Open Source E-Mail Encryption

"...Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut?..." -Philip Zimmerman, Creater of PGP

Of course it doesn't, it simply means you value your privacy.

PGP, or more specifically OpenPGP is a great, and more importantly FREE method of securing your data and your e-mails. You don't want "The Man" reading your e-mails, and neither do I.

There are many PGP and OpenPGP programs out there, but the one that is the most versatile that I have seen is called GnuPG. It comes in some form for every operating system. It comes standard with Ubuntu Linux, and there are versions for Windows and MAC.

If you are a fan of Mozilla Firefox, and Thunderbird like I am, then you will be happy to know that there are GnuPG plugins for both of them. Enigmail for Thunderbird, and FireGPG for Firefox. Of course you have to have GnuPG installed for the plugins to work.

If you have any doubts on the strength of the encryption, it uses PKI and the encryption keys can go up to 4096 bits, which is so strong that if you take all of the computing power on the planet it would still take something ridiculous like 10 billion years to crack (Give or take). I also found a quaint little article here about how the FBI has problems cracking PGP.

"So ya ya ya, yackity smackity... where do I download this fantastic software?"

I thought you would never ask. You can download it from the following sites:

Windows

Mac

Linux

Enjoy!

Written by El Di Pablo of Bauer-Power

Can I Replace Telnet With Open SSH on Windows?

For those of you out there still living in the dark ages, and still using Telnet on Windows because you haven't found a more viable alternative (You know who you are) We have some good news for you!

Maybe you haven't decided to switch to a more secure solution because you use Windows Servers and Windows hasn't adopted using SSH.

Maybe you think SSH is only for Unix/Linux.

Well, your excuses are no longer good here sonny boy. If you haven't heard there is an OpenSSH port for Windows. Now you can still use the terminal remote access method, but you won't be sending your login credentials and important information across the wire in plain text.

OpenSSH provides full support for SSH/SCP/SFTP. So what are you waiting for? Download OpenSSH and secure your servers.

As we always say at Asktheadmin.com The Safer the better! If we don't have to send our credentials as plain text, we are all for it. After all we do know how to use a SNIFFER!

From Their Website:

OpenSSH for Windows

OpenSSH for Windows is a free package that installs a minimal OpenSSH server and client utilities in the Cygwin package without needing the full Cygwin installation. This is similar to the package formerly available from NetworkSimplicity.

The OpenSSH for Windows package provides full SSH/SCP/SFTP support. SSH terminal support provides a familiar Windows Command prompt, while retaining Unix/Cygwin-style paths for SCP and SFTP.

Catch the download page here. [Via SourceForge]

_TheSecureAdmiN_

Is there a GOOD FREE anti virus and firewall solution?

One of my pet peeves is people with an antivirus that is not up to date. Seriously now, why even have antivirus if you are not keeping it up to date?

For those of you out there that don't have your antivirus up to date because you are too cheap to renew your license, don't fret! You are in good hands. I am a cheap skate as well.

Comodo is offering some fabulous FREE security software. Two of them I personally recommend, Comodo Antivirus and Comodo Firewall! Both of them come with a free lifetime license, which means no renewal fees ever! This also means, you can stay secure and still be a cheap skate!

"Who is Comodo?" you ask?

To quote their website, "Comodo is the 2nd largest Certification Authority for ensuring Identity Trust & Assurance on the web." Basically, they are one of the many company's out their that secure websites for banks and other businesses that do online transactions. (Kind of like Verisign). They offer the free software to get their names out there, a sort of free branding advertising if you will. Don't worry though, this software isn't ad-ware, and you won't be getting annoying "Buy me!' advertisements.

I am currently using Comodo's freeware on all of my computers at home, and they are working great! Uninstall your old, non-updated Antivirus now, and get Comodo in there right away! Don't leave yourself open to an attack.

Posted By El Di Pablo, A Guest Writer For AskTheAdmin.com. Keep up with his high tech antics on his blog at Bauer-Power.net.

