Archive for the ‘1’ category

The logic of restrictive access.

January 9, 2010

Encryption is a lot like a game. Since there are so many combinations of
a what a password could be, it becomes a probablity game.

But more of a deduction game because most crackers of security infrastructers
have a basic outline of rules of what a password is most likely to be.

Used to be, most people used very obvious things from their lives for their
passwords. Birthdays, family numbers, house numbers, phone numbers
things like that. Easy to remember passwords to login in to whatever
needed autenticating.

So password cracking back in those days, from that standpoint was
not very difficult if you knew the person.
Also they tended to back up their passwords on sticky notes on their
monitors or the sides of their computers.

So the chances of a repairman getting authentication into your
network of information was pretty good.

Nowadays, authenticators tend to persuade people to make their passwords
harder to crack. Use lots of numbers and other strange charactors
so that it’s not obvious what it would be. Do not use birthdays, anniversaries,
etc.

You see these commonly on popular social network websites such as
myspace, facebook, etc.

If you follow these simple rules it really makes it more difficult for lower level
crackers like repairmen and average computer savy people to guess and
crack your passwords.

The big boys will always be able to get in no matter what.
Not because security sucks, but because that’s how the playng field is.
As good as they get, security software tries to keep up.
Sort of a batman and joker thing. One exists due to the other.

But, more relevant, what is security?

I mean, what does security mean when we strip down the fancy talk
and examine what’s behind all the hype.

These passwords and firewalls and rules and policies and everything
are just hoops to jump through to make it more difficult or time consuming
for the person attempting illegal behavior before they can get access.

Restriction of access is protection of access. And that’s the goal, isn’t it?
Access. Access to information.

Not unlike breaking into someone’s car or house for jewlry or money.
The values would be information.

So access is limited to authorized persons. People who are ‘suppose’ to
be able to see the information. Limited to just a narrow number, or only one,
person.

So that’s the goal. To be effective, there must be a ‘real’ door there with a lock.

So how do we go about putting a door with a lock around information?

Think about a bank. Ideally no one can just walk in and enter the vault, can they?
That would defeat the purpose of the vault. Why build a room with a huge metal door
and spend all that money and management if people were to just casually walk
in and take what they want.

So there must be a room around the information. A shell, a door if you will.
And obviously, if you’ve been keeping up, a lock. The key being the password.
So to gain access easily, one must grab the key.

Of course, like any other locks, there are other ways of gaining entry or access.
You break the door or lock. In the real world this is done physically.
You’ve seen it done in the movies, people shoot the door knob and gain
easy entry into the room. Or people attach a chain to the door and
drive a car the opposite direction and pull the door off by natural force.

Since information is logical, then there must be logical arguments
to protect the information. So firewalls are basically body guards with
policies. They check all incoming and sometimes outgoing, depending on
the firewall, protocols before they enter your computer and check their
list to see if they are allowed access.

If no, they are rejected and your firewall pops a window up alerting you
of suspicous activity so you can feel good about your protection.

But how about gaining entry to a secured network?

Wireless security, or any other security for that matter is basically set up
to deter by creating an effort on the attacker. If they are truely
determined, they will spend the time going up against the wall until
they have found flaws or until they have successfully tricked the wall
in order to gain access.

Some firewalls today are very smart in that they know they will be cracked
and attacked eventually. Basically it’s the value of what they are proctecting
that determines their chance of survival and effort.

So in those cases those firewalls are setup for fail safe. A plan B effect.

The effect is, if the firewall feels like it’s about to be penetrated and it cannot
stop the attack, it will auto shut down and all connection to it will
cease. Then the network goes down physically and the attack fails to gain
access.

Then the network administrator is alerted that the network is down,
and knows why because he was the one who programmed it
and deals with the situation from there. Hopefully checking the
integrity of the information as that would be the point.

So, what did the hacker do? How would he have gotten in?

They use chance against an argument.

The argument is, no one gains entry without authentication (password).
If you don’t have the correct password, the firewall knows the password
because it’s stored on the firewall.  Quite literally it’s checking against it’s
own database. If the name you provide isn’t on the guest list, you are simply turned away.

However, if one could see the guest list, one could assume or even guess
a name correctly and the argument would be correct. Therefore gaining
entry without more of a problem, and simply walking inside.

So cracking is just the art of decoding what is known to the hardware.
It’s decoding and giving a code of authentication in order for the
argument to be true.

See why they call it spyware. It a spy for information.

In other words, crackers must play the game first, if they want entry.

As I’ve said, there are ways around this. Depending on how the firewalls
are setup, crackers don’t always try to crack passwords. There are many
other ways to gain entry. And they don’t even have to guess passwords
these days. Bots and spyware are used to lessen the guessing game.
Which is why you should definitely do regular scans with up to date
anti spyware anti virus programs. Because even if it’s not guarenteed,
it’s still something.

