What is wardriving you ask? According to Wikipedia:

Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or PDA…

…Wardriving originated from wardialing, a technique popularized by a character played by Matthew Broderick in the film WarGames, and named after that film. Wardialing in this context refers to the practice of using a computer to dial many phone numbers in the hopes of finding an active modem.

Basically you drive around, and look for open wireless networks. Simple right?

Now I’m not saying you need to be like the guy at the hacker convention, but sometimes it’s nice to know where in town you can go to catch some free Internet in case you have to send an emergency Tweet, or update Facebook at the drop of the hat.

Well I found a cool tool that runs on Windows that will automatically try find and connect to open wireless networks when you’re in range, and will alert you to stop when it has found an open access point and is trying to connect.

The tool is called outSSIDer, and you can get it as a free download. From their page:

outSSIDer automatically attempts to connect to any open access point that comes within range as you walk down the streets hunting for WiFi.

When an attempt is made it alerts you with sound to stand still and wait. That way you don’t need to watch the screen while walking – you can even close the laptop lid to save battery!

The connection is then verified against payment hotspots and restricted networks by trying to fetch the Google website icon.

If it fails connecting or verifying, it alerts you with the sound again and resumes scanning.

This tool is light and easy to use, and certainly a good tool to have in your wardriving goody bag. Do you go wardriving ever? What tools do you like to use? Let us know in the comments!

-=El Di Pablo=-

This tool is called Unshredder, and luckily it’s not free. It’s sold as a monthly license subscription for $90, or an annual package where you can save a little on the monthly cost. Since this package is aimed at criminal investigators, I’m sure that cost in nominal. For the average teen hacker, they may try to find a different method of getting your info instead of dumpster diving.

From their page:

Unshredder is the first commercial document reconstruction tool in the world! A desktop software application that will put all of the pieces back together in a fraction of the time it would take to do manually. Unshredder is as simple to use as a word processor but it unleashes the power of your computer to achieve quick, accurate results. If you are a professional investigator Unshredder is an essential tool.

Putting shredded paper back together isn’t really new. When I was in the Navy, I learned that the Iranians did this to the American embassy back in the 70′s or something. They got a hundred old ladies to sit down with shredded American secret documents and scotch taped them all back together. Nowadays the US Military uses special shredders that doesn’t turn paper into spaghetti, it turns it into friggin’ confetti… Then they burn that s#!t!

Most of us at the office aren’t going to use incinerators though, but still using a shredder with cross-cut functionality is harder to piece back together than the simple spaghetti making shredders. Just some food for thought.

Know of a free tool that does this? maybe something open source? let us know in the comments!

-El Di Pablo

SriptScan ships with McAfee’s VirusScan antivirus program. It’s designed to keep Web surfer’s safe by scanning for any malicious scripting code that might be running in the browser. But according to Mozilla it has an unintended side-effect: It can cause Firefox to crash… a lot.

In a note posted to its website, Mozilla said that the add-on “causes a high volume of crashes,” and is “strongly encouraging” users to disable the software. The warning applies to all users of version 14.4.0 and below of the plugin, Mozilla said.

The Firefox browser started popping up warning messages Monday, advising that users disable the software

In McAfee user forums, there is a smattering of complaints about the Firefox problem.

The problem affects Firefox 7 users, according to Francie Coulter, a McAfee spokeswoman. “McAfee has identified the cause and is working actively with the Firefox team to resolve this issue and expects to roll out an update shortly,” she said in an email message.

[Via ITWorld]

It is called RRT and can be downloaded from here. Once you run it you will see a screen that looks like this:

Simply check Task Manager and hit Remove. That’s it! Happy Hunting Guys!

_TheTaskManagingAdmiN_

It is as simple as booting to the CD, choosing the account and doing the deed. You write your changes back to the drive and reboot.

