Trillian 5 Pro for Windows v5.0.0.29 BETA

Trillian 5 Pro for Windows v5.0.0.29 BETA-TE

Trillian Pro is a very powerful communications tool that includes a huge number of features to enhance your IM experience, creating infinite possibilities during your journey on the Internet. Whether you’re a user tangled by the complexity of using more than one network, a user who is using only one messenger looking for a better experience, or an Internet user looking for an efficient way to stay updated with the world, Trillian Pro is designed for you. Instant messaging is the most convenient means of communications on the internet today, filling an important niche between a phone call and e-mail; it’s fast, and not too intrusive. Users connect to a central server which allows real time message delivery to and from other users. These messages will utilize graphics, text and even streaming video to make the IM experience stronger. However, there are more than four different major messaging media currently in widespread use, which separates everyone and complicates this convenient way of communication. Trillian will “instantly” solve the problem! Trillian Pro is a very powerful communications tool that includes a huge number of features to enhance your IM experience, creating infinite possibilities during your journey on the Internet.

Release name: Trillian.5.Pro.for.Windows.v5.0.0.29.BETA-TE
Size: 13MB

Download

http://hotfile.com/dl/89498080/3475329/Trillian.5.Pro.for.Windows.v5.0.0.29.BETA-TE.rar.html

What is Spyware How to Remove

Spyware is a menace to any computer, but there are many free Spyware removal products online to help out.

It sounds rather sinister, doesn't it? In a way, it really is. Spyware (another name for Malware or Adware, which is Internet-speak for "advertising supported software") enters your computer without your explicit consent. You see, Spyware normally comes packaged with other programs, which you do want and actually choose to download. If you aren't too cluey about how to detect Spyware in a potential download (and let's face it, who is), you simply won't know that you've downloaded and activated the Spyware software.

What does Spyware do? It collects information about you and your business or organization to help advertising companies place better targeted advertising copy on the websites you visit. That is, advertising that may actually be of interest to you. OK, in theory, it's a reasonable idea. You are going to be surfing anyway and these days websites survive thanks to their advertising, so wouldn't you rather see ads that may be of some relevance to you? For example, if you are sitting at a computer in New York, Spyware will tell advertisers your geographical position and hence target ads that are relevant to New Yorkers (restaurants and stores in the area or events taking place in the area). If you happen to visit the same website from Paris, those ads will be French ads.

How does Spyware work? Once the software program sneaks into your computer (via some download you've made, for example, Kazaa) it follows you around as you surf the net. It collects information about you from your hard drive. It sounds illegal doesn't it? Well, it isn't. Not yet anyway.

There are lots of ways to protect your computer from this menace. Spyware removal programs help you track Spyware and purge your system of the software. Try an Internet search for Free Spyware Removal or Free Spyware Removal Program. This will bring up various results including the Lavasoft's Ad-Aware program, which is the most popular. Some websites will also offer you a Free Spyware Removal or Adware Removal online.

Spyware Doctor with AntiVirus 7.0.0.543

Best Spyware Protection. Used by Millions World Wide.
Spyware Doctor has been downloaded over 125 million times with millions more downloads every week. People worldwide use Spyware Doctor to protect their PCs from spyware, adware and other online threats.

Spyware Doctor has consistently been awarded Editors’ Choice, by leading PC magazines and testing laboratories around the world, including United States, United Kingdom, Sweden, Germany and Australia. In addition, after leading the market in 2005, Spyware Doctor was awarded the prestigious Best of the Year at the end of 2005 and again in 2006.

Spyware Doctor continues to be awarded the highest honors by many of the world’s leading PC publications such as PC World, PC Magazine, PC Pro, PC Plus, PC Authority, PC Utilities, PC Advisor, PC Choice, Microdatorn, Computer Bild and PC Answers Magazine.

Note: If you are choosing Anti-Spyware make sure you choose one that is proven and has genuine awards from one or more world leading research labs such a PC Magazine, PC World, CNET, PC Pro Magazine, PC Authority, PC Answers and other trusted labs. More importantly do not use ratings from unknown review websites, as often these are designed to mislead you into purchase of affiliated, inferior or rogue product.

Detects, removes and blocks Spyware and Viruses.
Did you know that numerous programs tested against Spyware Doctor detected only small fraction of Spyware and completely removed an even smaller amount? Also most of them were unable to effectively block Spyware in real time from being installed on users PC in the first place.

Spyware Doctor with AntiVirus has the most advanced update feature that continually improves its Spyware and Virus fighting capabilities on a daily basis. As Spyware gets more complex to avoid detection, Spyware Doctor responds with new technology to stay one step ahead.

