12/21/2006

11/27/2006

The Daily WTF - Print or Fish

good ethics story....and stikin' it to the man story.

The Daily WTF - Print or Fish

11/01/2006

Is Your Bank FAKING Login Security?!

Dan Kaminsky's had a very shocking lecture at the Toorcon 8 convention. He was discussing SSL and how certain sites pass login credentials from their home pages (usually http) to their encrypted pages (https). He found that 13 of the top 50 banks FAKE THEIR LOGIN SECURITY! (my words, not his, but I don't think he wouldn't disagree with me at all).

Dan found that these 13 banks were using "post-to-https" method to pass their user's credentials (NOTE: this is GROSSLY insecure as it broadcasts the id/password to ANY attacker). These banks do, however, go to the lengths of posting a fake "lock" gif and telling you it's safe because it's easier/cheaper than sending you to a secured page or scaling massive amounts of SSL traffic generated by each and every connection (Note: Dan mentions that
Wells Fargo bank does do this very method to secure its customers).

So, after listening to Dan's lecture (thanks HackaDay), I started to look into my bank's method. After looking at the code at my bank's homepage, I see that they are using a JS function to pass along this info. I'm not sure if it is insecure or not but I do know that they are not using "iframe" nor is the url of the homepage "https". So, how can I be sure my bank isn't broadcasting my id/password (i.e. my browser showing the "lock" gif in the status bar)?
By using a little "social engineering hack".

  • Goal: get to an actual secured page (i.e. "https") without switching banks.

At my bank's site there is a login section on the front page, I noticed that when I entered my id/password wrong the other day it took me to an "https" page to get me to login again...hmmmmm....so, today I went to the homepage, clicked "login" without any information and it took me straight to the "https" login page for secured login! SWEET, now I can go to the coffee shop AND not get pwn3d! I've not been able to try this out on the 13 banks noted above because Dan doesn't give their names. However, it does work on Bank of America's site (Note: I'm not saying that they are one of the 13 nor that they are insecure; I'm just saying that they move you from "http" to "https" with this hack).

Ok, so it's a "social engineering hack" on me but still it's MUCH safer than "saying your id/password out loud" every time you login which is kind of what you're doing.



10/11/2006

8/08/2006

Delete Firefox auto-complete entries - Lifehacker

Just start to type in into the form field until the grey dropdown appears, then use the cursor keys to move to the entry to be deleted and press the SHIFT key and the delete key. Voila!


Delete Firefox auto-complete entries - Lifehacker

7/13/2006

Early Adopter Download of the Day: Firefox 2 Beta - Lifehacker

Set your version in FF for the extention work around.

Early Adopter Download of the Day: Firefox 2 Beta - Lifehacker: "Brad says:

You don't even need to install an extension. Just type 'about:config' in the address bar, right-click within the list of preferences and choose 'New String.' Call the new preference value 'app.extensions.version' and give it the number (e.g., 1.5.0.4) of the version you want extensions to think you're using.

When you install an extension, it will look to this preference value (if it exists) rather than your actual version number when it's checking compatibility."

The Form Assembly - Create and Process State-of-the-Art Web Forms

The Form Assembly - Create and Process State-of-the-Art Web Forms

7/11/2006

Renegade's Random Tech: How to Convert a .BAT file or .VBS file into .EXE to Enable Pinning to XP Start Menu

Ripped this article icod.


How to Convert a .BAT file or .VBS file into .EXE to Enable Pinning to XP Start Menu

Windows XP will not allow you to pin a shortcut to the start menu that points to a network drive. For this reason it can be necessary to write a batch file to launch a program. The issue is that a shortcut pointed to a .bat file also contains no “Pin to Start Menu” option. While it can be dragged onto the start menu, this leaves no option for scripting these shortcuts. The simple solution is to convert the .bat file to an .exe file and lucky for us Windows XP includes a tool that can do it…



Step 1
Navigate to C:\Windows\System32 and locate the file named IEXPRESS.EXE

Step 2
Double Click to launch IEXPRESS.EXE

Step 3
You will be presented with the initial welcome screen and be given two choices. Select “Create new Self Extraction Directive file.” Click Next.

Step 4
Next you will be presented with the Package Purpose screen. For our purposes select “Extract Files and run an installation command” and click the Next button.

Step 5
You will be presented with the Package Title screen, which will give you the opportunity to give your project a name. If you are so inclined give it a meaningful name. If like me you are never going to come back to this, name it whatever you want.