When you are back at the Windows login screen you will now be able to use the password you enetered or a blank password (just hit enter)

Here are the links to download the image:

• cd100627.zip (~4MB) – Bootable CD image. (md5sum: 6d80cdfbba97457e413f95a3554d9524 cd100627.zip)
• cd080802.zip (~3MB) – Previous version CD image. (md5sum: 33ecd38263f935b82e7b2e3e9f5de563)

and there is even a Floppy Disk release that is no longer updated:

Floppy release (not updated anymore), see below on how to use them

• bd080526.zip (~1.4M) – Bootdisk image (md5sum: 37889e4c540504e59132bdcdfe7f9bb7)
• drivers1-080526.zip (~310K) – Disk drivers (mostly PATA/SATA) (md5sum: 72ac1731c6ba735d0ac2746a30dbc3ee)
• drivers2-080526.zip (~1.2M) – Disk drivers (mostly SCSI) (md5sum: 30172bec657c85a5f1a0b43601452fb7)

This CD has saved my ass a number of times! Do you have another method of recovering lost passwords? We would love to hear about them in the comments! You can also check out their website for FAQ’s and other helpful hints here.

Have you seen this post on opening a command prompt during a windows install? Using this you can start a recovery install jump to a command prompt and run:

control userpasswords2

and bingo bango you can change your passwords!

_TheUnlockedAdmiN_

I always have a copy of it on my USB stick, so I figured why not add some tools. One of them being a Windows password reset tool! Using this tool we can easily hack the Windows 7 Administrator password.

In this video episode of Bauer-Power (Which Karl so graciously let me re-post here) I show you how easy it is to hack Windows passwords using Bauer-Puntu Linux!

Besides Windows password hacking, Bauer-Puntu also gives you tools for:

• File recovery
• File shredding
• Hard drive wiping
• Disk imaging
• Disk partitioning
• Offline Virus Scan

Version 10.04 will be coming out soon. What other kinds of tools do you want to see on it? Like a different Live CD/USB distro? What is your favorite? Hit us up in the comments!

By ElDiPablo of Bauer-Power

I think that also means "Kanji" in Jersey Shore-speak

Very, very funny.

-enjoy

Commodore64 (the one you used to play Bruce Lee on) ,8,1

Subscribe to our RSS Feed

Chinese Hackers

Hello Kiddies,

Do you remember the good old days when hacking was done for fun? Back in those days anybody that knew Linux or Unix was considered a Hacker. One would think that since then, antivirus companies would have actually become effective. But what one company can compete with a whole country? To make matters worse, who can compete with multiple countries full of young hot heads venturing forth for the almighty dollar? That’s a powerful force to be reckoned with.

Since a hacker doesn’t technically require a whole lot of bandwidth to do what he/she does, internet access of any kind

Here at Ask The Admin we are committed to being sure every one of our readers is in the know. And while we cant really offer much in the way of a sure-fire killer app that can protect you from anything, we can offer you these few points of advice.

1. Keep your antivirus software up to date
2. Use a well known anti virus software, and do some research before purchasing
3. Be well versed with all the functions of your antivirus software, so no surprises come your way
4. Though it does slow you down, schedule full system scans as frequently as daily
5. Leave your computer turned off if you can
6. Lastly, try to use an OS other than Wind Blows (as we like to call Windows around here). If your a hacker its only more logical and profitable to target the statistically dominant OS, which is Microsoft’s unfortunately.

That’s all for today kiddies…

Has you or anyone you know been directly affected by this? Even if your just afraid and need a little encouragement, drop us a comment below.

This is Commodore64 signing off. Over and out.

Be sure to subscribe to our RSS FEED to stay on top of this and other topics that affect all of us.

Can you see all six icons below?

If you can see all six icons chances are you are not infected.

But that is still no reason not to run the Conficker scanner on your machine. eEye is providing a free scanner to look for venerable, patched or infected machines. Grab it here:

ConfickerScanner.html

So are you protected or not? Let’s hear the results in the comments.

_theProtectedAdmin_

Have you updated your machine so that you are protected? Check out this Microsoft Security Bulletin here.

Scroll down and you will see links for each operating system and service pack revision. Simply click on the hyperlink for your OS and download the <1mb patch. This will plug up the hole that Conficker is going to try and use.

These are the links for the update:

• Microsoft Windows 2000 Service Pack 4
• Windows XP Service Pack 2
• Windows XP Service Pack 3
• Windows XP Professional x64 Edition
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 1
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP1 for Itanium-based Systems
• Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista and Windows Vista Service Pack 1
• Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
• Windows Server 2008 for 32-bit Systems*
• Windows Server 2008 for x64-based Systems*
• Windows Server 2008 for Itanium-based Systems

So do yourself and everyone else on your network a favor and get your machines updated! If you are not using WSUS for your network you might want to re-think that!  We did a WSUS article a while back and you can find it here.