Easiest to Use
Spyware Doctor’s advanced OnGuard technology only alerts users on a true Spyware and Virus detection. This is significant because you should not be interrupted by cryptic questions every time you install software, add a site to your favorites or change your PC settings. Such messages can be confusing and may result in undesirable outcomes such as program errors, lost favorites or even spyware and viruses being allowed to install on the system. We’ve done the research so you don’t have to.

This is the latest Spyware Doctor with active ANTIVIRUS component !!!! Serial included with the installation file:

Direct Rapidshare Download:

http://rapidshare.com/files/364971692/SDAA18.rar

to remove old registration data:

http://rapidshare.com/files/138553255/SDKeyReset.rar

Password:
markoplayer  or netrdx

How To Check Whether You are Victim of RATS or not ?

In this post i am going to show you how to find out when you are infected with a RAT or Keylogger, without using any complex tools. Now i believe most of you might know that you need to have an internet connection to make a RAT or a Keylogger work, which would mean, if you are not connected to internet, you don't have to worry about being infected with RAT or Keylogger. Ok, so for those who have internet connection and think they are being infected with a Trojan, here is a little guide that can solve your problem.

1. Now every program has their own process which can be seen on task manager. So the first thing to do is to find out which process the Trojan is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that.

2. If you cant find, then the next thing you can do is use cmd (to open cmd prompt, Click on Start--->Accessories-->Command prompt).

3. Once Command Prompt is opened, use this command: netstat -an |find /i "listening"

Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool!

Now we wonder What this Command does? This command will show all the opening ports. Now check for any unknown port.

4. You can skip step 3 if you want, and can do this instead.

Open command prompt and type netstat -b

Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.

5. Go to your task manager. On the top of it, click on View---> select Column---> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.

Now most of the RATs resides on Start up. How to delete them from start up?

a) Go to regedit ---> HKLM\Software\Microsoft\Windows\Current version\Run

On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCU\Software\Microsoft\Windows\Current Version\Run
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there

Snort – the best open source IDS

If you are in security, you might have heard of an Intrusion Detection system, which is a device or mechanism that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. There are a lot of professional IDS available for commercial use,but when it comes to being free as freedom (read:open source), Snort is my favorite.Snort is is a very powerful tool open source IDS (Intrusion detection system) written by Martin Roesch & and is known to be one of the best IDS on the market even when compared to commercial IDS.Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. Like Wireshark,Snort uses the libpcap library to capture packets.




Snort can be run in 4 modes:

1.sniffer mode: snort will read the network traffic and print them to the screen.
2.packet logger mode: snort will record the network traffic on a file
3.IDS mode: network traffic matching security rules will be recorded (mode used in our tutorial)
4.IPS mode: also known as snort-inline (IPS = Intrusion prevention system)

A lot of people in the very active snort community are sharing their security rules which is very useful if you are not an security expert and wants to have up-to-date rules.Snort can be combined with other free software such as sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data..which is in fact a PHP script displaying alerts on a web interface. At the end of the day, Snort is a must have for any security researcher or network paranoids out there..another mentionable IDS systems are Fragrouter,OSSEC HIDS and sGUIL.

You can download Snort from here

Watch the HISTORY of your computer

You can almost do anything with a keylogger .Like these :

1.Get others password no matter which domain or messenger untill it is being typed on your computer
2.For safety purposes,like to monitor what children are doing on the computer
3.For seeing what others and doing on the computer

These are the stuff that a keylogger does .


This keylogger is basically a monitoring software that helps in protection or safety and what not




This picture is of the keylogger refog : ( Download Here)

Disable Writing to USB Drives

A common security concern at organizations is allowing users to plug in a usb flash drive, because they could so easily copy corporate data.Since Windows XP SP2, you can disable writing to USB devices altogether using a simple registry hack.however one should also note that if you are using this trick, you should make sure that the users are not administrators on the computer, because they could easily change this setting back.



Here it is
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
“WriteProtect”=dword:00000001


Paste the code into a notepad file,and then save it as a registry file.Double click it and voila,you have successfully prevented the write access to the USB drive.


Once you have double clicked the registry, you will have to reboot for the changes to take effect.
This works on Vista as well. Here’s the window you’ll get when you try and write to a USB drive:
Disable Writing to USB Drives
If you want to enable the write access again,then copy this code and paste the code into a notepad file,and then save it as a registry file.Double click it and write access will be enabled again.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
“WriteProtect”=dword:00000000′


Stay tuned for more tips and hacks.

Disable USB Storage Devices In Your Desktop And Get Secured

Have your personal information ever been copied or pirated? It might be your years of project or your secret video; you’ll obviously feel not well when you know that it has been copied by someone by accessing your computer. Most of the files are copied to removable storage media like USB drives.




