Tech Help Site

About a month ago Four Corners aired an episode talking about the dangers to be found on the internet and the prevalence of cyber crime.

For those (like me) that missed it you can go to the Four Corners website and view the video, read the transcript of the show and read some other details and interviews.

The ABC do a really good job of putting their content online following in the footsteps of the British BBC who have the best media website and content I have seen.

Check out the Four Corners report Fear in the Fast Lane

Internet Security: How Criminals Hack Other Peoples Computers: “

For those of you that work in Information Technology and started in the last 20 years or so, chances are you were inspired by movies such as War Games, Sneakers or even Hackers. Remember that 80’s T.V. show Whiz Kids? That was cool too. I so wanted to be one of those kids.

Of course, those movies were exaggerating the power of computers or how they worked, but it was fascinating! The idea of taking control of something or figuring out how it worked by poking around and analyzing it. It was this endless world of possibilities that got us pursuing some of the most thankless jobs in the world.

So how do criminals do things like hack other people’s computers? It really doesn’t take a lot of skill at all.

Let’s assume I’m the criminal for the sake of this story. Disclaimer: I have never been charged with any crime. I do not do the things I’ll talk about here. You shouldn’t either! Do not try this at home – do it somewhere else.

The easiest way to hack someone’s computer is to get your grubby little hands on it. If I got your computer AND found that your Windows XP accounts were password protected, I would simply use a bootable password reset disk to change or remove the passwords. Then I’m in. I’m not going to tell you where to get these utilities, however, I’m sure you can use Google.

If you had Windows Vista on the disk, with it’s BitLocker technology, it would be harder to get around the protection for certain. But it can be done. I’m sure this isn’t the only method out there.

“Okay smarty-pants! You’ve gotten into my account but I have passwords on all the documents that have my important information!”

Really? First, I don’t believe you since very few people even know that they can password protect documents. Second, there’s a good chance you use the same password for all the documents. Chances are you figure that having a strong password on the Windows account is good enough, that you’ve used a pretty weak one on your documents. Any sort of password cracker using a rainbow table or dictionary attack will get through those in a matter of seconds to minutes.

What if you had set a BIOS password, so that I couldn’t even get to the operating system without knowing it? Well, that’s another step in the right direction, but, yet again, it can be done. The thing is, now I have to do a lot of work. Steal the computer, crack the BIOS password, crack your Windows protection, and crack the document protection. Since most people who steal, steal from people they know, I’ll probably know that you do these things. I’ll look for an easier target. Lazy criminal laggards!

“But Guy!” you say, “what if I do all of that but you want to get at me over the Internet?”

First off, why do you keep calling me Butt Guy? (Seriously, I NEVER get tired of that joke!) Second, um, yeah, I could do that. However, I’m less likely to try to actually hack your computer. What I’m likely to do is hack websites that you use to gather the information I need to steal your information or money. Even with some creative web searching I can get an awful lot of information on you. Seriously. Try searching on your name and aliases you use on the web. You’ll be amazed by the social profile one could build on you, to steal your identity. So, be careful about what you put out there. It’s out there, pretty much forever.

If you would like to trace someone online MakeUseOf lists a numbers of really good free tools in the post about 15 Websites to Find People On The Internet.

Let’s say that I’m going to hack right into your computer remotely. The easiest way to do this is to trick you into downloading software that will allow me to take control of your computer. This kind of software is known as a Trojan Horse. I may send you an attachment, or link, in an e-mail that, once you open it, installs the Trojan program without you knowing it. Or, I may set up a web page on a popular topic, that will attack your computer and drop the Trojan Horse onto it. Here’s a story on exactly that.

Once that Trojan is on there, I can use it to take information from you, or I might use it to set up a proxy for me to get to other computers. The nasty part of that is that it is possible for you to then be implicated in whatever crime I committed. Sure, a good lawyer would get you exonerated, but how many lawyers are good enough with computers to understand what just happened? By the time you pay for the lawyer, and dealt with the embarrassment of being charged, you’re already done in. Then I’m long gone.

