Recent Posts

1001

Living Room / Internet Explorer 8 Privacy Features Leaks Private Info.

« Last post by Ehtyar on August 29, 2008, 04:13 PM »

Well if you didn't see this coming, slap yourself upside the head.

A privacy feature built into the second beta version of Microsoft's Internet Explorer 8 browser aren't as private as advertised.

The InPrivate Browsing feature in Microsoft's latest browser is designed to delete a user's browsing history and other personal data that is gathered and stored during regular browsing sessions. The feature is commonly referred to as 'porn mode' for its ability to hide which websites have been visited from nosy spouses or employers.

Forensic experts however found it trivial to retrieve the history, according to a test by Webwereld, an IDG affiliate in the Netherlands, and Fox IT, a Dutch firm specializing in IT security and forensic research.

Full Story

Ehtyar.

1002

Living Room / Re: Hack It Yourself

« Last post by Ehtyar on August 29, 2008, 07:58 AM »

Glad to help Darwin

Ehtyar.

1003

Living Room / Hack It Yourself

« Last post by Ehtyar on August 29, 2008, 07:21 AM »

I'm a bit behind on my magazines, so this is old, but still interesting.

Not sure if your security setup is watertight? Davey Winder reveals how to test your security like a hacker would.

Only a complete idiot (or perhaps a government department) would run a computer, network or website without giving serious thought to security. With your data at threat from organised gangs at the top end, to solo chancers at the other, almost everyone has security applications installed to protect their system.

Full Story

Ehtyar.

1004

Living Room / 10 Worst Security Gaffes

« Last post by Ehtyar on August 29, 2008, 07:19 AM »

I'm a bit behind on my magazines, so this is old, but still interesting.

From battle plans left in the back of hire cars to Trojans on a TomTom, Davey Winder counts down the ten worst IT security blunders.

The trouble with security is that it isn't only the good guys versus the bad guys - there are any number of idiots in between to confuse the issue and make defending your data that much trickier.

Full Story

Ehtyar.

1005

Living Room / Resume/CV Advice

« Last post by Ehtyar on August 29, 2008, 07:14 AM »

Hi all.
I've found the thread here about making your resume as good as possible presentation wise, but now I'm looking for advice on what to include in my resume.
Since this is predominantly a techie forum (and since I'll be applying for techie jobs) I'd like to ask the techie employers and techie employers what works for them. My question comes in two points of view, with two subcategories each:

• Employers - Things you look for.
• Employers - Things you don't want to see.

• Employees - Things that work for you.
• Employees - Things that...didn't.

Please feel free to add your own questions to this thread, I'd like this thread to help out as many people as possible. Also, if you suspect your answer may be relevant to a specific field, then please say so to prevent any confusion. Alright gents and ladies, have at it! And thank you.

Ehtyar.

1006

General Software Discussion / Re: Computer Forensics Application

« Last post by Ehtyar on August 29, 2008, 06:59 AM »

Thanks again for the info PhilB, please excuse my further ignorance 
For those of you that were interested in this thread, here are the applications that made the final cut for my novice collection:

• ProcessExplorer - A very comprehensive process viewer from SysInternals.
• Autoruns - A very comprehensive start-up examiner, also from SysInternals.
• CCleaner - A general system cleaning application (temp files, browser cache etc etc).
• ClamWin - A free scan-only antivirus, also available for Linux.
• HijackThis - System settings scanner.
• Spybot - Malware and spyware remover.
• Avast - Free antivirus.
• gmer - Rootkit detector.
• IECacheView/MozillaCacheView - Cache viewers for their respective browsers.
• IECookiesView/MozillaCookiesView - Cookie viewers for their respective browsers.
• IEHistoryView/MozillaHistoryView - History viewers for their respective browsers.
• OpenedFilesView - Lists open files on your system.
• ProcessActivityView - Displays file activity for a specific process.
• RegView - Registry hive mounter.
• Stinger - Removal of particular nasties.
• SysClean - Malware and spyware cleanup.

