Here are some points you need to take care of, to prevent your Orkut account being hacked !!!!
Java script: You must have seen the circulating scraps that asks you to paste this code in your address bar and see what happens! Well sometimes they also leak out your information. Check the code and if you are unsure of what to do, then I recommend not to use it.
Community Links: Many times you are provided with a link to a community in a scrap. Read the link carefully, It may be something like http://www.okrut.com/Community.aspx?cmm=22910233 OKRUT not ORKUT. Clicking on this link will take you to a fake login page and there you loose up your password.
Phishing Attack is the most popular way of stealing other's password. Popular by the name of fake login (among those who knows it) the users land on a page where they are asked for their login information and they enter their username and password thinking it to be a real page but actually it is other way round. It submits all the details entered to the programmer or the coder.
Orkut New Features: I have come across a page that looks like they are giving the user a choice of selecting new features for orkut with your ID and password, of course!! When user submit the page, there goes his ID and password mailed to the coder
Primary mail address: If by some means a hacker came to know password of your Yahoo mail or Gmail, which users normally keeps as their primary mail address in their Orkut account, then hacker can hack Orkut account by simply using USER ID and clicking on 'forget password'.This way Google will send link to the already hacked primary email id to change the password of the Orkut account. Hence the email hacker will change your Orkut account's password. Hence your Orkut account hacked too.
So a better thing would be to keep a very unknown or useless email id of yours as primary email id so that if the hacker clicks on 'Forgot password' the password changing link goes to an unknown email id i.e. not known to the hacker.
Sunday, April 27, 2008
Restoring System against common attacks !
Registry editing has been disabled
If you ever encountered above error, i.e. "Registry editing has been disabled by your administrator" on Windows XP or any other Windows NT Operating system, this may help you.
I have encountered the above error while patching registry. Even manual "regedit" was not working.
Here is simple solution.
Click "Start >> Run" or press "[window key + R ]" and type this command exactly as given below (or you can copy-paste it too)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Folder Options Disabled
Go to run
Type "control folders"
If it doesnt work, try:
Solution 1:
->Run -> Type gpedit.msc
Then:->User Configuration ->Administrative Templates --> Windows Components --> Windows Explorer-> Removes the Folder Options menu item from the Tools menu.
Right click:-> Properties -> Disable ->Apply -> Again set it to not configured
Solution 2:
Go to Startmenu->Run and enter regedit there and press ok to execute regedit (registry editor).
There you’ll see a tree like structure of folders like stuff in left.
There navigate to registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
and on right side you’ll see many values.
Out of these values in right see a value (key) named “NoFolderOptions” .Double click after highlighting it, if there under value box it’s written 1 then change it to 0 and press enter. Exit the registry editor and close any folder and open again to see the settings.
If you want to disable Folder Options then set the value of “NoFolderOptions” to 1 (and to retrieve it back change it to 0).
Orkut is banned u fool..MUHAHAHA...
How to fix the Orkut is banned you fool! Virus
Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!! with title ORKUT IS BANNED.
Well, a similar message was displayed for YouTube also.
Solution given here:
1. Press CTRL+ALT+DEL and go to the processes tab
2. Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
3. Press DEL to kill these files. It will give you a warning, Press Yes
4. Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!
5. Now open My Computer
6. In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.
7. Delete all the files here
8. Now go to Start --> Run and type Regedit
9. Go to the menu Edit --> Find
10. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"
11. Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes
12. Now close the registry editor.
Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.
UPDATE
It seems that they have named this malware as w32.USBWorm and according my friend, Avast is able to detect and remove it. I hope the other antivirus software will also be able to remove it soon.
Remove ntde1ect.com virus=show hidden files problem
First method
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.
Second method
RUN>> type "regedit"(without quotes) & press enter >> then go to>>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\
Now u can see two keys CheckedValue and DefaultValue
Double Click on CheckedValue and set the value 1 from 0
Double Click on DefaultValue and set the value 2 from 1
Now exit and watch
If you ever encountered above error, i.e. "Registry editing has been disabled by your administrator" on Windows XP or any other Windows NT Operating system, this may help you.