So what do you do? Well, you keep your operating system updated, you keep your software updated, you keep your antivirus and firewall on and updated. You should also disconnect your computer from the Internet when you are not using. But really, who does all that?

Every computer is like a house – locks on the door, but a glass window right beside it. Just as my dad often said, “Locks only keep out honest people.”

Did you like the post? Please do share your thoughts in the comments section!

New on MakeUseOf ? Get cheat sheets and cool PDF guides @ www.makeuseof.com/makeuseof-downloads/

Related posts

• Steal Your Friends Passwords and Software Licenses! (30)
• Ophcrack – A Password Hack Tool to Crack Almost Any Windows Password (16)
• Keeping Under the Radar and Securing Your PC Files (20)
• Keep Your Passwords Secret On A Public Computer With KYPS (13)
• How to Make Your Hotmail Sign In More Secure (2)

“

Please find some brief information on a few topics, most of which were discussed at the Mullies last week

How The Internet Works – I.P. Addresses

We discussed what an I.P or Internet Protocol address is and why some ISP (Internet Service Providers) might provide a static address for your connection.

I found the following article today which explains how the Internet works far better than I can/did.

Technology Explained: How The Internet Works – MakeUseOf.com

LiberKey Portable Apps

A portable application or program is one that can run without being ‘installed’ in the traditional manner on your computer. As the program runs without prior installation it can be carried on a portable storage device like a USB stick or portable hard drive and run on any computer. This makes the program portable and useable anywhere and also easy to back up and share. There are a good number of portable applications available as well as a number of suites and packages which gather together a number of apps.

I have been trialling the LiberKey portable apps suite and demonstrated it the other day. I quite like it as a front end to a number of small applications. The Liberkey software itself provides a sort of start menu along with an update function and the ability to switch your PC’s file associations over ( and later back) to the portable applications.

You can download any of the 3 suites but I suggest you start with the smallest ‘Basic’ suite. You can then visit their ‘All Softwares’ page to automatically add additional programs to your suite with just a click. For example portable Open Office is not included in any suite but is well worth a try and you can automatically add it to your LiberKey Suite here.

Check out the list of available programs – it is huge!

Of course all programs are free and many are in fact open source. Apart from a good Antivirus Program (see below) any Windows PC probably only needs this suite of applications provided with it to make a very useful and productive machine. Note to use the update functions you need to register at the website first – I did and have not received any spam or so on.

Antivirus – Eset Nod32

Since I have been using Windows 7 lately (the beta and now the release candidate) I have been trialling a few different Antivirus programs. Our old favourite at Mullies – AVG Free – does work with Win7 and is as good as usual – but how good is that.

Well I also tried Avira free and really liked it too. In fact I think it was better than AVG whilst being equally as low on the resource usage. If you are looking for a free Antivirus program then I think Avira is good.

However I have since trialled a paid program in Eset NOD32 Antivirus and have found it to be the best Antivirus and Antispyware program I have used. Again it is very light on system resources and does an excellent job. If you are prepared to spend just a few dollars then please don’t buy the bloated Norton or McAfee offerings – you will be happy with NOD32

Some of us may have been following the whole ‘OzCar’ affair amongst our Federal politicians. (see Turnbull denies passing on fake email) . Me – I couldn’t care less but I did find it interesting how technology particularly emails and their authenticity entered into the accusations.

At our recent meeting Ross mentioned it made him curious about how the email header worked in his email program and whether he could change it – and he could.

Most desktop email programs – such as Thunderbird, Outlook, Outlook Express or the updated version called Windows Mail or Windows Live mail – will allow you to specify to specify a ‘From’ address with some even doing so on a per email basis. The details you write in the From address don’t have to be the actual address you are using, that is they don’t have to correspond with the address that your Internet Provider or email provider (if you use a Yahoo, Gmail or other address) has given you. This sort of spoofing of addresses is an old way of sending spam which of course looks to come from someone other than the real spammer

The secret is not in the sender but in the receiver because all of the details of the email are contained within the ‘Header’ of most any email message and it isn’t hard to see them if they aren’t shown by default.