Today in this tutorial, I am going to show you how you can make USB storage devices totally useless without your permission.



You won’t need any special utility or software, just a tweak in Registry editor is enough to enable or disable the USB drive.



To block all the storage device in your Windows, run registry editor by typing regedit in RUN command.



In the registry editor, at left side navigation pane, navigate to following location:



HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > USBSTOR

Now at the right side double click on Start.

To block USB storage Medias, change the value data to 4.

If you want to unblock USB storage Medias just navigate to the same location and change th value data to 3.







If you don’t want to bother tweaking registry then I’ve made a simple program to Block and Unblock USB device.



You can download it from here.



USB BLOCKER-



USB UNBLOCKER-



Download both of them and open it to toggle between Block and Unblock USB storage media.



You can hide it in desktop or anywhere favorable to you.



Next time I’ll be posting a tutorial about disabling copy and paste. So, don’t forget to bookmark us.



Hope this tutorial was helpful.

How to Test the Working of your Antivirus – EICAR Test

Have you ever wondered how to test your Antivirus software to ensure it’s proper working? Well here is a quick and easy way to test your antivirus. The process is called EICAR test which will work on any antivirus and was developed by European Institute of Computer Antivirus Research. This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer. Here is a step-by-step procedure to test your antivirus.




1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.



X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2. Rename the file from New Text Document.TXT to myfile.com



3. Now run the antivirus scan on this myfile.com file.



If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.



NOTE: Most antivirus will pop-out a warning message in the Step-1 itself.



You can also place the myfile.com file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus when scanning this file will respond exactly as it will do for a genuine virus/malicious code. This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence it is the safest method to test the proper functioning of any antivirus.

How to Remove Newfolder.EXE/Sohanad Virus

You can remove this worm by manual method, or using a removal tool.



1.Manual Method

Here are simple steps following which you can get the worm removed from your system:



1.Download this file:Registry_Repair.



2.Double click on that downloaded registry file, you will be asked weather you’re sure to add this to registry, click yes.



3.Restart your system.



4.Search for the file svhost32.exe and delete it if its found.



5.Search for the file svhost.exe and delete it if its found.

Password Hacking FAQ

1. What are some password basics?




Most accounts on a computer system usually have some method of restricting access to that account, usually in the form of a password. When accessing the system, the user has to present a valid ID to use the system, followed by a password to use the account. Most systems either do not echo the password back on the screen as it is typed, or they print an asterisk in place of the real character.

On most systems,the password is typically ran through some type of algorithm to generate a hash. The hash is usually more than just a scrambled version of the original text that made up the password, it is usually a one-way hash. The one-way hash is a string of characters that cannot be reversed into its original text. You see, most systems do not “decrypt” the stored password during authentication, they store the one-way hash. During the login process, you supply an account and password. The password is ran through an algorithm that generates a one-way hash. This hash is compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied.

Cryptographically speaking, some algorithms are better than others at generating a one-way hash. The main operating systems we are covering here — NT, Netware, and Unix — all use an algorithm that has been made publically available and has been scrutinized to some degree.

To crack a password requires getting a copy of the one-way hash stored on the server, and then using the algorithm generate your own hash until you get a match. When you get a match, whatever word you used to generate your hash will allow you to log into that system. Since this can be rather time-consuming, automation is typically used. There are freeware password crackers available for NT, Netware, and Unix.



2. Why protect the hashes?



If the one-way hashes are not the password itself but a mathematical derivative, why should they be protected? Well, since the algorithm is already known, a password cracker could be used to simply encrypt the possible passwords and compare the one-way hashes until you get a match. There are two types of approaches to this — dictionary and brute force.

Usually the hashes are stored in a part of the system that has extra security to limit access from potential crackers.



3. What is a dictionary password cracker?



A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password.

Some of these dictionary crackers can “manipulate” each word in the wordlist by using filters. These rules/filters allow you to change “idiot” to “1d10t” and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT.

If your dictionary cracker does not have manipulation rules, you can “pre-treat” the wordlist. There are plenty of wordlist manipulation tools that allow all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thorough list for dictionary crackers without those fancy word manipulations built in.



4. What is a brute force password cracker?



A brute force cracker simply tries all possible passwords until it gets the password. From a cracker perspective, this is usually very time consuming. However, given enough time and CPU power, the password eventually gets cracked.

Most modern brute force crackers allow a number of options to be specified, such as maximum password length or characters to brute force with.



5. Which method is best for cracking?



It really depends on your goal, the cracking software you have, and the operating system you are trying to crack. Let’s go through several scenarios.