_TheGetUpdatedAdmiN_

Some people like this, most people don’t use it and a few people REALLY hate it. So here is a quick how-to on peacing it out:

To hide the Scheduled Tasks from the network share view, follow these steps:

• Click Start, Run and type REGEDIT
• Navigate to the following key:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \RemoteComputer \ NameSpace

• Backup the key by exporting it to a .REG file. (You need this to revert back!)
• To remove Scheduled Tasks, delete the following key:

{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

• To remove the Printers folder, delete the following key:

{2227A280-3AEA-1069-A2DE-08002B30309D}

• Close Registry Editor.

By deleting one key or the other you are removing the folders from the network view and not disabling printing/scheduling in any which way. To restore the shares after removing them import the .REG file you saved in the third step above.

_ThePeaceYouOutAdmiN_

Before you even continue reading make sure your Windows XP machine is patched up to Service Pack 3 and your Vista Machines are Service Pack 1. Now check out this information from the Symantec website:

The Conficker worm, sometimes called Downadup or Kido has managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January. Current users of Symantec’s Norton security products are protected. Users who lack protection are invited to download a trial version of Norton AntiVirus 2009,Norton Internet Security 2009 or Norton 360. All of these products will detect and remove this worm. Symantec has a detailed technical analysis of the threat here.

So even if Symantec is not being paid to protect your machine they will still help you out with removing Conficker. This is just another variant of an older worm and it is set to mutate again on the 1st.

We poked around the web a bit more and came across this on Cnet:

Even worm creators write buggy software.

Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch.

Wow! Isn’t that nuts? They go on to say they have developed a proto-type of a scanner that can pick up the infection from Conficker. You can read the rest of that article here http://news.cnet.com/8301-1009_3-10207375-83.html. Read more after the jump.

Good news if you are using OpenDNS or are in the government:

The U.S. Department of Homeland Security has released a Conficker detection tool for government agencies and state and local governments to use that ws developed by US-CERT.

The OpenDNS security services provider blocks access to the domains listed in the Conficker code. Microsoft has more information on its site, as does Symantec. The Web site of the Conficker Working Group, which is composed of companies allied to combat Conficker, also has information and worm removal tools.

What does the Conficker worm do?

We don’t know the purpose of the Conficker worm. Today the worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.
The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?

The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Who is at risk?

Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.

What to do if you are infected

Use your Norton product to identify which variant of the worm is on your computer.

Follow the detailed removal instructions for the specific version of the of the worm. These can be found here:
W32.Downadup.A writeup
W32.Downadup.B writeup
W32.Downadup.C writeup

Advice to Stay Safe from the Downadup Worm:

Run a good security suite (we are partial to Norton Internet Security and Norton 360).

Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.

Don’t use “free” security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.

Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.

Be smart with your passwords. This includes

1. Change your passwords periodically
2. Use complex passwords – no simple names or words, use special characters and numbers
3. Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.

Additional Reading:

Conficker flaw reveals which computers are infected

Researchers find flaw in Conficker that lets them detect which computers have the legitimate Microsoft patch and which were “patched” by the worm itself.
• Conficker demonstrates complexity of IT security
(Posted in Security by Elinor Mills)
March 30, 2009 1:54 p.m. PDT

Podcast: Conficker worm dissected

David Perry, education director of Internet security company Trend Micro, discusses the implications of the worm.
(Posted in Larry Magid at Large by Larry Magid)
March 30, 2009 11:04 p.m. PDT

Conficker worm might originate in China

A Vietnamese security firm concludes that the Conficker worm has the same root as the Nimda, which the firm believes originated in China.
• Malware probes find a China angle
(Posted in Security by Dong Ngo)
March 29, 2009 7:30 p.m. PDT

’60 Minutes’: What’s next for the Conficker worm?

A report on the CBS News television news program examines one of the Internet’s most dangerous computer worms.
(Posted in Security by CBS Interactive staff)
March 29, 2009 7:00 p.m. PDT

FAQ: Conficker time bomb ticks, but don’t expect boom

Worm’s latest variant is set to start hitting random domains on April 1. But security experts say the damage might not be as serious as the hype suggests.
• U.K. parliament computers get Confickered
(Posted in Security by Elinor Mills)
March 25, 2009 5:10 p.m. PDT

What are you doing to stay safe? Share it with us in the comments!

