You can look at the Internet Headers information to see where the email actually originated.

Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.

Displaying Internet Headers Information

An email collects information from each of the computers it passes through on the way to the recipient, and this is stored in the email’s Internet Headers.

1. With the Outlook Inbox displayed, right-click on the message and click on the Optionscommand to display the Message Options dialog box.

2. Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the email’s origin. The most important information follows the “Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it’s from.

Virus spoofing

Email-distributed viruses that use spoofing, such the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.

If you receive an alert that you’re sending infected emails, first run a virus scan using Antivirus . If you are uninfected, then you may want to reply to the infection alert with this information:

“Your virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of email-distributed viruses fake, or spoof, the ‘From’ address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.”

But keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server and so replying to the original email may not elicit a response.

Alternatively, if you receive an email-distributed virus, look at the Internet Headers information to see where the email actually originated from, before firing off a complaint or virus alert to the person you assume sent it.

Clipboard Hijack Attack

Posted: August 25, 2009 in Networking, Security
Tags:


What is a clipboard hijack attack?

A clipboard hijacking is an exploit in which the attacker gains control of the victim’s clipboard and replaces its contents with their own data, such as a link to a malicious Web site.

The attack makes it impossible for users to copy anything else to the clipboard until they either close the browser or reboot the machine. Aside from the nuisance factor, the danger is that a user might inadvertently paste the inserted content into their browser or into online content, exposing themselves or others to malicious code.

In August 2008, there were reports of clipboard hijack attacks conducted through Adobe Flash-based ads on many legitimate Web sites, including Digg, Newsweek and MSNBC.com. The coding is in Shockwave files and uses a method called System.setClipboard() that repeatedly flushes and replaces clipboard contents. If users follow the inserted link, they are taken to a fake security software site warning them that their systems are infested with malware. The purpose of the attack is to get users to download fraudulent software, putting personal information at risk in the process. All major operating systems and browsers are vulnerable to the attacks, as long as Flash is installed.

Adobe has since announced it will add a mechanism to the next version of Flash that allows users to grant or deny access when a Shockwave file tries to load data to the clipboard.

One of the best features in Windows Defender is hidden a bit in the application’s user

interface. The Software Explorer—found in Tools➪Software Explorer—lists the applications

that run at startup (you can also change the display to list currently running

applications, network-connected applications, and other features). Best of all, you can

actually remove or disable startup applications. In previous versions of Windows, you

would use the System Configuration utility (msconfig.exe) for this functionality;

System Configuration is still available in Windows Vista, but Windows Defender’s

Software Explorer feature is arguably a better solution because it provides so much

information.

There’s some confusion about how the Windows Firewall is configured in Windows

Vista. Although it is indeed enabled to monitor both inbound and outbound network

traffic, it is configured differently for each direction. Windows Firewall, by default, is

configured to block all incoming network traffic that is not part of an exception rule,

and allow all outgoing network traffic that is not blocked by an exception rule.

The Windows Firewall interface described previously is quite similar to that found in

Windows XP with Service Pack 2. But Microsoft also includes a second, secret interface

to its firewall that presents far more options. It’s called Windows Firewall with

Advanced Security, and you can access it via the also-hidden Administrative Tools

that ship with all mainstream Windows Vista versions. To find it, navigate to Control

Panel and turn on Class View. Then, navigate into Administrative Tools and then

Windows Firewall with Advanced Security., the tool loads into

a Microsoft Management Console (MMC).

As good as Vista’s firewall is, you should absolutely use a third-party firewall instead if

you’re using a security software suite. In such cases, the security suite will typically

disable Windows Firewall automatically and alert Windows Security Center that it is

now handling firewalling duties. Unlike with antispyware applications, you should

never run two firewalls at the same time, as they will interfere with each other.


10 Fast and Free Security Enhancements

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly (_http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a personal firewall. Both SyGate (_www.sygate.com) and ZoneAlarm (_www.zonelabs.com) offer free versions.

3. Install a free spyware blocker. Our Editors’ Choice (“Spyware,” April 22) was SpyBot Search & Destroy (_http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you’ll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

6. If you’re using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you’re not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w*w.grisoft.com). And doublecheck your AV with the free, online-only scanners available at w*w.pandasoftware.com/activescan and _http://housecall.trendmicro.com.

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don’t assume that e-mail “From:” a particular person is actually from that person until you have further reason to believe it’s that person. Don’t assume that an attachment is what it says it is. Don’t give out your password to anyone, even if that person claims to be from “support.”