I have encountered the above error while patching registry. Even manual "regedit" was not working.
Here is simple solution.
Click "Start >> Run" or press "[window key + R ]" and type this command exactly as given below (or you can copy-paste it too)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Folder Options Disabled
Go to run
Type "control folders"
If it doesnt work, try:
Solution 1:
->Run -> Type gpedit.msc
Then:->User Configuration ->Administrative Templates --> Windows Components --> Windows Explorer-> Removes the Folder Options menu item from the Tools menu.
Right click:-> Properties -> Disable ->Apply -> Again set it to not configured
Solution 2:
Go to Startmenu->Run and enter regedit there and press ok to execute regedit (registry editor).
There you’ll see a tree like structure of folders like stuff in left.
There navigate to registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
and on right side you’ll see many values.
Out of these values in right see a value (key) named “NoFolderOptions” .Double click after highlighting it, if there under value box it’s written 1 then change it to 0 and press enter. Exit the registry editor and close any folder and open again to see the settings.
If you want to disable Folder Options then set the value of “NoFolderOptions” to 1 (and to retrieve it back change it to 0).
Orkut is banned u fool..MUHAHAHA...
How to fix the Orkut is banned you fool! Virus
Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!! with title ORKUT IS BANNED.
Well, a similar message was displayed for YouTube also.
Solution given here:
1. Press CTRL+ALT+DEL and go to the processes tab
2. Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
3. Press DEL to kill these files. It will give you a warning, Press Yes
4. Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!
5. Now open My Computer
6. In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.
7. Delete all the files here
8. Now go to Start --> Run and type Regedit
9. Go to the menu Edit --> Find
10. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"
11. Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes
12. Now close the registry editor.
Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.
UPDATE
It seems that they have named this malware as w32.USBWorm and according my friend, Avast is able to detect and remove it. I hope the other antivirus software will also be able to remove it soon.
Remove ntde1ect.com virus=show hidden files problem
First method
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.
Second method
RUN>> type "regedit"(without quotes) & press enter >> then go to>>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\
Now u can see two keys CheckedValue and DefaultValue
Double Click on CheckedValue and set the value 1 from 0
Double Click on DefaultValue and set the value 2 from 1
Now exit and watch
Saturday, April 26, 2008
The science of computer forensics
This week, I am introducing some tools used in computer forensics and investigations. This will probably be so much “ho-hum” to those of you already in the trade, but I thought this would be of interest to other TechRepublic members.
As usual, I have linked to specific products that I’m familiar with. Some readers have previously expressed concern that it represents unfair advertising. All I can say is that I don’t get paid for linking to anyone, but have personally found that I learn faster when pointed to actual products with specifications and prices to refer to.
Feel free to suggest other such products in the comments section.
HotPlug
The HogPlug device basically allows a running computer to be seized and brought back to a computer forensic lab for further study — without having to first shut it off.
Assuming a suspect could be caught by surprise when using his terminal, it is a means to effectively circumvent any disk encryption as well as login passwords or biometric schemes that might be in place.
Used together with a fully-charged UPS, the connectors are slipped into place when the system is still running. When main power is switched off, the power load will be transparently switched over to the UPS. The entire system — with the UPS, can then be loaded onto a trolley to be carted off.
Extrication from a power strip is literally a plug-and-switch event. For systems plugged directly into a wall socket, some dismantling of the face place is required. Check out the demonstration video at the top for the power strip method, or click here for the advanced method — it’s quite fascinating, really.
Write protection devices
As their name suggests, write protection devices actively prevent the writing of data onto the attached hard disk. It works on the hardware level by directly blocking write commands — be it while duplicating the data or performing a forensic analysis.
You can also use it as a way to protect your portable hard disk when transferring files to an unknown or hostile environment.
The DriveLock line supports data protection and enables blocking hard drives of various kinds such as IDE, laptop drives, Serial ATA and flash cards connected through a computer’s P-ATA interface, PCI Card, USB, and FireWire ports.