_TheDoTheWormAdmiN_

https://convert.global.sonicwall.com/

SonicOS Standard to Enhanced Settings Converter

The SonicOS Standard to Enhanced Settings Converter is designed to convert a SonicOS Standard Network Settings file to be compatible with a target SonicOS Enhanced appliance. Due to the more advanced nature of SonicOS Enhanced, its Network Settings file is more complex than the one SonicOS Standard uses. They are not compatible. The Setting Converter creates an entirely new target Enhanced Network Setting file based on the network settings found in the source Standard file. This allows for a rapid upgrade from a Standard deployment to an Enhanced one with no time wasted in re-creating network policies.

Do you use Sonicwalls? Have you used the Enhanced OS? What do you think?

_TheSonicAdmiN_

Do you hear Mission Impossible theme music playing while you hunt your torrents down?

Shortly after the man (Pictured Left) had his way and the fall of the first generation of File Sharing applications came and went, the ISP’s have taken it upon themselves to throttle down BT related traffic.

Hey we know the media industry has been messing with our torrents via ZipTorrent or Media Defender but now a lot of ISP’s are flucking up your BT downloading ability. We have also see that almost 70% of ALL Internet traffic is P2P. But what is the ratio of legal vs. illegal content?

Even when there are companies using BT for good rather than evil like Azureus and its VUE network they still get throttled down with the common criminals! Now is this fair? Hell no!

How do you know if your ISP is doing you dirty?

Check out this plug-in... NOW! It plugs into Azerus and tells you how many times your connections are interrupted while doing the BT thing.

Author’s Description:
Help Azureus (Vuze) gather data on Internet traffic throttling.

This plug-in works with your Azureus (Vuze) application to gather information regarding interference with your Internet access and send it to Azureus (Vuze).
Specifically, this small piece of software monitors your network connections and every ten minutes measures the number of interrupted connections (called reset tcp connections) and then displays the results to you. By selecting the share results check-box you can also share these results with our central server, which enables us to then aggregate the results and compare them with customers of other ISPs. We strongly encourage you to mark the share results setting.

Sharing this data with us does not involve disclosure of any of your personally identifiable information. Azureus (Vuze) may aggregate the data collected and talk about it or disclose it publicly, but no data about any specific user will be disclosed. Use of this plug-in has a negligible impact on your network usage.

Right now the plug-in only works on PCs, not Macs, but we are actively working on future versions. Users from all countries are welcome to participate. Alternatively, if you rather install the plug-in using the plug-in wizard built into our application, go to our Wiki to learn how to do that.

Thank you for your cooperation in this research. We hope that contributing more complete factual data to the debate over appropriate network management will lead to better regulatory solutions.

[Azerus.Soundforge.Net]

Is your ISP trying to bend you over with out taking you for dinner? Find out now and come back and let us know! I love BT for all sorts of stuff including downloading of HUGE LEGIT files. Do you hear me Cablevision? The latest Red Hat Distro is legit and distributed this way among others…

_TheShiverMeTimbersAdmiN_

Ever get the feeling someone has been messing with your machine while you were away?

Your trusted Anti-virus isn’t telling you there is something wrong but you know deep down in your gut something is off- and chances are it is! After all an unprotected windows machine can be infected on the Internet in under 10 seconds now-a-days so if you are missing some patches or have an easy password… Whoa Boy!

This is what The Admin does when he gets that not so secure feeling aka the “I think I have been hacked” panic.

So now you have that not so secure feeling? You can follow these easy steps with no software other than windows search needed.

1. I open task manager with Control Shift Escape and sort my processes by CPU usage from high to low – I kill what i don’t know ( I do know a lot of process names and such but even I don’t know every process in the world – if you are unsure Google it! – FYI – Windows will not let you kill system processes.)
2. Next I open a search box and look for modified files within the last 24 HRS (or however long you were away for!)
3. Now you have a perimeter to cordon off – your crime scene so to speak. Scrutinize these files as your jump off point.
4. Open Log files, examine exe files, read text files to make sure they don’t contain your personal info in them, new user profiles and directories, funny file or directory names. Hackers like to use names you would think are system processes like winservice.exe or MScontrol.com.