Hope this helps, Ehtyar.

1007

Living Room / Re: IPhone Security Hole Bypasses Password

« Last post by Ehtyar on August 29, 2008, 06:35 AM »

ROFL - Ah, the iPhone, like most fashion accessories (read apple products) they're wholly impractical in the real world.

-Stoic Joker (August 29, 2008, 05:35 AM)

*applause applause*

Ehtyar.

1008

General Software Discussion / Re: Computer Forensics Application

« Last post by Ehtyar on August 28, 2008, 09:23 PM »

Lists of Freeware analysis tools

-PhilB66 (August 28, 2008, 08:41 PM)

Should have thought of CastleCops, thank you again!

I don't use it, never bought it, because it's too expensive for something I don't really need. But the geeky side of me finds a couple of things very neat. Like the ability to dump a program's memory space to disk - for example, I'd use it to see if my own and other apps "leak" passwords (in my password manager Oubliette I tried to erase the typed password as soon as possible, and only keep the hashed value in memory - but I'd like to make sure it works that way). I would also use it to dump a dictionary I use daily - which has no expoer feature - to convert it to another format, omcpatible with some other tools I use. I don't know if this feature is unique to WinHex - probably not, but it's where I found it

-tranglos (August 28, 2008, 09:18 PM)

I see. I'm fairly sure you could find those features in other applications, but for your purposes I certainly see the appeal. Thanks for the suggestions.

Ehtyar.

1009

General Software Discussion / Re: Computer Forensics Application

« Last post by Ehtyar on August 28, 2008, 09:07 PM »

Windows Incident Response forensic analysis on the cheap is a good starting point.

NirSoft has quite a few utilities... OpenedFilesView, ProcessActivityView, and RegFromApp, the browser history and Cache viewers, etc.

A good read is the Web Browser Forensics article by SecurityFocus.

-PhilB66 (August 28, 2008, 08:27 PM)

What excellent reads, thank you Phil.
Unfortunately I'm not really in a position to modify this machine too much (many of you may know that end users get a little upset when IT guys go around changing their perfectly setup system). This prohibits my installing anti viruses and such, though I have run scans with Clam and Spybot. I have already got the NirSoft tools you mentioned, though have not gotten to them yet.
Tranglos, I've used WinHex before, and I have to say I seem to miss what all the fuss is about. IMO, as a hex editor there are plenty better alternatives, and I can't seem to see what features are so coveted by its users. As I mentioned above I've been using ClamAV to keep from installing anything, and unfortunately your other suggestions would require me to do so.

Ehtyar.

1010

Living Room / Re: Phalanx2 Rooting Linux

« Last post by Ehtyar on August 28, 2008, 08:31 PM »

Very good advice, thank you 40hz.

Ehtyar.

1011

Living Room / McKinnon to Face Trial in the US

« Last post by Ehtyar on August 28, 2008, 08:18 PM »

Alleged hacker Gary McKinnon faces extradition to the US within two weeks, charged with breaking into NASA's computer system.

'NASA hacker' Gary McKinnon has lost his European Court of Human Rights appeal against extradition to the US.

McKinnon, 42, is charged in the US with unauthorised access to computers and causing damage to a protected system. He has fought attempts to try him in the US, where he fears he could be treated as a terrorist, tried in a military tribunal and ultimately imprisoned at Guantanamo Bay.

Full Story

Ehtyar.

1012

Living Room / IPhone Security Hole Bypasses Password

« Last post by Ehtyar on August 28, 2008, 08:14 PM »

Finally, something from Apple popular enough to expose their ignorance of security.

A serious security hole in the latest iPhone software exposes e-mail, text, and voice messages to whoever gets a hold of the device despite it being password-protected.

Basically, clicking emergency call and double-clicking the “home” button brings up the favorites on iPhone 2.0.2, which opens up the address book, the dial keypad and voice mail, according to a report on Engadget, which got the tip on the hole from the MacRumors Forum.