If you remotely retrieved the password file through some system bug, your goal may be to simply get logged into that system. With the password file, you now have the user accounts and the hashes. A dictionary attack seems like the quickest method, as you may simply want access to the box. This is typical if you have a method of leveraging basic access to gain god status.

If you already have basic access and used this access to get the password file, maybe you have a particular account you wish to crack. While a couple of swipes with a dictionary cracker might help, brute force may be the way to go.

If your cracking software does both dictionary and brute force, and both are quite slow, you may just wish to kick off a brute force attack and then go about your day. By all means, we recommend a dictionary attack with a pre-treated wordlist first, followed up by brute force only on the accounts you really want the password to.

You should pre-treat your wordlists if the machine you are going to be cracking from bottlenecks more at the CPU than at the disk controller. For example, some slower computers with extremely fast drives make good candidates for large pre-treated wordlists, but if you have the CPU cycles to spare you might want to let the cracking program’s manipulation filters do their thing.

A lot of serious hackers have a large wordlist in both regular and pre-treated form to accommodate either need.



6. What is a salt?



To increase the overhead in cracking passwords, some algorithms employ salts to add further complexity and difficulty to the cracking of passwords. These salts are typically 2 to 8 bytes in length, and algorithmically introduced to further obfuscate the one-way hash. Of the major operating systems covered here, only NT does not use a salt. The specifics for salts for both Unix and Netware systems are covered in their individual password sections.

Historically, the way cracking has been done is to take a potential password, encrypt it and produce the hash, and then compare the result to each account in the password file. By adding a salt, you force the cracker to have to read the salt in and encrypt the potential password with each salt present in the password file. This increases the amount of time to break all of the passwords, although it is certainly no guarantee that the passwords can’t be cracked. Because of this most modern password crackers when dealing with salts do give the option of checking a specific account.



7. What are the dangers of cracking passwords?



The dangers are quite simple, and quite real. If you are caught with a password file you do not have legitimate access to, you are technically in possession of stolen property in the eyes of the law. For this reason, some hackers like to run the cracking on someone else’s systems, thereby limiting their liability. I would only recommend doing this on a system you have a legitimate or well-established account on if you wish to keep a good eye on things, but perhaps have a way of running the cracking software under a different account than your own. This way, if the cracking is discovered (as it often is — cracking is fairly CPU-intensive), it looks to belong to someone else. Obviously, you would want to run this under system adminstrator priviledges as you may have a bit more control, such as assigning lower priority to the cracking software, and hiding the results (making it less obvious to the real administrator).

Being on a system you have legit access to also allows you better access to check on the progress. Of course, if it is known you are a hacker, you’ll still be the first to be blamed whether the cracking software is yours or not!

Running the cracking software in the privacy of your own home has the advantage of allowing you to throw any and all computing power you have at your disposal at a password, but if caught (say you get raided) then there is little doubt whose cracking job is running. However, there are a couple of things you can do to protect yourself: encrypt your files. Only decrypt them when you are viewing them, and wipe and/or encrypt them back after you are done viewing them.



8. Is there any way I can open a password-protected Microsoft Office document?



Certainly! There are plenty of commercial programs that will do this, but we give props to Elcomsoft for fighting the DMCA. 30-day trial versions are available here

Hide IP Address – Real ways to hide your IP

Here in this post I will try to give you every possible information to hide the IP address.If you seriously want to hide your IP address then this post is for you!




One of the most frequently asked questions by the internet users is How To Hide IP Address ?. Many times it becomes necessary to hide the real IP address for the sake of privacy.For this, I have tried many softwares, proxy servers and many such tools that guaranteed to hide my IP address.But still none of them worked for me. I think most of you have the same experience.Are you fed up with these dummy softwares that fails to hide the real IP address? Then is there any working way to hide the IP address?



YES, you can definitely hide your IP .



Now I’ll come to the heart of the post, which contains the answer to your curious question How to Hide the IP address ? The only solution to hide your IP address is by using a Proxy Server.But Wait! The story doesn’t end here.Even though proxy servers are the only way to hide your IP address, there are several ways of connecting your PC to the proxy server.Before setting up the connection with the proxy servers you must know some information about different types of proxy servers and their uses.



1. Transparent Proxy Server

This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used to speedup the web browsing since thay have a very good ability to cache websites.But they do not conceal the IP of it’s users. It is widely known as transparent proxy because it will expose your real IP address to the web.This type of proxy server does not hide your IP address.



2. Anonymous Proxy Server

This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users. This type of proxy server will hide your IP address.



3. Distorting Proxy Server

This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers. This type of proxy server will hide your IP address.