But.

With wireless systems password cracking became even easier.
If you think about it, crackers don’t even have to be on your computer
or connected to your network anymore. They just need to
‘see’ your computer show up in their list of active networks
on their PCs and they can run programs off that alone.

Wireless cafes were pretty good for that. If you ever watch
Hak5 or other PC nerd web shows they show instances of
internet cafe crackers.

It’s simple enough to do these days, what with the popularity of
wi fi and laptops and open internet accessed connections.
Even with a personal firewall on your computer, the odds
are pretty good that it’s vulnerable to attack fairly easily.

But I digress.

This was more about the logic of restricting access to a limited
persons. Not the dangers of wireless or other types of computer
networks. Just look around on the internet, you can find those
everywhere.

In short, security can always only ever be at the same level as
the competition (crackers). As with any security, if someone wants
in bad enough, and they are determined enough, nothing is going
to stop them…except maybe a fail safe like disengaging all network
activity. Which is a really good idea actually.

Some tips for lowering your security risk:

1. Don’t purchase the most popular hardware avaliable.
Don’t purchase the most popular software available on the market.
If everyone has it, it’s more likely an easy target for crackers. Like Windows
and Microsoft Office and eventually Norton.

2. Choose your authentication methods carefully.
this is really important, because even though it can be decoded by the
right software these days, it still takes time. strong passwords
are simply to deter those less interested, so make it good.

3. Be aware of your surroundings and dealings with people.
Of any security be wary of who you give information to.
Social hacking is easy and very popular with cracking.
protect your information by not giving it out to others.

4. Change those passwords.
It sounds frustrating, but changing passwords makes it harder
for someone to break into your structures. It’s like changing
the security code on your car alarm.

5. Keep your software up to date with the latest security downloads.
No matter what software you have, remember to keep it up
to date with the latest security downloads. They are there
for a reason, use them. Scan that harddrive at least once a month.

Advertisements

Magic Jack verification request

October 8, 2009

I am a proud owner of Magic Jack. It is awesome and wonderful and best of all, it saves
so much money on phone calls, it makes me want to cry or something.

It’s a very simple and easy device to use. Even with sign up for the first time,
it still only took about a minute or two to register an account with them.

Every time I wanted to use it, I simply plug it into a free USB port on any of my
home computers (and I have many) and it automatically recognizes the device and
auto runs the program. In seconds the device is ready
to call any number in the United States.

I have been using Magic Jack since March. Never had a problem with it at all.

Then today for the first time I plugged it in and it gave me an error message (see Windows not detecting DVD device for more details and a fix for that btw).

First it said I didn’t have my USB device plugged in. I assured it I did, by unplugging and replugging the Magic Jack elsewhere in another free USB port on my laptop. The error message came back up.

Well, long story short, I had to use a registry fix for an unrelated problem with
Windows not detecting my DVD device. As I said, read the previous post because
it has a fix.

Moving on, when I did finally fix the devices issue (unrelated windows error), instead of the
regular Magic Jack screen that says Ready To Call, I got, Not Connected. Just then
I got a big pop up window that wanted me to verify my account information.

Well, I’m a paranoid internet user. I don’t just give personal information to any
pop up that comes along, no matter how official it looks.

So I went to the source. The Magic Jack website and got on the Free Tech Support Instant Messaging
service they have there. A technician always available to chat 24/7. As is advertised on
the site.

So I opened a window up and asked the friendly tech what was going on.

She assured me this was very normal. From time to time Magic Jack will ask for
account verification without warning. And if you don’t supply it with such, you can’t
use the device.

I told her that was unusual as I had been using Magic Jack since March 2009, and
never had this pop up before. So I asked if there was a settings option inside Magic Jack
that I could turn this off.

No, was her answer.

She said it was normal and suppose to happen and if you just enter the information
in, you will be good to go.

So, with her on the line, I entered said information in and sure enough
I was able to get past the screen and see my favorite screen
READY TO CALL.

So, this is just a blog reassuring anyone who may be looking it up
on the internet, as I did, that this is normal. Straight from a Magic Jack technicians mouth.

Also, if you don’t have Magic Jack and you use a computer
constantly (as I do), and you make a lot of long distance calls.
This service makes sense. $20 a year for unlimited local and long distance.

I’m very happy with the service as you get free voice mail and
contact list and caller log FREE.

It’s a great service despite what others may complain about. I’ve
had it for many months and I’ve never had a problem with it.

Except this one, but this wasn’t a problem, simply a concern.

Windows not detecting DVD device

October 8, 2009

Among the many other things that have gone wrong this week, seems that something I wouldn’t
expect to go back, went bad. Sort of the last thing I would think I would need to fix.

Somehow my DVD RW device on my laptop got corrupted.