Full Story

Ehtyar.

1013

General Software Discussion / Re: Computer Forensics Application

« Last post by Ehtyar on August 28, 2008, 07:10 PM »

My apologies for being unclear, I didn't think the question through as well as i should have. An acquaintance has given me their computer, and I'm looking for a virus or malicious program running on the machine. Things I'm interested in are details about modules in memory, internet history, most recently accessed files etc. Currently I'm making use of autoruns, process explorer, spybot, clamwin etc, but basically i'm just looking for the easiest way to get the most information about the usage of this computer as i possibly can. The people I'm doing this for will need instructions on how to prevent a recurrence of the infection, as they're not exactly power users. I hope this clears things up a little bit.

Ehtyar.

1014

General Software Discussion / Computer Forensics Application

« Last post by Ehtyar on August 28, 2008, 06:35 PM »

Does anyone have a suggestion on an application for gleaning as much information from a Windows computer as possible? Thanks to April and Lash man who suggested regedit, but I'm looking for something a little more comprehensive. Any suggestions would be appreciated, though open source/free is preferred.

Thanks, Ehtyar.

1015

Living Room / Re: Video chat: Why don't people like it?

« Last post by Ehtyar on August 28, 2008, 06:27 PM »

I talk to the better half on skype video, and ocasionally some other friends, though for the most part i know what you're talking about. However, there are still plenty of people who are either without webcam, or suffering an internet connection that simply won't support video conversation smoothly. Then there are of course people who simply do not want to be seen over the internet (privacy, messy surroundings etc).

Ehtyar.

1016

Living Room / Phalanx2 Rooting Linux

« Last post by Ehtyar on August 28, 2008, 05:33 PM »

Linux servers are increasingly under attack from the Phalanx2 trojan/rootkit thanks to the Debian OpenSSL flaw and other weak SSH keys. The trojan can then acquire root access to a machine by exploiting and weakness in unpatched kernels.

Once a Linux server using a weak key is identified and rooted, it quickly gives up the keys it uses to connect to other servers. Even if these new keys aren't vulnerable to the Debian debacle, attackers can potentially use them to access the servers that use them if both the private and public parts of the key are included. Additionally, attackers can identify other servers that have connected to the infected machine recently, information that may enable additional breaches.

Full Story

Ehtyar.

1017

Living Room / Border Gateway Protocol Vulnerable to Packet Sniffing

« Last post by Ehtyar on August 28, 2008, 04:50 PM »

A vulnerability discovered in the Border Gateway Protocol could allow an attacker to sniff all traffic destined for a block of IPs virtually undetected.

For all the viruses, malware, and exploits that crawl around the web, fundamental flaws in the system are supposed to be few and far between, but the last two months have proven to be an exception to the rule. In July, Dan Kaminsky revealed his discovery of a DNS flaw that could be exploited to direct unwitting users to malicious web addresses, Now, practically on the heels of that announcement, a hacker team that presented at DEFCON has demonstrated how a fundamental design error in the Internet's border gateway protocol (BGP) can be used to invisibly eavesdrop on all traffic originating from a particular set of IP blocks.

Full Story

Ehtyar.

1018

Developer's Corner / Re: How to choose programming language?

« Last post by Ehtyar on August 27, 2008, 11:13 PM »

Ketracel, firstly, you're most welcome. I actually learned quite a bit and had some good fun doing it
Pencil is indeed written in XUL. One thing that may have been a help to you that I neglected to mention is that xpi's (firefox addon installers) are indeed just zip files with the source contained within them. If you download Pencil.xpi and extract it with your archiving program (winzip, 7zip etc), you can read all the XUL and JavaScript that makes it work. Have a stab at it with pencil (and if you're interested in XUL, download XULRunner and try it with chatzilla as I mentioned above).
You probably wouldn't get much opposition with your statement about wx, it is generally agreed to be the best. The GUI of blender would require a custom drawn window. If you download Python and wxPython, the wxPython samples contain some demonstrations of custom drawn controls that can be made with wxPython (execute the "Main.py" file and expand the "custom controls" tree).
Also, you seem to be somewhat reluctant to discuss your project. If you'd like to give out some details that you would prefer not everyone knew about, you can send private messages to anyone on the forum from here, you will need only their username.