FREE Full Hard Drive Encryption

So there you are at Starbucks sipping on your latte, and surfing on their incredibly high priced wi-fi with your brand new Alienware laptop thinking to yourself, "Self! This is a mighty good latte!".A few minutes later, you slip into a latte induced coma (Work with me here.)

After about an hour or two you wake up with foam and cinnamon all over your face, and a splitting headache, but that isn't the trouble. The trouble is that someone snatched your new Alienware laptop with all of your sensitive personal information (edit: a 24esque - mission impossible attempt in your stories to friends and family. We know how it goes. Que up the theme music). Stuff like bank information, passwords, etc! No biggy right? I mean you have a pretty good password. Seriously, who is going to guess banana12 right?


WRONG!



With FREE software available on the internet, you can boot up to a CD and browse files, or even change the administrators password on your laptop. Then all of your sensitive information becomes their sensitive information which they will use to take you for everything you are worth (It's called Identity Theft, look into it).

Well, the bad guys can't get to your information if you take stronger precautions to secure your data. One of the best ways you can do that is with full hard drive encryption. And lucky for you, I have tested a FREE software that can do it.

CompuSec is a free security suite that among many other things, encrypts your hard drive (including the operating system) using a fast 256bit AES encryption. When the bad guys try to look at your files, all they see is a blank hard drive.


So lets go back to our scenario then, the bad guy got your laptop, but you encrypted it using CompuSec... The joke is on him! Actually, that isn't true, he now has your $4000 Alienware laptop, but at least he doesn't have your personal information and you won't end up on Dateline's "To Catch an ID Thief."

Originally Posted on Bauer-Power By El Di Pablo

How can i come up with passwords that are complex and easy to remember? My short term memory is shot Help!

Unique and complex passwords are great and easy to come up with but remembering them - Now that's a totally different story! Have you ever considered using password phrases instead? Full sentences are easier to remember than obscure characters and have many benefits. Keep on reading grasshopper...

Did you know that Windows allows you to use passwords with up to 127 characters?

How does that help you Young Admin with a bad memory?

Its quite simple actually. I don't use passwords anymore. I will wait for the gasps to stop.

Yes, I have phased passwords out in favor of password phrases.

Why would you want to remember a password like BeDffd123cSwsspO0s129 when you could just remember a sentence like "suck giant monkey balls","Piss Off Wanker!" or "How much does this job suck!" (Well maybe not that last one if you need to document it!)

You can use uppercase, lowercase, special characters, or even spaces… but you are using them in context, which makes it much more natural to remember.

Post-it notes on your monitor are not secure and very 1999. Sorry Buddy.

It turns out that it is very difficult for a computer to break a password string containing more than 20 characters. It certainly couldn't be done on the fly. Most windows passwords can be cracked in no more than a few minutes and in most cases seconds.

If a skilled hacker can get physical access to your machine, they can boot to Knoppix or Ubuntu, and have your password in seconds. Even with multiple machines running brute force cracking programs, there is no possible way that someone could crack a password that long in a reasonable amount of time. Even if somebody had the super computing power to do so hopefully you change your password every few months or so.

It may be difficult to use password phrases on other operating systems, or especially on websites, because they don't properly handle spaces in the password, or have a small password length limit. One of the tricks that I usually do is use a password phrase without the spaces, if I possibly can.

Ok I'll wait while you go change your password ;)

_TheSecureAdmiN_

How do you protect young children from the evils of the internet?

How young is too young to be using the internet? What safe guards to you put in place to prevent your youngins from becoming victims of internet preadators? Do you but filters on, use special broswers or programs? What websites have you introduced your little ones to?

Are there any programs to run on your computer to let a little kid push buttons, move the mouse and make things happen - to get them used to the computer?

Hit us up in the comments and for those of you out there that are young yourselfs your going to get older and have kids someday so you can participate as well. Hit us up in the comments or email info @ nycomputerdoctors.com .