4. High Anonymity Proxy Server ( Elite Proxy)

This type of proxy server does not identify itself as a proxy server and does not make available the original IP address. This type of proxy server will hide your IP address.So this is the best way to mask your IP.



Which Proxy Server is the best to Hide My IP ?



I know, you can answer this question better than me.Obviously High Anonymity Proxy or Elite Proxy is the best to hide your IP.But it’s not easy to get a list of working elite proxies.If you search the Google, you will definitely get tons of proxy list.You’ll get a list of proxies in the following format



IP:Port Number

Eg: 221.90.45.67:8080 (221.90.45.67 is the IP of the proxy server and 8080 is the port number)

But most of them don’t work.Here are some of the problems/risks associated with using free proxies that are available on the internet.



■Most of them do not work since the proxy servers frequently changes it’s IP/Port number.

■Even if you find a working proxy server it may be too slow.

■Your privacy is not guaranteed since all your traffic is routed through the proxy server.

■The administrators of the proxy servers may steal your valuable information such as passwords,SSN (Social security number),Credit Card details etc.

So with all these being the risks then how to find a Working,fast,Highly Anonymous and secured Proxy servers?



Now I will give a list of softwares that will really hide your IP address.I have tried many such softwares and have found only few of them working perfectly.Here is a list of working IP Hiding softwares that you can try.I have listed them in the order of their popularity



1. Hide The IP



Let’s you choose the country,Type and speed of the proxy.Not so popular but personally I recommend this to the users.



2. Hide My IP



3. Hide IP NG



You can get more informations about these products on their respective homepages.



How to ensure that the IP is hidden ?



Before you hide your IP you can check your real IP by visiting the following site.



WhatIsMyIPAddress.Com



Once you get your real IP, switch on your IP hiding software.Now once again visit the above site and check your IP address.If you see a new IP then this means that your software is doing the right job.Also the above site(Whatismyipaddress.com) is capable of detecting many proxies.If you see the words such as “Suspected proxy server or network sharing device” or similar words then it means that the proxy you are using is not an Elite Proxy.



One Final Word before you leave! Even though Elite proxies are almost undetectable this doesn’t mean that you can escape from online crimes by hiding your IP.There are many proxy detecting services available which detect almost any proxy.So if you involve in any cyber crimes then you will definitely be behind the bars.Using proxy will not help you in this case.



One More thing, It is unsafe to use proxy during e-commerce transactions such as Online banking,Online Credit Card payment etc.So please avoid proxies during these circumstances.

10 Tips to Enhance your PC Security

Today almost everyone of us have a PC with an internet connection but how many of us think about it’s security? In fact most of the people are least bothered about their PC’s security.Especially if you have an internet connection safeguarding your PC against network threats is a must.If your PC is not secured then it might be vulnerable to various threats.The threat may be as simple as a virus which corrupts your data or as complex as an identity theft where there are chances of huge loss of money.Did you know that unsecured PCs can be hijacked in minutes ? If you are really concerned about PC security then here are the top 10 security enhancements for your PC.




1. Check Windows Update.Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.



2. Install a good Antivirus software and update it regularly.An Antivirus without updates is of no use.



3. Install a personal firewall. Both SyGate (http://www.sygate.com//) and ZoneAlarm (http://www.zonelabs.com//) offer free versions.



4. Install a good Antispyware.(Antivirus with built-in antispyware is a go0d choice)



5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro#l. This will make it much harder for anyone to gain access to your accounts.



6. If you’re using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.



7. Be skeptical of things on the Internet. Don’t blindly assume that an email “From:” a particular person is actually from that person since it is possible to send a fake email.



8. Check for Versign SSL (Secure Sockets Layer) Certificate (Or logo) before you make any ecommerce transaction (Credit card transaction) with a website.



9. Never disable the Auto-Protect feature of your Antivirus.If your Antivirus doesn’t have Auto-Protect feature then manually scan the files before you execute them.



10. Never give out your passwords to anyone at any time even if the person claims to be from “support.”

Free Tools for Spyware Removal

There are lot of PC users who know only little about “Spyware”, “Malware”, “hijackers”, “Dialers” & many more. This article will help you avoid pop-ups, spammers and all those baddies.




What is spy-ware?

Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent.The term spyware suggests software that secretly monitors the user’s behavior.Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited etc.



How to check if a program has spyware?

It is this little site that keeps a database of programs that are known to install spyware.



Check Out: SpywareGuide



How To Block Pop-Ups?

If you would like to block pop-ups (IE Pop-ups) there are tons of different tools out there, but these are the two best, I think.



Try: Google Toolbar - This tool is a Freeware.

Try: AdMuncher – This tool is a Shareware.



How To Remove Spywares?

