Posts Tagged ‘information’
Have you noticed a sudden drop of your Internet speed? A possible explaination is that some nasty program is doing things behind your back. Whether it is spyware, malware or adware you might have a serious case of unauthorized traffic on your hands.
But don’t worry, it’s quite easy to get a list of your connections in Windows. Such a list may turn quite helpful and may help you find some unknown applications are using your bandwidth for their dirty bidding.
Naturally this list will be generated through the Command Prompt. First, open the Command Prompt under Administrator Mode. To do that, open the Start menu, type cmd in the search box:
Right-click on cmd.exe and select Run as administrator:
The command prompt will open:
Enter the following command:
netstat -fab 5 > connections.txt
Now, before we press Enter, let’s take a moment to look what exactly are we doing here. First of all netstat is a command that generates a lot of useful information about your network status. Additionally there are several options we can add to our netstat command, some of which are:
-f – for displaying the full DNS name for hosts on the other side of each connection. This makes the generated data a lot easier to comprehend.
-a – to put it simply this stands for “all”. As in “all connections and listening ports”.
-b – to output the name of the application making the connection.
Alternatively to -f you can use -n to display only IP addresses.
Naturally, “5” stands for how often do we want this information to be gathered. Finally, “> connections.txt” means that we want to output this information to connections.txt (so called piping).
So now that we now what we are doing, we can freely hit Enter.
Wait for a couple of minutes and press Ctrl + C to stop netstat. Now you can open connections.txt (which in our case is located in C:\Windows\System32 because we ran netstat from there) and see the activity of every application for the moment you started netstat, until you turned it off.
Note: This information may not be complete as we set netstat to update once in five seconds.
Note: This trick works on Windows 7 and Windows Vista. If you are still using Windows XP you need at least SP2.
When using PuTTY with multiple hosts and/or with multiple sessions, there is always the problem of entering the same information many, many times. Now, you can always go for the key-based SSH login with PuTTY, which is a secure way of doing this, but here, we will present you an easier and simpler way of auto-login using PuTTY shortcuts.
First, you must obtain a copy of the PuTTY client (available here). Now, after downloading it, open PuTTY:
In the Host Name field enter the name of the host, set the port in Port and enter a name for the session in the Saved Sessions text field:
Click Save to save your profile. Now when you double-click on the entry in the Saved Sessions or click on it, click Load and click Open your PuTTY client will automatically connect to it. You can save every host you like in the Saved Sessions:
Now here is the really nice part. Create a shortcut to PuTTY and open its Properties:
Now after the current Target (after the “ if any, and don’t forget a space), you can add a few arguments to automatically log into a saved session. The possible arguments are:
-load “<session_name>” – for automatically loading a session. Note: <session_name> is a saved session name and not a hostname.
-l <username> – for automatically entering a username on the host.
-pw <password> – for automatically entering a password.
Note: Using the -pw option is not secure in any way. If you use it you are storing your password in plain-text. If you have any doubts about how secure your machine is, please refer to the key-based SSH login.
It is also possible to only use some of those arguments, so for example if you want to load a session and a username you can only use the -load and -l options. Or if you use the same credentials for more than one host (which is bad, bad, bad…), you can omit the -load option. So, an automatic login on the host specified in the session ABlog with username root and password badandtrivial will be:
“D:\<path_to_putty>\putty.exe” -load “ABlog” -l root -pw badandtrivial
Note: This method is not in any way secure. It is merely a method to speed up your work, but stores passwords in plain-text.
So after editing a shortcut’s properties you only click OK to save. You can easily have multiple shortcuts:
Still, secure or not, it can be used for any non critical information. It is not, in any way, more dangerous than storing passwords in browsers…
In our previous tutorial about creating your own Certificate Authority, we introduced OpenSSL – an open source commercial-grade toolkit, which implements SSL and TLS (Secure Sockets Layer and Transport Layer Security) and provides a general purpose cryptography library. Naturally we continue with creation of certification requests (also called Certificate Signing Request).