Step 6
You will next be presented with the Confirmation Prompt Screen. We would like the batch file to just be extracted and run so just choose “No Prompt” and click the Next Button.

Step 7
You are presented with the License Agreement window. If you don’t want your users to have to answer a prompt select “Do not display a license.”

Step 8
The Packaged Files window is where you will select your batch file (or .vbs). Click the Add button and browse to your desired file. Then click next.

Step 9
Here you are presented with a window titled Install Program to Launch. Use the drop down control next to “Install Program and choose the only option that will be present, the .bat or .vbs file that you chose in the previous window.

Step 10
The Show Window screen is next. I didn’t want my users to be prompted in any way so I chose Hidden. Click Next.

Step 11
No Finished Message for my users. Select “No message” and choose Next.

Step 12
The Package Name and Options window is where the new .exe specified. Type in a path or browse to the folder you would like your .exe in, type a name in the file name box and click save. Also check the box that says “Hide File Extraction Progress Animation from User.” If you’re worried about long file names go ahead and click the other box as well.

Step 13
Since we really aren’t installing anything we probably want to tell the Configure Restart window to not restart. So choose the option that says “No restart” and hit Next.

Step 14
This window is where you have a chance to save all of the options you have chosen into a project file so that if necessary you may later return and make modifications. I have no need to retain the file, but if you would like to be able to come back to it, by all means choose “Save Self Extraction Directive (SED) file” and tell it where to put it. As always, click Next.

Step 15
Here’s where you’re new .exe is born, on the Create Package screen. Explore to the directory you told it to put the file in, click Next and then watch your little .exe’s first moments as it pops into the big digital world.

Step 16
You’re done! Click finish and go try it out. Pin it directly to the start menu. Point a shortcut to it and pin that to the start menu. Most importantly, script it and see how slick it is. If you’re not familiar with how to script start menu pinning the scripting guys will tell you how.

6/27/2006

Hack Attack: Quicklaunch your USB workspace - Lifehacker

auto run usb drive.

Hack Attack: Quicklaunch your USB workspace - Lifehacker

Annoyances.org - Hide all Icons on the Desktop

  • Run the Registry Editor (REGEDIT.EXE).
  • Navigate to HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer.
  • Double-click the NoDesktop value (if its not there, select Edit -> New -> DWORD Value, and type "NoDesktop" for its name).
  • Enter 1 for the value, and click Ok. (Just delete the value entirely to undo this.)
  • Click on the desktop, and press F5 to refresh the desktop so that this change will take effect. (More information.)
Annoyances.org - Hide all Icons on the Desktop

6/02/2006

SyncToy for Windows XP

this is freakin AWESOME!!!
skip the whole briefcase thing and just do this.

SyncToy for Windows XP

5/30/2006

Anysoftwares

ever want a win98 disk?

Anysoftwares

4/07/2006

'Star Wars Kid' cuts a deal with his tormentors

"As Ghyslain Raza recalled, whenever he walked by his high school's common areas, other students would jump on tables and chant, "Star Wars Kid! Star Wars Kid!" "- now he and his family has the final laugh.

read more | digg story

4/05/2006

Getting the Most Out of Your Battery

So what really IS the affect of leaving a rechargeable in the charger 24/7? What are the drawbacks to "rapid chargers"?
Will keeping a battery in the freezer make it last longer?

Answeres to these and others after the jump.

read more | digg story

Hack Attack: Firefox extension packs - Lifehacker

Mass extention installer for FF.


Hack Attack: Firefox extension packs - Lifehacker

3/31/2006

Coder's Lagoon

great no-install encryption prog.


Coder's Lagoon

PCWorld.com - Steganos LockNote

need a quick encrypt program thats small?


PCWorld.com - Steganos LockNote

3/23/2006

Extending Your Wireless and Wired Networks

This is an all encompassing (if you can do that in an article) article on extending your networks (both wired and wireless). It covers topics like the use of: repeaters, bridging, Ethernet via your electrical wiring, and securing the whole thing. It at least touches on just about every aspect of networking and distance limitations.

read more | digg story

3/21/2006

Get that monkey off your back and backup.

Here's a great little article on setting up your own backup server. With cheap systems and drive space, you can be ready for the next time XP goes heels-up.

read more | digg story

3/16/2006

Digital Photo Recovery from Memory Cards - CardRecovery

Allen says this is the bomb!
I wonder if a standard file/recovery prog would work...