If you want to remove spwares then you may try the following tools/programs



Try: Lavasoft Ad-Aware - This tool is a freeware.

Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.



Try: Spybot-S&D – This tool is a freeware.

Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.



Try: Spy Sweeper - This tool is a shareware.

Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.The best scanner out there, and updated all the time.



Try: BPS Spyware and Adware Remover – This tool is a shareware.

Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you’d like to remove.



How To Prevent Spyware?

To prevent spyware attack you can try the following tools.



Try: SpywareBlaster - This tool is a freeware.

Info: SpywareBlaster doesn’t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.



Try: XP-AntiSpy - This tool is a freeware.

Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people

Hack Protect your Orkut Account

Most of the people ask me “How to hack an Orkut account” which I have already discussed in my previous post Hacking Orkut. But here I am giving you a detailed information about how to protect your Orkut accounts. As we all know most of the Google services are still in BETA. So,websites like Orkut, powered by Google is not totally secure!Several people feel proud in hacking other user’s account. You do a foolish thing, and next day your account is hacked. This is very sad indeed, but hackers are adding names to their victims list till now.



How can a hacker hack my Orkut account?

The answer to this question is already discussed in my previous post How to Hack Orkut.



But this post is meant for providing some safety measures to prevent your Orkut account from being hacked. There is not much you have to take care of. Just follow the simple steps and never get your orkut account hacked in your life.



1. Never try to login/access your Orkut account from sites other than Orkut.com.



2. Never click on any links from the sources you don’t trust while accessing your Orkut account. (or while accessing any other Google services like Gmail,Blogger etc.)



3. Delete any links on your scrapbook, no matter if a known or unknown person have sent it.



4. Never disclose your orkut login details with anyone.



5. Never ever use Javascripts on Orkut, no matter whatever it claims to do. Get satisfied with the services provided by default! Avoid using third party Scripts which might be malicious.



6. Never get excited to see a site claiming to have 1000 cool orkut tricks for which you have to just log in to your orkut account. Don’t trust that site. That’s a Phishing site.



7. Never tick the box “REMEMBER ME” on the orkut homepage if you are surfing from a cafe or a public area.



8. Always remember to hit Sign out button, when you are done.

Know More About Trojans and Backdoors

A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.




■It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.

■Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.

Working of Trojans

■Attacker gets access to the trojaned system as the system goes online

■By way of the access provided by the trojan attacker can stage attacks of different types.

Various Trojan Types



■Remote Access Trojans

■Password Sending Trojans

■Keyloggers

■Destructive

■Denial Of Service (DoS) Attack Trojans

■Proxy/Wingate Trojans

■FTP Trojans

■Software Detection Killers

Modes of Transmission



■Attachments

■Physical Access

■Browser And E-mail Software Bugs

■NetBIOS (File Sharing)

■Fake Programs

■Un-trusted Sites And Freeware Software

Backdoor Countermeasures



■Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)

■An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.

■Educate your users not to install applications downloaded from the internet and e-mail attachments.

How to create a self-signed SSL Certificate ...

Overview



The following is an extremely simplified view of how SSL is implemented and what part the certificate plays in the entire process.



Normal web traffic is sent unencrypted over the Internet. That is, anyone with access to the right tools can snoop all of that traffic. Obviously, this can lead to problems, especially where security and privacy is necessary, such as in credit card data and bank transactions. The Secure Socket Layer is used to encrypt the data stream between the web server and the web client (the browser).



SSL makes use of what is known as asymmetric cryptography, commonly referred to as public key cryptography (PKI). With public key cryptography, two keys are created, one public, one private. Anything encrypted with either key can only be decrypted with its corresponding key. Thus if a message or data stream were encrypted with the server's private key, it can be decrypted only using its corresponding public key, ensuring that the data only could have come from the server.



If SSL utilizes public key cryptography to encrypt the data stream traveling over the Internet, why is a certificate necessary? The technical answer to that question is that a certificate is not really necessary - the data is secure and cannot easily be decrypted by a third party. However, certificates do serve a crucial role in the communication process. The certificate, signed by a trusted Certificate Authority (CA), ensures that the certificate holder is really who he claims to be. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. Without certificates, impersonation attacks would be much more common.



Step 1: Generate a Private Key



The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage.



The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.



openssl genrsa -des3 -out server.key 1024



Generating RSA private key, 1024 bit long modulus

.........................................................++++++

........++++++

e is 65537 (0x10001)

Enter PEM pass phrase:

Verifying password - Enter PEM pass phrase:



Step 2: Generate a CSR (Certificate Signing Request)



Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR, which will be demonstrated in the next section.