ICS sells a whole bunch of write-protect devices for various hard disk interfaces. This ranges from SATA to IDE and even compact flash readers. You can check it out here.
Mouse Jiggler
This nifty little device represents yet another reason why screen saver passwords are a flimsy deterrence at best. When plugged into a USB port, it emulates a mouse, albeit one that moves autonomously.
The movement effectively prevents a system from automatically switching to a screen saver, or from going into suspend mode.
Wiebetech sells two versions, including a “Slow Jiggler” in which the mouse movement is barely perceptible. With it, an investigator is able to continue working simultaneously from a real mouse. There is also a “Fast Jiggler,” whose only use is as part of a practical joke.
The Mouse Jiggler was originally designed to be used in tandem with the HotPlug to seize computers.
Network Taps
As the name suggests, a network tap allows an investigator to sample all traffic on a network while remaining undetected. These phantom devices are not addressable and are designed with the sole role of replicating transmission streams out via a monitoring port. Physical access to the actual cables is required, though. Network tapes are generally available for both copper and fiber solutions and for networks of varying speeds.
Do note that some higher-end network switches come with a “monitoring port” that can be used to the same effect.
catch this at http://blogs.techrepublic.com.com/security/?p=437&tag=rbxccnbtr1 !
As usual, I have linked to specific products that I’m familiar with. Some readers have previously expressed concern that it represents unfair advertising. All I can say is that I don’t get paid for linking to anyone, but have personally found that I learn faster when pointed to actual products with specifications and prices to refer to.
Feel free to suggest other such products in the comments section.
HotPlug
The HogPlug device basically allows a running computer to be seized and brought back to a computer forensic lab for further study — without having to first shut it off.
Assuming a suspect could be caught by surprise when using his terminal, it is a means to effectively circumvent any disk encryption as well as login passwords or biometric schemes that might be in place.
Used together with a fully-charged UPS, the connectors are slipped into place when the system is still running. When main power is switched off, the power load will be transparently switched over to the UPS. The entire system — with the UPS, can then be loaded onto a trolley to be carted off.
Extrication from a power strip is literally a plug-and-switch event. For systems plugged directly into a wall socket, some dismantling of the face place is required. Check out the demonstration video at the top for the power strip method, or click here for the advanced method — it’s quite fascinating, really.
Write protection devices
As their name suggests, write protection devices actively prevent the writing of data onto the attached hard disk. It works on the hardware level by directly blocking write commands — be it while duplicating the data or performing a forensic analysis.
You can also use it as a way to protect your portable hard disk when transferring files to an unknown or hostile environment.
The DriveLock line supports data protection and enables blocking hard drives of various kinds such as IDE, laptop drives, Serial ATA and flash cards connected through a computer’s P-ATA interface, PCI Card, USB, and FireWire ports.
ICS sells a whole bunch of write-protect devices for various hard disk interfaces. This ranges from SATA to IDE and even compact flash readers. You can check it out here.
Mouse Jiggler
This nifty little device represents yet another reason why screen saver passwords are a flimsy deterrence at best. When plugged into a USB port, it emulates a mouse, albeit one that moves autonomously.
The movement effectively prevents a system from automatically switching to a screen saver, or from going into suspend mode.
Wiebetech sells two versions, including a “Slow Jiggler” in which the mouse movement is barely perceptible. With it, an investigator is able to continue working simultaneously from a real mouse. There is also a “Fast Jiggler,” whose only use is as part of a practical joke.
The Mouse Jiggler was originally designed to be used in tandem with the HotPlug to seize computers.
Network Taps
As the name suggests, a network tap allows an investigator to sample all traffic on a network while remaining undetected. These phantom devices are not addressable and are designed with the sole role of replicating transmission streams out via a monitoring port. Physical access to the actual cables is required, though. Network tapes are generally available for both copper and fiber solutions and for networks of varying speeds.
Do note that some higher-end network switches come with a “monitoring port” that can be used to the same effect.
catch this at http://blogs.techrepublic.com.com/security/?p=437&tag=rbxccnbtr1 !
Subscribe to:
Posts (Atom)