Digital Photo Recovery from Memory Cards - CardRecovery

3/07/2006

NewsForge | My desktop OS: GRML

portable linux that's configuarable.
i have got to try this out.


NewsForge | My desktop OS: GRML

3/06/2006

happy mailing : Blat online

smtp via command line.
very nice.

happy mailing : Blat online

2/22/2006

nLite - Deployment Tool for Unattended Windows - About

Nice prog for slipstreaming updates and customizing the OS install (like leaving out windows messenger from the install).


nLite - Deployment Tool for Unattended Windows - About

2/07/2006

Geek Night Feb-06

ok, last night turned out to be a big cathartic-primal-scream for myself and maybe for others.

Jason gave an example of how not to do project management; proving that more cooks don't actually get things done quicker or better but just: burns down the restaurant; insults the teamster dock-workers local; and prints questionable irreligious cartoons in the international press (note to Denmark: "Welcome to the short-bus").

Allen sent out an email with a webcast he was being interviewed in; thus upping the ante on the InfoWeek quote.
https://www.sans.org/webcasts/show.php?webcastid=90696

I gave a great Dilbert story about office insanity. And enjoyed the most recent Employee satisfaction survey.

Allen and Alan got a junk-swap going in the parking lot in which a Pentium (probably P90) laptop was brandished and a Trident video card (I'm not sure of the date on the card but I'm pretty sure you could actually Carbon Date it).


However, I came late and so missed the other highlights. However, one member sent over a couple of management links for book that could be of interest.

http://www.amazon.com/gp/product/0974386014/002-0068397-5239207?v=glance&n=283155
http://www.amazon.com/gp/product/0974998605/ref=pd_bxgy_text_b/002-0068397-5239207?%5Fencoding=UTF8

1/27/2006

Darik's Boot and Nuke

SERIOUS drive wiping for when your going to decommission a work station.

Darik's Boot and Nuke

1/16/2006

Project Silver (Rogue Server) - Overview

really nice case mod that puts a little james bond in your ups!

Project Silver (Rogue Server) - Overview

1/12/2006

BrainFuel » Boot up Windows before you even log in

I ripped this article from Thomas Chapin from his blog above cuz it seemed so neat that i didn't want to loose it. His blog has been kind of beat up after the Digg story hit.

so here it is....btw: i don't have anything to do with this and haven't tested it so if you system goes heels up...sorry...but i don't know how to fix it other than restore the copy of the registry you made BEFORE you did this ;0)
_______________________________________


If you don’t use any Windows XP login security, then you can skip this article. Otherwise, if you are like many Windows XP users who have to enter a password every time their computer sluggishly boots up, then read this!

Ok. Here’s the scenario:

You have to wait 2 minutes while your computer turns on. You have to sit in front of your computer during this whole time because once it finally gets to the login screen, you have to type in the password. The computer then crunches numbers for another 2 minutes while it loads a wide variety of programs (MSN messenger, your Norton Antivirus, your Microsoft Office shortcut bar, etc…). Finally, after like 5 minutes, you have access to your desktop.

How would you like your computer to load all those programs *before* you ever have to enter your password? You could press the button to power up your system and go get a cup of coffee. Five minutes later, you come to your desk and type in your password. BAM! Instantly dropped to the desktop! Your programs are already running and all systems are a go!

Here’s how to do it:

  1. Download Microsoft’s free TweakUI tool and install it.
  2. Click your Start button, go to your Programs menu, and select Tweak UI from the “Powertoys for Windows XP” folder.
  3. In the TweakUI window, double-click the “Logon” item in the left-hand column to expand it.
  4. Click on the “Autologon” item underneath the “Logon” section.
  5. Check the box that says “Log on automatically at system startup”
  6. Click the “Set Password” button and enter in your windows login password
  7. Click OK and close Tweak UI.
  8. Download this .reg file and run it. When it asks you if you want to merge it with your registry, choose “Yes”.

    NOTE: If you feel queasy about merging a reg file with your registry, you can also add it by hand. Go to Start > Run and type in “regedit” and press OK. Browse to [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] and create a new String Value. Name it “Lock Computer on Startup“, and set the value to “rundll32.exe user32.dll, LockWorkStation

Presto! You’re done!

Now, when you boot up your computer, it will automatically log you in to your desktop and start up your programs. However, it will still secure your system, requiring you to enter your password to access it.