During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for "Common Name (e.g., YOUR name)". It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL. If the website to be protected will be https://public.akadia.com, then enter public.akadia.com at this prompt. The command to generate the CSR is as follows:



openssl req -new -key server.key -out server.csr



Country Name (2 letter code) [GB]:CH

State or Province Name (full name) [Berkshire]:Bern

Locality Name (eg, city) [Newbury]:Oberdiessbach

Organization Name (eg, company) [My Company Ltd]:Akadia AG

Organizational Unit Name (eg, section) []:Information Technology

Common Name (eg, your name or your server's hostname) []:public.akadia.com

Email Address []:martin dot zahn at akadia dot ch

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:



Step 3: Remove Passphrase from Key



One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:



cp server.key server.key.org

openssl rsa -in server.key.org -out server.key



The newly created server.key file has no more passphrase in it.



-rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr

-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key

-rw-r--r-- 1 root root 963 Jun 29 13:22 server.key.org



Step 4: Generating a Self-Signed Certificate



At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.



To generate a temporary certificate which is good for 365 days, issue the following command:



openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Signature ok

subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information

Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch

Getting Private key



Step 5: Installing the Private Key and Certificate



When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled.



cp server.crt /usr/local/apache/conf/ssl.crt

cp server.key /usr/local/apache/conf/ssl.key



Step 6: Configuring SSL Enabled Virtual Hosts



SSLEngine on

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

CustomLog logs/ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



Step 7: Restart Apache and Test



/etc/init.d/httpd stop

/etc/init.d/httpd stop



https://public.akadia.com

source
 
http://akadia.com

Know More About Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When we see this, we may wonder what’s the difference between http and https. In simple words HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.



What exactly is Secure Communication ?

Suppose there exists two communication parties A (client) and B (server).



Working of HTTP



When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But imagine a situation where A sends a PASSWORD to B. In this case, the password is also sent as a plain text. This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between A and B , he can see the PASSWORDS since they remain unencrypted. This scenario is illustrated using the following figure









Now lets see the working of HTTPS



When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B’s side. So even if the Hacker gains an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (“xz54p6kd“) and not the original password. This is shown below

How is HTTPS implemented ?

HTTPS is implemented using Secure Sockets Layer (SSL).A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors to trust it. It has the following uses



1.An SSL Certificate enables encryption of sensitive information during online transactions.

2.Each SSL Certificate contains unique, authenticated information about the certificate owner.

3.A Certificate Authority verifies the identity of the certificate owner when it is issued.

How Encryption Works ?



Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So during a secure communication, the browser encrypts the message using the public key and sends it to the server. The message is decrypted on the server side using the Private key(Secret key).



How to identify a Secure Connection ?



In Internet Explorer, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar.You can click the lock to view the identity of the website.



In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.



So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations.Otherwise there are chances of Phishing using a Fake login Page.



I Hope this helps.Please pass your comments.

12 Tips to Maintain a Virus Free Computer

Is your computer infected with virus? Do you often get mysterious error messages? Well this is a common problem faced by almost all the computer users across the globe. There are many viruses and worms out there that could infect your computer. Some are harmless, but, they do have the capacity to do any number of nasty things, up to and including, erasing all data from your computer. However there are ways to keep viruses away from your PC. Here are the 12 tips to maintain a virus free computer.




1. Email is one of the common ways by which your computer can catch a virus. So it is always recommended to stay away from SPAM. Open only those emails that has it’s origin from a trusted source such as those which comes from your contact list. If you are using your own private email host (other than gmail, yahoo, hotmail etc.) then it is highly recommended that you use a good anti-spam software. And finally NEVER click on any links in the emails that comes from untrusted sources.



2. USB thumb/pen drives is another common way by which viruses spread rapidly. So it is always a good habit to perform a virus scan before copying any data onto your computer. NEVER double-click the pen drive to open it. Instead right-click on it and select the option “open”. This is a safe way to open a pen drive.



3. Be careful about using MS Outlook. Outlook is more susceptible to worms than other e-mail programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo (In Firefox).



4. As we all know, Internet is the main source of all the malicious programs including viruses, worms, trojans etc. In fact Internet contributes to virus infection by up to 80%. So here are the tips for safe surfing habits so that you can ward off virus infection up to the maximum extent.



■Don’t click on pop-up windows that announce a sudden disaster in your city or announce that you’ve won an hourly prize. They are the ways to mislead Internet users and you should never trust them.

■You can also use a pop-up blocker to automatically block those pop-ups.

5. Most of us use search engines like Google to find what we are looking for. It is quite obvious for a malicious website to get listed in the search results. So to avoid visiting those untrusted malicious websites, you can download and install the AVG LinkScanner which is a freeware. This tool can become very handy and will help you to stay away from malicious websites.