Note: In this tutorial (as well as in the previous one) we assume CentOS is the OS of choice.
To create a certificate request we navigate again to /etc/pki/CA:
Now let’s create the certification request. We’ll request a certificate, which will last one year:
openssl req -config openssl.cnf -new -nodes -keyout private/<domain>.key -out <domain>.csr -days 365
Generating a 2048 bit RSA private key ..............................+++ .................................+++ writing new private key to 'private/<domain>.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:<country> State or Province Name (full name) :<state> Locality Name (eg, city) [Default City]:<city> Organization Name (eg, company) [Default Company Ltd]:<organization> Organizational Unit Name (eg, section) :<department> Common Name (eg, your name or your server's hostname) :<url> Email Address :<email> Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
This creates two files, <domain>.key, which is the private key and <domain>.csr, which is the Certificate Signing Request. Restrict the rights to the private key so it readable only by root and the user that will use it:
chown root:globus private/<domain>.key
chmod 0440 private/<domain>.key
So now that we have created the certification request it is time to sign it. Navigate to /etc/pki/CA:
Sign the certificate using this command:
openssl ca -config openssl.cnf -policy policy_anything -out certs/<domain>.crt -infiles <domain>.csr
Using configuration from openssl.cnf Enter pass phrase for ./private/ca.key:<ca_password> Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Nov 15 18:52:08 2011 GMT Not After : Nov 14 18:52:08 2012 GMT … CERTIFICATE INFORMATION … Certificate is to be certified until Nov 14 18:52:08 2012 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
After that, you need to remove the certificate request:
rm -f <domain>.csr
After the whole procedure two files are created. <domain>.crt – this is a domain specific certificate for the request. It is put in the certs directory. <certificate_number>.pem is the second file. It is put in the newcerts folder. This is a ready to use X.509 file which contains the information from <domain>.key and from <domain>.crt.
A new Android app looks nearly identical to the original Netflix app and steals account information.
The applications was discvered to be a Trojan, not long ago by Symantec. According to their blogpost the application originated from an online forum. What the application basically does is it sends user’s login information to a remote server, displaying a message that states that there are compatibility issues with the user’s hardware and then uninstalls itself.
According to Symantec the server, which was used for receiving the stolen logins is now offline.
The perpetrators could easily steal users accounts with the login information and perhaps even gain access to some private information. However, users don’t need to worry about their banking accounts, since the Netflix site displays only the last four digits of their credit/debit card number.
This basically means that no one actually knows what was the point of this fake app. Some speculate that this may be just a test and that we may see new fake apps, which could in their turn get their hands on a lot more sensitive information.
On the other side, some believe that the app was nothing, but a prank or a home project for some bored programmer.
What’s interesting about this app is that is not a modified and repackaged version of a normal app, but a completely new and independent app.
It is interesting to note that the success of the fake app is largely due to the so called “gap in availability” that Netflix inflicted on their users – their app was first released to a rather limited number of devices and recently republished in the Android Market.
What is even more interesting to note is that someone downloaded this app from a forum!
Last, but not least, take a look at the original and fake app (picture courtesy of Symantec):
The Internet proved to be a perfect environment for many new crimes, including a new version of identity theft – online identity theft. Online identity theft involves the gathering of confidential private information from the vast amount of information that is transferred through inherently anonymous services like e-mail, instant messaging and other web-based communication.
Identity thieves, do nothing more than exploiting basic human psychology. People’s instincts cause them to be open, trustful and naïve. Their will to cooperate, their desire to befriend other human beings and their respect for authority are their weaknesses. They cause them to reveal confidential information about themselves, their families, friends, companies, organization, etc. without even thinking for a moment how this information may be used.
But why? Why don’t people think before they talk? Well for the most part, many of them don’t actually realize what can one do using the information they provide. But for a skillful social engineer even a name or a phone number may be enough.