All from a simple search… The power of simplicity. If you need assistance send us screenshots or the file name in question and The Admin will get right back to you!

All of this is CSI like evidence to help you piece together what is going on. If you find files or directories you cant access, large amounts of space are missing from your machine and still don’t come across anything using this method re-install your anti-virus software and run a full scan. Still turning up nothing and still paranoid? Install a different antiviral package like Kaspirsky and scan scan scan.

If you still turn up nada chances are you are clean!

_TheWhoDidWhatAdmiN_

I tested it and it works beautifully on two Windows XP machines, 1 2003 server but on remoting in (What I can’t make up words??) to my Windows XP Pro SP2 Laptop it only brought up the task manager.

And for those of you that don’t know Control + Shift + Escape opens you directly to the task manager. And you can alt + tab through tabs on your remote desktop if it is opened full screen.

Got some good shortcuts for us? Tips at askTheAdmin dot com! I am off to my data center today. Should be interesting as we prepare for impending doom upcoming upgrades.

_TheShortcutingAdmiN_

“…Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don’t you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut?…” -Philip Zimmerman, Creater of PGP

PGP, or more specifically OpenPGP is a great, and more importantly FREE method of securing your data and your e-mails. You don’t want “The Man” reading your e-mails, and neither do I.

There are many PGP and OpenPGP programs out there, but the one that is the most versatile that I have seen is called GnuPG. It comes in some form for every operating system. It comes standard with Ubuntu Linux, and there are versions for Windows and MAC.

If you are a fan of Mozilla Firefox, and Thunderbird like I am, then you will be happy to know that there are GnuPG plugins for both of them. Enigmail for Thunderbird, and FireGPG for Firefox. Of course you have to have GnuPG installed for the plugins to work.

If you have any doubts on the strength of the encryption, it uses PKI and the encryption keys can go up to 4096 bits, which is so strong that if you take all of the computing power on the planet it would still take something ridiculous like 10 billion years to crack (Give or take). I also found a quaint little article here about how the FBI has problems cracking PGP.

“So ya ya ya, yackity smackity… where do I download this fantastic software?”

I thought you would never ask. You can download it from the following sites:

Mac

Linux

Enjoy!

Written by El Di Pablo of Bauer-Power

This is exactly how the parents computer got set up. I couldn’t stand getting the calls at strange hours asking what their passwords are. I asked how they remember their banking pin numbers…

They said they don’t because they don’t have any. We use bank tellers…

Strange? Not for everyone. So to disable Control-Alt-Delete we simply goto the start menu and type netplwiz.exe

You will get the screen above where you can enable or disable it! Do you have a favorite Vista tip or trick to share with us? If you do leave them in the comments below…

_TheControlAltDeleteThisAdmiN_

Have you installed Ubuntu server and noticed that when you login to it there is the generic CYA login message from Ubuntu about them not providing warranty blah blah blah blah? Of course you have! Personally, I am not one to stick to defaults very often, especially when it comes to generic welcome messages that can be easily changed! Here is what the original message looks like:

Linux Hostname 2.6.24-18-generic #1 SMP Wed May 28 20:27:26 UTC 2008 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To access official Ubuntu documentation, please visit:

http://help.ubuntu.com/

Yuck! How boring is that? Why not change it to something a little more fun? Or perhaps, if this is a company Ubuntu server, maybe something a little more customized for your company? Changing the message is really quite simple. Just run the following from the terminal:

sudo nano /etc/motd

Make your changes, and save them. It really couldn’t be any easier than that. Now you might have something that looks like this:

For those not in-the-know, motd stands for “Message of The Day” which according to Wikipedia is used to:

…display rules, administrator contact, or simply a piece of ASCII art. This is frequently used in schools or workplaces such as offices.

Have you created a funny or strange motd message on your Linux box? Care to share a screen shot? If you have some good ones, please post a link to them in the comments.

[EDIT]- By The way, if you don’t want your new cool message changed back at reboot, you will also have to edit /etc/motd.tail as well. And yes Jeremy, you can use vi instead of nano!