TheExpectingAdmiN_ _

I love that picture... :) Is that too young?

It's never to early and they are never too young!
So EduBuntu @ http://www.edubuntu.org/ looks to be a good choice for an OS and set up favorites for sites like:
http://www.noggin.com/, http://www.pbskids.com/, http://www.nickjr.com/ , http://www.playhousedisney.com/ , http://www.poissonrouge.com/

ALWAYS watch your children - let them browse but watch over their shoulders and be there for their questions. Because you know they will have them.

Thanks to Sarah from http://clanmcgrath.blogspot.com/2007/06/kids-internet.html

Keep em' coming ill update them as more come in.

AD Question: Admins how much do you lock down your clients and how do they get around the restrictions?

What types of security policies do you have in place? How much of it is through active directory? What are you blocking?

Do your users circumvent your policies? Would you know if they did?



What should I be locking down as an administrator? Can I be held liable for things that happen on my network under my nose?



_ _ YourFriendlyNeighborhoodAdmiN _ _

Question of the day (Updated With Answers!!): Web filters and how to get around them.

Mister Admin Guy,

My school administrators are fascists and block the majority of the web. I feel like we live in South Korea! Can you help me around it so I can get to your website and others - yes they blog blogger sites! Mother f&^%ers!!! I know you can use your technical ways to get me right on thorough - lickity split no problemo - right?

Censored In Brooklyn

Aight! Who can help Censored get around his web filters?? He will be back in school tomorrow morning- and we cant have him be bored in computer lab! I know some people would be like he is just trying to look at porn - why help him??

First of all dude is in COLLEGE why block him from sites? And second no one should be blocked - young kids shoud be monitored online at all times and taught right from wrong.

Nuff Said - Hit Censored up in the comments! Lets hear how you admins out there filter traffic and how you admins get around filters...

12:36 Answered:

Exactly and for the people who dont want to read through that great
article NinjaAdmin found from:

http://news.com.com/2009-1041_3-6062548.html?part=rss&tag=6062548&subj=news

You can use Google translator service as a proxy to bypass
restrictions of your institution, isp or company!

This makes most web filters see your request as being contained
within google.
You just need to goto the following URL:

http://www.google.com/translate?langpair=enen&u=www.BlockedWebSite.com

(www. BlockedWebSite.com should be replaced with the URL you need
to go to...)

What you'll get is the translation (english to english!) of the
page you want to see... your connection is directed to a google.com page so this page won't be blocked (would be blocked if google.com is on the black list), no matter what the content is. HA! Take That!

The URL has been tweaked for our purposes with the parameter being
"langpair"(1) is set to "enen" (englishenglish) so the page is processed by Google but you can keep the original language of the page.

If you need another language you just need to tweak the parameter
langpair to "frfr" and you'll be able to read french pages in french! Or
blocked english pages in french etc "enfr".

Thanks Google!

http://www.google.com/translate?langpair=enen&u=www.asktheadmin.com

What do you guys know about IP over Power Lines?

So we have a question from Angela out in New Jersey and she writes in:

"Hey there Admin,

I would like to find out if I can use these IP over Power adapters? How easy is it and are there any restrictions. Can it be dangerous? To me physically or my equipment?

I live in a 2 family house and have my circuit breaker on my floor. Will the neighbors be able to see my lan? Are there any safeguards like WEP? How far can this go? I have some outlets on my circuit in the backyard and by the pool as well. Could i have a networked tivo out there using this?

Needs Help In New Jersey"

I haven't worked with this technology at all but I have some buddies that are using it - anyone out there have any experiences they would like to share with the rest of the group?

Recommendations on brands anyone? Bueller?

Bueller?

Post your replies in the comments!