Despite the most common believes, most of the times online identity theft is not perpetrated by organized professional groups of IT specialists. With the rise of social networks and “sharing” of personal information, nearly anyone with mediocre computer skills can get enormous amounts of private information for most users.
But how can one prevent identity theft? Well, the first thing is awareness. People must know that revealing even a little piece of private information may have devastating effects. How? Consider this, a man contacts you and provides you with just enough “private” information for you to assume that he can be trusted, before you know it you have supplied him with enough “private” information for him to continue his scheme. How? He’ll use the information you provided to get more information. Soon, he has enough information to steal yours, your family’s, your friends’, your boss’s, etc. identity. Call it “the domino effect of information theft”.
What else? Strict policy for handling confidential information (whether personal or corporate). For companies this means awareness campaigns, trainings, protocols, etc. For users… well it pretty much means protocol. Yes, It all comes down to this – protocol. Even a tiny diversion from the protocols may turn out to be the key to the gate.
We’ll finish with this example of why protocol must be followed to the letter:
A colleague has just asked you a question about the new project you are working on, via his personal (and not corporate) e-mail. What do you do?
You answer? Wrong! Congratulations, you just revealed information about your company’s project to someone who has managed to compromise your colleague’s personal e-mail.
Symform is well known as a cloud storage provider. Until know it was business-oriented, but earlier this week it announced that customers will receive 100GB of free online storage. In comparison to other online storage providers, who offer 2-3GB, this sounds almost impossible.
Being aware that free lunches don’t exist, we set out to find what exactly the catch is (after all with such an amount of online storage the catch ought to be bigger than the usual). Well, here it is – to get the “free” 100GB of online storage, you must “contribute” 150GB of your own local storage which is on a device that is 24/7 connected on a broadband-connected network.
Symform claims that it uses a unique (although we wouldn’t say it’s exactly unique) storage model. It relies on two concepts – redundancy and distribution.
Basically the information is stored using the following procedure:
- For each block, a key is generated using SHA256.
- The block is encrypted using AES-256 encryption (notice its AES-256, not AES-128)
- The block is split into 96 redundant pieces which are stored on 96 random machines.
Notice that since the pieces are stored on different machines this increases the storing speed.
Now retrieving information is relatively easy. To restore a block only the fastest 64 pieces are needed (again an increase of speed). And here is where the math checks out. Each block is stored in 96 pieces and only 64 pieces are enough to restore it therefore for each GB of data we need 1.5GB to store it. Let’s note that this also guarantees that the chances of losing information are slim to none.
As mentioned above security issues are handled by encrypting each block.
In conclusion, we must say that despite being a pretty good deal – 150GB of local storage for 100GB of online storage, this is most definitely NOT FREE.
Still you can check what Symform has to offer
Every time you create an image or a document Windows 7 stores private information about you in the property section of the file. This information includes your username, company name, title, comments, tags, etc. If you have any concerns about your privacy then you can easily remove this information with a few clicks.
First, right click on your file and select Properties:
Read the rest of this entry »
Many people worry about their privacy because of the new Firefox 3.5 feature called Geolocation. Well turning it off is really easy using a little about:config trick.
How it works: The Geolocation feature determines your location using the Google Locations Services. It uses your IP, information about nearby wireless access points and a client identifier which is assigned by google every two weeks.
First open Firefox. In the address bar enter about:config:
Read the rest of this entry »
There is a vast amount of different applications. Although a lot of them are quite cheap, it is easier to simply have one in an electronic form. This way you can easily modify it to collect information which is specific for the given purposes. In this short tutorial we will use MS Word 2007 to find an employment application, modify it and have it ready for print whenever needed.
Open MS Word, press the MS Office button and select New. A new window will appear:
Read the rest of this entry »
Gathering information about the drivers you have installed on Windows 7 can be a rather tedious task. However there is a little trick which lets you get a full list of the drivers in a matter of seconds. Read the rest of this entry »