By El Di Pablo of Bauer-Power

There will always be a Vundo epidemic lurking in the midst as long as there is Java. Basically, what keeps getting people bits and pieces and various version of the Vundo virus, is outdated Java. What it does, is start up Internet Explorer, and uses it to pop up little windows and adds on your desktop; this eats memory, and causes a vast number of other operating issues. The old versions pile up fast, you’d be surprised how fast, actually. Checking is pretty easy. For Windows users:

Start-;Control Panel-;Add Or Remove Programs

Wait for the list to populate with all the various junk you have. The majority of the time, you’ll see more than one version of Java, and a good 30% of the time, you might even see over five different versions.

A good way to prevent Vundo is to keep only one version in there. So go ahead and get rid of everything but the latest version of Java.

If you have Vundo, or a version, or generic attempt at Vundo, or suspect that you do, you’ll need to do a lot more. First, download the free version of SuperAntiSpyware, then go ahead and run it, to see what’s in there. Use it to do a superficial scrub, after it’s finished. If Vundo was located, this more than likely won’t get everything.

Next, fetch VundoFix, it’s free. Restart in Safe Mode, and run VundoFix. Allow it to do its job, and then start back up in normal mode. Just to be sure, allow your computer to fully boot up, then wait about twenty minutes. Run VundoFix again, and see if it catches anything. If not, then you’re clear! VundoFix is free, and the best program I’ve come across that fixes Vundo; however, running the free version of SuperAntiSpyware works wonders for cleaning out spyware, and whatever else might be lingering in your system.

Written for AskTheAdmin by Vernon Southward of Devicepedia.

Excessive failed logon attempts may signal that a wireless device has been lost or stolen — a serious security risk. Find out how to configure your Windows Mobile 5 and 6 devices for local wiping, so they automatically destroy their data after a specified number of failed logons.

Most security policies for Windows Mobile devices are what I call “scorched-earth” policies. Essentially, an Exchange administrator remote wipes a mobile device to mitigate a specific security risk, such as a lost or stolen device. All Exchange Server data is completely erased when a wireless device is “wiped clean.”

You can trigger a remote wipe of a mobile device through Exchange Server 2007 and Outlook Web Access (OWA) 2007, but that presumes the wireless device will contact the Exchange server at some point.

It makes sense to allow mobile devices to wipe themselves when certain prerequisite conditions are met, such as a specified number of failed personal identification number (PIN) entries or incorrect password attempts. This mobile security feature is called a local wipe.

Windows Mobile 5 and 6 devices have provisions for performing local wipes. However, this setting is not enabled by default, and for good reason. Discovering that your Windows Mobile device has committed digital suicide after you messed up your fifth attempt to punch in your PIN can be aggravating — especially if you didn’t know such a policy was in place to begin with.

But if your organization wants to implement this additional layer of security around Windows Mobile devices, it can be done — with a little work.

* First, the Password Required Policy (security policy ID 4131), a Windows Mobile security policy setting, must be enabled for the device in question.

* Next, a registry entry has to be set on the mobile device to enable this feature. In HKLM\Comm\Security\Policy\LASSD, create the decimal key DeviceWipeThreshold and set it to any positive number. This number will be the number of incorrect password logon attempts to allow before the device’s memory is wiped. This setting is also available in the Device Security Settings dialog box in the Exchange Management Console.

NOTE: In Windows Mobile 4, this function did not erase any external memory on the device, such as an SD card or other plug-in memory device. However, Windows Mobile 6 devices will erase external memory cards as well.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

[Via TechTargetl]

You seem to like useless information… Right??

This trick threw me for a loop. I was watching a junior admin install Windows Vista from a CD and he turned to me smirked and said

Want to see something cool?

I shrugged my shoulders and he hit a key combination and brought up a command prompt over the gui that was installing Vista….

I said “Whaaaaat??”

We went back and forth like that for a little bit until I asked him what he uses it for. He shrugged his shoulders this time and he didn’t know but he likes that it makes him look cool. You can open a game of Pinball or Solitaire during an install.

Sound appealing to anyone?

That’s what I call multi-tasking :) So Shift + F10 will get you to the command prompt during an install like the shot below. It works on XP as well.