+TheAdmiN+

Resetting a Cisco 2600 Series Router PW - Physical Access Needed

I read this article via Digg @ Bauer-Power.Net and I really liked it. So here it is for your perusal. I have had to use this technique on more than one occasion and had to pull it off of Cisco's cryptic website but here it is:

"Have you ever heard the expression, "If you have physical access to a machine on the network, you can own that machine." I have, one of my professors at school harps on that all the time. I knew what he was talking about as far as Windows machines. I mean there are tons of free utilities you can use to reset the administrator's password in Windows. There are an equal number for Linux I'm sure, but what about a router? I'm not talking about a cheap D-Link router that you use at home, I am talking about production grade Cisco routers. Resetting the privileged mode password is really a simple process. In class tonight, we had a lab where we had to do password recovery on a Cisco 2600 series router. The process was really simple.

First of all, in order to reset the password you have to be physically connected to the console port, so forget the notion of telnetting in and "Hacking the Gibson."Now that you have picked the lock to get into the server room where the routers are, or if you are a network admin and you genuinely have access to the server room, you can hook up your laptop directly to the router's console port. With something like hyperterminal, make sure you have connectivity with the router (Check with Cisco's website for the hyperterminal settings).Now that you have a good connection, power off the router, then power it back on. After you turn it back on you have 60 seconds to press ctrl+break. Keep it held down until you see

rommon 1>.At rommon 1> type confreg 0x2142 the press enter.
At rommon 2> type reset.

Now the router will reboot and will now skip the startup configuration and you will now be prompted to go through router setup. When prompted, select no. We don't want to reconfigure the router, we only want to reset the password.

Now you should be at a prompt like this:

router>, type enable and press enter.

You should now be at a prompt like this: router#.

Type enable and your new password then press enter.

You should also reset the secret password by typing enable secret and the new secret password. Now with the passwords reset, save your changes by typing copy running-config startup-config and press enter. Now type config-register 0x2102 and press enter. Type reload at the prompt and the router will now be rebooted with your new password. Congratulations! You now own the box! Please keep in mind that this is for a Cisco 2600 series router. For the full step by step instructions for this or any other Cisco product, visit Cisco.com and do a search for password recovery."

Original Post: Bauer-Power: Information is Power!

Recover Windows XP, 2000, 2003 and NT passwords in a breeze for free... YES FREE!

I was able to use the cd image below to reset an administrators password to blank and then log in to a machine whose owner recently died.

Offline NT Password & Registry Editor (v060213 - February 2006)
Petter Nordahl-Hagen has written a Windows NT/2000/XP/Vista offline password editor:
http://home.eunet.no/~pnordahl/ntpasswd

This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2000/XP/2003/Vista system, by modifying the encrypted password in the registry's SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppy disk or CD. The boot-disk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Works with syskey (no need to turn it off, but you can if you have lost the key)
Will detect and offer to unlock locked or disabled user accounts!
Caution: If used on users that have EFS encrypted files, and the system is XP or later service packs on W2K, all encrypted files for that user will be UNREADABLE! and cannot be recovered unless you remember the old password again!
Download links:
cd070409.zip (~3MB) - Bootable CD image with newer drivers
bd050303.zip (~1.1MB) - Bootdisk image, date 050303.
sc050303.zip(~1.4MB) - SCSI-drivers (050303) (only use newest drivers with newest bootdisk, this one works with bd050303)
To write these images to a floppy disk you'll need RawWrite2 which is included in the Bootdisk image download. To create the CD you just need to use your favorite CD burning program and burn the .ISO file to CD.

_TheOnAndOffLineAdmin_

Access “private” folders protected by NTFS

I won’t go into the backstory on this, because it would take too long. Basically, the hard drive where Linux and Windows co-exist with a dual boot loader installed will not boot at the moment.

Rather than fight with the friggin thing, I swapped that hard drive with another drive that I had inside of an IDE-to-USB enclosure and installed Windows on it. I can just plug my former hard drive into a USB port and get at the files that are on it. This is just temporary. I had other things to do than fight with an obstinate motherboard.