Hope this helps, Ehtyar.

1019

Living Room / Re: Firefox 3 annoyance: Keying-in disabled in file upload control

« Last post by Ehtyar on August 27, 2008, 10:34 PM »

Thanks lan man, though I don't know what kind of chance we have, so far they seem to feel they have justification for their doing, though that Carl twit hasn't helped....

Ehtyar.

1020

Living Room / Re: Firefox 3 annoyance: Keying-in disabled in file upload control

« Last post by Ehtyar on August 27, 2008, 09:28 PM »

I'm sorry to post against such an old thread, but I have only just discovered this myself (I was on holiday when this thread was active), and I'm quite put out by it. Anyone wishing to show support for a fix should sign up and post a comment here.

Ehtyar.

1021

Developer's Corner / Re: How to choose programming language?

« Last post by Ehtyar on August 27, 2008, 09:10 PM »

Hmm, Mono appears to have come quite a ways since I last checked it out. Not much of a fan of the fact that Microsoft maintains the languages and compilers, but it would indeed be a good choice. Also, Mono maintains their own C# compiler if you're also put off by the Microsoft-ness.

Ehtyar.

-Ehtyar (August 27, 2008, 08:39 PM)

Microsoft is a good company. 

-VideoInPicture (August 27, 2008, 09:06 PM)

LOL

Ehtyar.

1022

Developer's Corner / Re: How to choose programming language?

« Last post by Ehtyar on August 27, 2008, 08:39 PM »

Hmm, Mono appears to have come quite a ways since I last checked it out. Not much of a fan of the fact that Microsoft maintains the languages and compilers, but it would indeed be a good choice. Also, Mono maintains their own C# compiler if you're also put off by the Microsoft-ness.

Ehtyar.

1023

Living Room / International Space Station Laptops Infected...Again

« Last post by Ehtyar on August 27, 2008, 05:20 PM »

NASA laptops have again been infected with a trojan, then brought aboard the ISS.

NASA downplayed the news, calling the virus mainly a "nuisance" that was on non-critical space station laptops used for things like e-mail and nutritional experiments.

NASA and its partners in the space station are now trying to figure out how the virus made it onboard and how to prevent that in the future, according to Humphries.

Full Story

Ehtyar.

1024

Living Room / Quantum Encryption a Reality

« Last post by Ehtyar on August 27, 2008, 05:14 PM »

Scientists have demonstrated how encrypted messages may be sent in the future.

Quantum key encryption is one promising method of securing communication, especially if it can be transmitted by satellites. Scientists at an Italian observatory this year succeeded in firing lasers at the mirror-covered Ajisai Japanese satellite, proving that a sequence of photons can travel great distances through space. The laser pulsed photons at the satellite at 17,000 times per second; a fraction bounced back to a telescope at the observatory. On Earth, the longest successful quantum encryption link has been just under 100 miles because the photons scatter as they travel through the air. To reach the satellite, the photons only had to travel through 5 miles of atmosphere during their 1000-mile journey, allowing the sequence to arrive in order.

Full Story

Ehtyar.

1025

Living Room / Royal Bank of Scotland Customer Details Sold on eBay

« Last post by Ehtyar on August 27, 2008, 05:10 PM »

An ex-employee of archiving firm Graphic Data has sold a laptop containing the credit card details of 1 million Royal Bank of Scotland customers on eBay.

Media reports said details of more than a million customers of Royal Bank of Scotland, American Express and NatWest were found on the computer sold for 35 pounds on the auction and shopping website.

RBS said the information included historical data related to credit card applications and data from other banks, but would not disclose further details.

Full Story

Ehtyar.