It only works from the GUI portion and not the white text on blue background parts. I googled it and saw some speculation on using it to inject drivers or folders during your install. But isn’t that what Nlite is for?? :) Microsoft themselves said the following:

In some cases, it may be helpful to have access to a command prompt during GUI-mode Setup for the purposes of troubleshooting, copying drivers, starting and stopping services, starting tools such as Task Manager, or other for other needs.To gain access to a command prompt during GUI-mode Setup, press SHIFT+F10.

Do you use this? Did you know about this? Why didn’t you tell me? Sheeeesh!

-Philip Zimmerman, Creater of PGP

Of course it doesn’t, it simply means you value your privacy.

PGP, or more specifically OpenPGP is a great, and more importantly FREE method of securing your data and your e-mails. You don’t want “The Man” reading your e-mails, and neither do I.

There are many PGP and OpenPGP programs out there, but the one that is the most versatile that I have seen is called GnuPG. It comes in some form for every operating system. It comes standard with Ubuntu Linux, and there are versions for Windows and MAC.

If you are a fan of Mozilla Firefox, and Thunderbird like I am, then you will be happy to know that there are GnuPG plugins for both of them. Enigmail for Thunderbird, and FireGPG for Firefox. Of course you have to have GnuPG installed for the plugins to work.

If you have any doubts on the strength of the encryption, it uses PKI and the encryption keys can go up to 4096 bits, which is so strong that if you take all of the computing power on the planet it would still take something ridiculous like 10 billion years to crack (Give or take). I also found a quaint little article here about how the FBI has problems cracking PGP.

“So ya ya ya, yackity smackity… where do I download this fantastic software?”

I thought you would never ask. You can download it from the following sites:

Windows

Mac

Linux

Enjoy!

Originally Posted on Bauer-Power by El Di Pablo

Without warning I suddenly had this feeling that something VERY bad was happening. I can’t really explain it, but a chill ran down my spine and I just knew something freaking dire was transpiring at that very moment.

I stopped everything I was doing and closed my eyes trying to figure out what had set me on edge, and then I heard it. Wafting from down the hall (I work in the accounting building) I heard the following “… can you email me that text file with all the credit card numbers in it again? I think I accidentally deleted it from my email.”

WHAT!?!?!?!? GAH!!!!!!

And so I went charging out into the hall to put an immediate halt to this nonsense.

Now I have explained multiple times that no one (I mean that literally – myself included) is to ever store any passwords or access codes (including credit card numbers) in an unencrypted format, for any reason (this is quite clearly laid out in our IT policy manual, which every employee has read and signed). Apparently some of the office staff thought I didn’t really mean that, it was just filler in the policy manual.

GRRRRRRRRRRRRRRRRRR

So 45 minutes later I sat in an emergency all hands meeting yet again explaining (in detail) why this is a no no, with the usual push back (it’s too hard to lock a spreadsheet, etc.).

I just don’t understand what is so difficult about this, after all I have provided them with the necessary tools to secure this… kind… of… informa… DOH!

Every now and then I have one of those moments when I realize that I have done everything I can think of to prevent some problem (in this case potential data loss, and/or financial abuse), except one simple thing to ensure that everyone plays along; in this case I forgot to give them the tools!

Hey you’re not perfect either, so back off!

As I realized my mistake, I smoothly (seriously I don’t think anyone even realized this was not part of my planned topic) plugged my laptop into the projector and continued on to explain the answer to all of these issues; KeePass Password Safe.

For anyone that has not used KeePass, this little tool is a little piece of file/password encrypting goodness. It’s free (as in open source free), and the files created with it can be viewed on Windows and Linux/Mac OSX machines. You can download KeePass here.

Personally I use version 1.11, as it is also available in a portable version from PortableApps.com, and I always try to keep all of the utilities I use on a daily basis on my USB drive.

The Linux version is called KeePassX, and can be found here.

I love this program because it only requires the user to remember two passwords; their logon password, and the Master password for KeePass. Everything else can be kept in the KeePass database.

I seriously cannot say enough about how awesome this tool is, I use it to secure every piece of sensitive information that I have. If you’ve been looking for something to protect your sensitive information, I would highly suggest you give KeePass a spin, I think you’ll find it’s really unobtrusive, and definitely safer than using a text file to store credit card numbers.