Below is an excerpt from an article at MakeUseOf.com that discusses the information contained in every email and the ways in which you can find it for yourself.

How To Trace Your Emails Back To The Source

Most people won’t notice this, but emails actually arrive in your inbox with a ‘receipt’, which contains a lot of information about the sender. In order to find the sender’s identity, we only need to retrieve an IP address, but inside the email header we can also find the originating domain, reply-to address and sometimes even the email client, for example Thunderbird.

Why would you want to find out the identity of the sender? Well, you may have heard of shady email scams or emails supposedly from Paypal inviting you to re-enter your personal information. Now, you can determine if an email is truly from the authentic source.

Accessing the email header is different for every email provider or email application, and sometimes, it is even hidden. In most of the cases however, the option to reveal the full header will be somewhere in the area where the subject and sender name are provided.

So read the article and next time you get a suspicious looking email you can check it out. You never know – it might be from Ross!

Adobe’s PDF document format is pretty popular. I am willing to bet most people have Adobe PDF Reader software installed on their PC.

The trouble with software is the more popular it is the more attractive it is to hackers etc to try and exploit it for malicious gain – can you say Windows! So with Adobe Reader being so common whenever a security flaw is found it is highly likely that there are some internet baddies out there trying to take advantage of it.

Adobe are pretty vigilant about upgrading the product regularly to address any flaws and this is the case now. The only downside is that the program is a pretty big download each time.

To keep yourself safe make sure you upgrade to Version 9 (or at least 8.1.3 or higher)

Alternatively I quite like Foxit PDF Reader. It performs the same functions for most users, includes some unique features that the free Adobe program doesn’t like adding bookmarks. Best of all it is free and a much smaller download. Check out the features in the review linked below. If you do install be sure to say ‘No’ to installing the Yahoo toolbar and eBay icon (unless you really want them)

Links

Adobe Reader 9 download

Foxit PDF Reader download

Foxit PDF Reader review

Details here via BBC

Just goes to show that the spammers/scammers will use any medium – email, IM, Facebook, MySpace, Filesharing and Torrents -  to try and infect the dumb users on the net.

To get this virus you need to:

1. Open a Facebook message (probably from someone you don’t know)
   The title is “you look funny (or ‘awesome’) in this new video” 
   I mean, wouldn’t you know if you had been videoed???
2. Click on a link that says “secret video by Tom” 
   You know Tom your best mate who videoed you – yeah right
3. Click on a prompt to download a ‘new version of Adobe Flash’
4. Sit back and watch yourself get infected

My point is you need to break the sensible rules of internet usage not 1 but 3 times to get this virus. Maybe those who get it deserve it.

For those who might not know:

1. Don’t open email or messages from people you don’t know
2. Don’t just do it anyway cause like your antivirus software is really good and that
3. Don’t open any attachments to emails or links in messages unless you were expecting to get an attachment for a legitimate reason. And make sure you have ‘Hide extensions for know file types’ turned off in Windows so you can really see what the attachments are
   To do this: Open windows explorer or MY computer, Click Tools menu, Go to folder options, Go to view, Uncheck the ‘Hide extensions’ option in the list
4. Don’t click on links for program updates you didn’t ask for deliberately. If you think your Flash or other program needs an update run the ‘check for update’ function built into the program or else type/Google the programs website and download the update directly. This ensures you are getting a legitimate version. Reputable download sites like FileHippo.com or Download.com are ok too

Found this entry which discusses ways to keep your computer safe when travelling. Written by Chris Pirillo who is a bit of a legend among computer geeks

With laptops becoming more common and smaller it is easy to see how there are more going laptops going around. This provides more opportunity to thieves I guess. More likely though is that the machine is damaged in transit and the data is not backed up. We all know people who have lost vital info – of course it wouldn’t be us!