I have an Optiarc DVD RW in my laptop. And for two days now it apparently hadn’t been
functioning properly. I don’t know, it was working fine when I was watching House on DVD.
But I needed the drive to work to use Magic Jack. A wonderful invention of VOIP technology
that I highly recommend if you have a broadband internet connection, know how to use a
computer or have someone around that knows how to use a computer.

But that’s another topic. Let’s stick to this problem.

I had tried to use Magic Jack today and as I usually just plug it into one of my freed up USB ports
on my laptop, I got an error message that said I needed to plug it into a USB port. So I took it out,
and plugged it in another free port on my laptop. Same error message.

So I looked in My Computer icon and noticed that only the USB icon was there for magic jack. Usually there is also a CD ROM there as well, even though you don’t use a CD to install or use Magic Jack. So that confused me at first.

Then I inserted a CD into the DVD drive to see what would happen. And then I saw that nothing appeared
in My Computer. No drive, no nothing.

So I went into device manager to see what was going on and I found that oddly enough,
there was a problem with the driver of my Optiarc DVD device. It had a yellow sign on
the drive. I was confused because optical drives don’t need drivers in versions of Windows
after 95, so I couldn’t have needed to reinstall the drivers.

So I went looking on the internet to see what was going on.

That’s when I came across this enlightening forum article:
http://forums.driverguide.com/showthread.php?t=41081&vforum=0c3238d3

It seems that the problem was that my DVD device was not being detected by Windows Vista.

Why?

I still don’t know.

A corruption in the drivers? I don’t know.

But the fix worked perfectly. So I catalog it here.
http://forums.driverguide.com/showthread.php?t=21669&page=4

I will also write out what to do as well.

Simple solution:

Situation
There is a yellow exclamation mark for CD/DVD drives in Device Manager.
The device status in the properties of the driver might indicate an error code,
for example 32, 37, or 39. Or the drive simply does not appear in My Computer or
Device Manager.

Solution:

To solve the issue, you have to edit the Windows Registry:
Click Start, then Run, type REGEDIT or REGEDIT32and click OK.

Locate and then remove the following registry values:

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Class {4D36E965-E325-11CE-BFC1-08002BE10318}LowerFilters

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Class {4D36E965-E325-11CE-BFC1-08002BE10318}UpperFilters

Close Registry Editor.
Reboot the system for the changes to take effect.

Note: Some programs are unable to detect the CD/DVD drive after these steps.
To solve this, simply re-install the program in question, eg: usually your recording software.
Also, in few instances the order in which the programs are (re-)installed can make a difference.

And so I follow the above instructions and rebooted my laptop. And sure enough
When desktop came back up, I plugged Magic Jack into my laptop again and
just like Magic (get it?) it worked!

Software that dosen’t clean up after itself

October 4, 2009

You’ve done it many times before. I have.
Went to the Add/Remove applet in Windows to finally get rid of that software that’s
been on your computer for ages, but you never use anymore. Or maybe to
get rid of old versions of software to make way for the new stuff.

You go into Add/Remove applet and select the desired software by name and choose to uninstall.
It asks you about a million times if you REALLY want to uninstall this software, etc.
You do, it gives you the quick progress bar and tells you it’s hard at work cleaning up.

Then the end comes and it’s complete.

You believe in the end, that’s it’s gotten rid of it. That it’s all gone. Outta here!

But you’d be wrong.

Wouldn’t it make sense to completely uninstall a program through add/remove programs?

You’d think so.

It would be even easier to uninstall these programs through the programs uninstaller that it
came with when it installed on your computer in the first place.

Once again, you’d think so.

However, as reality dictates time and time again
things aren’t always what they appear,
or don’t appear to be.

Some programs do uninstall completely, in fact most programs do, when you use the
Add/Remove applet in windows to get rid of those useless process time taking annoyances.

But sometimes, programs just uninstall the face,
and leave behind a mess to clean up
of hidden little bits and pieces in your computer.

Registry is where everything is listed.
Everything that installed on your computer
will show up registry, even if it dosen’t
show up in the Add/Remove applet.

Here, you can see every program that is
currently installed on your program.
What’s more is, you can see all the
pieces that programs you thought
you uninstalled have left behind because it
was apparently too much work and they couldn’t
be bothered at the time.

But it’s not just in Registry that programs
leave behind pieces of themselves.
They also are scattered in various
System folders, driver folders, etc.

Mining for all the pieces can be not only
time consuming, but…booorrriinnnngg.

I mean, why do you have to do all this extra work when windows or the
uninstaller program should have done it for you.

Because that’s life kiddo!

So, the moral to the story here folks, is this,
when you get rid of some software on your computer and somehow parts of it
keep popping up from time to time,
check further. You’d be surprised that you
really didn’t get rid of anything at all.