According to Microsoft a FTP Bounce Attack is:

The CERT (http://www.Cert.org) (http://www.Cert.org)) Advisory CA-97.27 warns of an FTP security attack called the “Bounce” attack. This involves misuse of the Port command to maliciously open a connection to a port on the File Transfer Protocol (FTP) server.

But they also go on to say any of there versions of IIS 4.0 or better will stop these attacks. So why is my firewall not letting me log into a clients FTP site? It is logging:

FTP: PASV response bounce attack dropped

Well there is a simple solution to this if you are not scared of visiting your Sonicwall’s back door to reconfigure this option. You can access you hidden options deep in your sonicwall by logging into your device and then changing your /main.cgi to /diag.html
After clicking on the button that says Internal Settings, You will get a screen that looks like this:

Simply scroll down and remove the check box next to FTP BOUNCE ATTACK PROTECTION and you will be FTP’ing again in no time! This works on all Sonicwall’s including TZ-170, TZ-150, Pro 200, Pro 300, Pro 3060 and probably a whole bunch more! Got any Sonicwall or other Firewall tips or tricks? Leave em’ in the comments!

_TheFtpingAdmiN_

There is a wealth of excellent network monitoring software available, both commercial and open source. One problem with many of them is that they are really geared towards the very large network. Monitoring 1000 servers, 300 switches, 100 routers and 15 firewalls on 3 continents is very different from monitoring 10 servers, 2 switches, 1 router and 1 firewall in a single office. Commercial monitoring software is probably going to be prohibitively expensive for a small network.

JFFNMS (Just For Fun Network Management System) is an excellent open source network monitoring package you can run on any spare Windows or Linux server. Don’t let the name fool you, it is a full-featured piece of software which includes autodiscovery, fully configurable alerts, performance graphing, reporting and network mapping.

Installation and configuration is pretty typical for an open source project (meaning a bit more complex than a typical Windows installer package) but I’m sure any experienced administrator can handle it. You will also need to install and configure SNMP on any machine you want to monitor. (Full disclosure and shameless plug: I wrote the new version of the Windows installation instructions.)

After installation, the rest of the configuration is done from a remote browser interface. You add your individual machines and interfaces to the monitoring system and set what parameter changes you want to be notified about. You can monitor pretty much any part of the system that can be queried by SNMP, such as free disk space, network utilization, processor usage, reachability, or if a specific application is running. You can then be alerted when a specific threshold is met or event occurs. You can create pretty graphs to better show trends and create reports of system uptime and availability.

Even in a small network a good NMS allows the administrator to keep on top of the network and be alerted to any potential problems before they result in downtime. It’s much better to receive an email telling you the mail server is running out of disk space than to start getting angry calls from users complaining the mail server is down.

Try a working demo.

Download JFFNMS.

But us admins don’t get bitter we get scripting.

Now when booby Betty calls and says she overwrote the main inventory file with her shopping list you can copy and paste a backup copy over her shopping list and walk away a virtual hero. Sound good?

For those of you who were 1337 back then you knew port 31337 was used to remotely control your machine with this app. It had some legitimate uses but it flooded out onto the hacker scene and became synonymous with a Trojan horse.

I was reminiscing and surfing the web and I came upon a picture from a chat log showing someone getting pwned and BAD! I chuckled and was about to move on when I saw a younger version of one of my fraternity brothers!

Holy fucking shit this was the funniest thing I ever saw.

I called him up and said:

…name with held due to begging… did you ever get hit by a hacker who posted pictures of you? He laughed it off. He kept laughing until he got my email with these two pictures.

They say a picture is worth a thousands words but these two are worth a million laughs… Have a glimpse to back when being 1337 really meant being 1337!

That text box says: Hi, I know we haven’t talked before. This is your computer. Since I see everything in your room, I thought I’d throw you a few pointers. First, put on a shirt. PLEASE. Second, you got a nice girl lying there on your bed and you’re sitting there looking like a goon on the computer. Come on.

Don’t be gay.

The best part about this is he tried to pull the I was a hacker when I was younger card! I love the Internet. More importantly I love watching people get pwned – consider this a permanent record of your getting pwned for the world to see.

The app is still available here and here is an updated version of BackOrrice 2k for XP I have not tried yet (so downloaders beware).

_TheStillLaughingAdmiN_