6. Install a good antivirus software and keep it updated. Also perform full system scan periodically. It is highly recommended that you turn on the automatic update feature. This is the most essential task to protect your PC from virues. If PC security is your first option then it is recommended that you go for a shareware antivirus software over the free ones. Most of the antivirus supports the Auto-Protect feature that provides realtime security for your PC. Make sure that this feature is turned on.



7. Install a good Antispyware program, that operates against Internet malware and spyware.



8. Never open any email attachments that come from untrusted sources. If it is a picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp, .tif, .mp3, .htm, .html, and .avi), you are probably safe, but still do a scan before opening.



9. Do not use disks that other people gave you, even from work. The disk could be infected with a virus. Of course, you can run a virus scan on it first to check it out.



10. Set up your Windows Update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system and Internet Explorer. These updates fix security holes in both pieces of software.



11. While you download files from untrusted websites/sources such as torrents, warez etc. make sure that you run a virus scan before executing them.



12. And finally it is recommended not to visit the websites that feature illegal/unwanted stuffs such as cracks, serials, warez etc. since they contribute much in spreading of viruses and other malicious programs

Beware of Common Internet Scams and Frauds

The term Internet Scam or Internet Fraud refers to any type of fraud scheme that uses one or more online services to conduct fraudulent activities. Internet fraud can take place on computer programs such as chat rooms, e-mail, message boards, or Web sites. In this post I will discuss about some of the commonly conducted scams and frauds across the Internet.



1. Phishing Scam

This is one of the most commonly used scam to steal bank logins and other types of passwords on the Internet. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging.


Example:You may receive an email which claims to have come from your bank/financial institution/online service provider that asks you to click a link and update your account information. When you click such a link it will take you to a fake page which exactly resembles the original ones. Here you’ll be asked to enter your personal details such as username and password. Once you enter your personal details they will be stolen away. Such an email is more than likely the type of Internet scam known as “phishing”. Phishing is said to be highly effective and has proved to have more success rate since most of the common people fail to identify the scam.


Most legitimate companies never request any kind of personal/sensitive information via email. So it is highly recommended that you DO NOT respond to such fraudulent emails. For more information on phishing visit my detailed post What is Phishing?


2. Nigerian Scams

This type of scam involves sending emails (spam) to people in bulk seeking their help to access large amount of money that is held up in a foreign bank account. This email claims that in return for the help you’ll be rewarded a percentage of the fund that involves in the transaction. Never respond to these emails since it’s none other than a scam.
In case if you respond to these emails you will be asked to deposit a small amount of money (say 1-2% of the whole fund) as an insurance or as an advance payment for the initialization of deal. However once you deposit the amount to the scammer’s account you’ll not get any further response from them and you lose your money. In fact “The large amount of money” never exists and the whole story is a trap for innocent people who are likely to become victims. The scammers use a variety of stories to explain why they need your help to access the funds. The following are some of the examples of them.


Examples:


■They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account

■They may claim that the person is a minor and hence needs your help to access the funds

■They may claim that your last name is the same as that of the deceased person who owned the account and suggest that you act as the Next of Kin of this person in order to gain access to the funds

3. Lottery Scams

This type of scam is similar to the one discussed above. In this type you may receive an email saying that you have won a large sum of money in online lottery scheme (ex. UK Lottery) even though you have not participated in any such schemes. The message claims that your email ID was selected randomly from a lagre pool of IDs. When you respond to such emails they initially ask for your complete name and address so that they can mail the cheque accross to you. After getting those details they may also send you an image of the cheque drawn in your name and address so as to confirm the deal. But in order to mail this cheque they demand a small amount of money as insurance/shipping charge/tax in return. However if you send the amount in hope to receive the cheque all you get is nothing. You’re just trapped in a wonderful scam scheme. Thats it.


4. Other General Scams and Frauds

The following are some of the other types of scams that you should be aware of.

In general, be aware of unsolicited emails that:

1.Promise you money, jobs or prizes

2.Ask you to provide sensitive personal information

3.Ask you to follow a link to a website and log on to an account.

4.Propose lucrative business deals

However it may seem to be a difficult task for novice Internet users to identify such online scams. Here are some of the common signs of such scam emails. By knowing them it may help you to stay away.



■All these scam emails never address you by your name. In turn they commonly address you something like “Dear User” or “Dear Customer” etc. This is a clear indication that the email is a fraudulent one

■When you observe the email header you may notice in the “TO:” Field that, the same email is forwarded to a large group of people or the “TO:” field appears blank. So this confirms that the email was not intended particularly for you. It was forwarded for a large group of people and you are one among them

I hope this post helps. Express your opinions through comments.