As always the #1 rules is “Back-ups Don’t leave home without them!”

Here is Chris’s list

• Pad The Laptop
• Keep It On You
• Back Up Data
• Encrypt Your Data
• Document Identifying Information
• Use Strong Passwords
• Use a BIOS Password
• Implement Remote Data Protection
• Use Portable Storage
• Just Leave The Laptop At Home

Source: 10 Tips to Keep Your Notebook Safe when Travelling ~ Chris Pirillo
Site: http://chris.pirillo.com/2008/10/23/10-tips-to-keep-your-notebook-safe-when-traveling/

Here are some interesting articles/links from around the Internet

Web’s Best 50 Free Downloads

Here’s a list of 50 free programs for you to download. In truth many of these you will  already have or have heard of but you may find something new here. If anyone on dial-up would like some of these programs downloaded and burned to CD just let me know

The Cyber Crime Hall of Fame

Rules are made to be broken the same way networks are made to be hacked into. These are nine of the most infamous criminal hackers to ever see the inside of a jail cell.

Top 10 Amazing Physics Videos

There are 10 good videos on science type topics at this site. Videos best viewed with broadband but may work (eventually) with dial-up.

I like this one – water droplets in space!

Brain Games

Some Flash games to play on the net but these ones have a purpose. To sharpen your mind!

I like Split Words – This game requires you to form words from fragments. The words are compiled using a theme and may have two or three parts.

If anyone finds anything cool on the net send us through a link.

As we have discussed here in the past AVG Antivirus is an excellent and free Anti Virus program. In fact because of the price (did I mention free!) and the small footprint (AVG doesn’t eat up much system resources and memory) it is one of the most popular AV programs around.

I have read recently (in the Windows Secrets newsletter) that the AVG can make a mess of some emails you receive. You see AVG has an email scanner built in – which is good. It checks emails and attachments for nasties like a virus or trojan when you send and receive an email. Great!

By default though what it also does is to add a little ‘certification’ to the bottom of each email to attest to the fact that it has been scanned. A few years ago this was pretty common practice for AV programs but it is rarely seen today. Here’s an example of what it puts on:

No virus found in this incoming message.Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.0/1556 - Release Date: 7/16/2008 4:56 PM

Frankly I find this pretty annoying but other people may like it, who knows?

Anyway it seems the adding of this text to emails you receive (and maybe send too) can garble the HTML code and mess up the email, even to the point it is unreadable.

But never fear I have a solution. From Windows Secrets:

To disable e-mail certification in AVG, click Tools, Advanced settings, choose E-mail Scanner on the left side of the window, and disable Certify e-mail for incoming messages. The steps are described in the AVG FAQ (scroll down the page to number 1376).

You may also want to disable “certify email for outgoing messages” too.

Please note – this does not turn off virus scanning of emails, it just turns off the last step of putting the certification on the bottom of each message.

So if you find some messages are coming in a little strange or, like me, you don’t want the little note on all your messages then just follow the steps to remove the certification. Easy!

If you go to this page you (click the image) you can download a free internet security suite suite.

The offer is made thanks to Westpac Bank and you don’t need to prove you are their customer to download. I have taken advantage of a similar offer from ANZ in the past.

The banks take the attitude that if they can help you stay safe on the net then you are less likely to have your password stolen and your bank account details misused. A cynic might say that by offering this free they are giving themselves an escape clause when a customer sues and says their site doesn’t offer enough protection

Anyway what you get is a free 12 months license for PC Tools Internet Security Suite which includes:
1. Spyware Doctor with Antivirus 6 for Windows
2. Privacy Guardian 4.1 for Windows
3. PC Tools Firewall Plus for Windows

I have not personally used any of these programs so I cannot recommend them one way or the other. But at this price they may be worth a trial