One problem - The user went and made the‘\Documents and Settings\Administrator\’ directory “private”, just before taking it to the repair shop. When I plugged it into the USB port, Windows wouldn’t let me access that folder! Talk about Murphy’s Law.

Anyway, I searched around for a while for an an answer to this problem and it turns out to be ridiculously simple to fix.

1) Log into an administrator’s account
2) Go to Folder Options and turn off “use simple file sharing”
3) Right-click the protected folder, click “properties” and click the security tab
4) Take over ownership of the folder and all subobjects


Booo Yah! Take that Microsoft!
_TheAdmin_

Security Alert: SpyDawn - How to remove manually

SpyDawn at first glance may look like a legitimate application for the removal of spyware, but it's really a malicious program that issues fake warnings in an attempt to trick you into buying SpyDawn. SpyDawn may secretly install and automatically download itself onto your computer.

>> For SpyDawn Manual Removal, continue on reading. (Some technical knowledge required.)


You may be infected with SpyDawn if the file %ProgramFiles%\SpyDawn\SpyDawn.exe appears on your computer.

SpyDawn is part of a group of fake Anti-Spyware applications which falsely report spyware infections, then offer to remove these parasites for a fee. Rogue anti-spyware applications similar to SpyDawn include SpyCrush, Pest Trap, and VirusBurst.

SpyDawn Screenshot:


SpyDawn Manual Removal Instructions:

Note: This manual removal process is dangerous. To avoid the unnecessary risk of damaging your computer, download the removal tool to automatically remove SpyDawn.

To manually remove SpyDawn, follow these removal steps:

Remove these SpyDawn processes:
SpyDawn.exe

Remove these SpyDawn registry values:
Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn
HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyDawn

Unregister these SpyDawn DLL files:
xkrdk.dll
higehsg.dll

Detect and delete these SpyDawn files:
sd.ini
SpyDawn 3.1 Website.lnk
Uninstall SpyDawn 3.1.lnk
SpyDawn.lnk
SpyDawn 3.1.lnk

Here is a list of similar programs that look live removal tool that do more harm than good (if you need help EMAIL OR COMMENT!)

SpyLocked


Fixer AntiSpy


Spy Analyst


WinAntiVirus 2007


SpyCrush

I hate these kinds of companie that put out this CRAP! Make sure your antivirus/antispyware is running all the time kids!

_TheScamStoppingAdmin_

Sonicwall discontinues support for the pro line and soho line.

It looks like a few of my Sonicwall firewall appliances have become outdated today. I have to upgrade my pro 200, pro 300 and several soho3's. We will be replacing them with 2 Sonicwall 3060's and 5 TZ170.

We will also be getting the comprehensive security suite which is a great deal. It comes with 1 year of tech support, View Point Module, Security Services (spyware, antivirus and intrusion protection)for 1 year.

I will let you all know how it goes! Have you seen www.MisterCoputerHead.Com yet? The site looks good and is fully functional. They will have some free giveaways this weekend! Free Free Free!

We Love Free!
_TheSonicAdmin_

How to reset your (or someone else's) password on most Windows Operating Systems.

This is an oldie and a goodie. Using NT Offline Password and Registry Editor from http://home.eunet.no/~pnordahl/ntpasswd/. This small boot floppy or cd is fantastic and I have been using it for many years to reset peoples forgotten local passwords on laptops and even to gain admin access of Windows XP.

After you create your Boot Floppy or Boot CD you are ready to restart your machine with the disk in the drive. If your machine does not automatically boot to the disk you may need to adjust your BIOS settings (if you can).

For most users you can hit the enter key for the defaults... Password Reset... Edit user data and passwords...

Now you will have a list of users to change... If you select the default it is the administrator. Change the password to * this will blank it out. Save your changes then reboot.

Log into windows with the administrator account and a blank password! If you see the home logon screen with no icon for the administrator simply click control alt delete and type in your credentials!

Voila!

_ThePasswordCrackingAdmin_