Friday, April 30, 2010

MobileMe Mac Address Book & Calendar Syncing

For those of you who don't want the MobileMe offering, there's Fruux. I haven't tried it myself but I hear good things...

Monday, April 26, 2010

Guide: 10 tips for getting rid of stubborn malware

A helpful guide....

Guide: 10 tips for getting rid of stubborn malware: "

It doesn't matter how diligent you are about security, or how often we bang on about protection and prevention, sometimes the genie escapes the bottle and you find yourself in the unpalatable position of being infected by some nasty critter.

If you're having trouble getting rid of malware, read on for 10 handy tips that could prove the difference between reclaiming control of your PC or reaching for the recovery or reinstall disc.

1. Gain access to a clean PC

Do your research and download the tools and fixes you need on another PC that's not infected. Don't transfer anything via your network or a USB flash drive; instead, burn it to a CD or DVD, which won't pass on the infection after being in close contact with the infected computer.

Burn disc

BURN IT: Transfer files to an infected PC via a burned CD to prevent the infection spreading

2. Reclaim Safe mode

One nasty trick malware performs is to delete the SafeBoot Registry key, which basically cripples Safe mode. Open Registry Editor on a clean PC running the same version of Windows, browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ and export the SafeBoot key to a Registry file. Transfer this across to your infected PC and attempt to merge the REG file into your Registry.

Safe mode

SAFE BOOT: Export the SafeBoot key on a PC running the same version of Windows as your crippled computer

3. Stubborn Safe mode fix

Some malware actively monitors the SafeBoot key and deletes any changes made. To counter this, download UndeletableSafeBootKey from Didier Stevens. Extract the UndeletableSafeBootKey application and transfer this to the infected PC. Run this prior to importing your REG file, and the malware will be thwarted, giving you access to Safe mode again.

Stubborn malware

PROTECTED: This tool recreates an empty SafeBoot Registry key with permissions protecting it from malware

4. Safe mode with networking

If you're directly connected to your network via an Ethernet cable, or you're wirelessly connected and running Windows 7, choose Safe mode with networking to give yourself internet access when in Safe mode – you may be able to update your security software prior to running full scans, giving them the latest signatures that could prove crucial in detecting and removing the infection.

Safe mode with networking

ONLINE: Safe mode with networking may enable you to update your security tool prior to scanning with it

5. Construct a toolkit

Download the following tools on your clean PC and transfer them to your infected PC via CD – they can all be installed and run in Safe mode: Malwarebytes Anti-Malware, ComboFix, a2Free, Sophos Anti-Rootkit, HijackThis!, and Virus Effect Remover.

Also look for tools that deal with specific threats: Conficker Removal, CWS Shredder and SmitFraudFix, for example. If you know the name of the infection plaguing your PC, try Googling its name and the word 'removal' to see if any specific tools are available that could help.

Malware toolkit

PREPARED: Build yourself an armoury of security tools to help deal with any infections

6. Access Registry Editor

Virus Effect Remover should be able to undo the worst damage done by malware – the One Click Registry Heal button performs a number of fixes, giving you back access to key system tools like Registry Editor plus re-enabling critical functionality like automatic updates.

Virus effect remover

CLEAN UP: Virus Effect Remover contains a number of useful post-infection clean-up tools

7. Other fixes

We also recommend going through Virus Effect Remover's other tools to help identify and remove all leftover traces of malware. In particular, try Show Suspicious Files to locate hidden files in system locations (but note that most of these entries are legitimate, so only delete or restore those files you know to be affected).

Also use 'Scan Services' and 'Scan Startup' to check that malware isn't geared up to reinfect your PC the moment you leave Safe mode.

Virus effect remover

FINAL TIDY: Root out the remnants of any malware with the help of Virus Effect Remover

8. Internet connection fixes

Open a command prompt window with administrative privileges (you can do this from within Virus Effect Remover – click Other Tools > Command Prompt) and type the following two commands, pressing [Enter] between each:

netsh winsock reset

netsh int ip reset resetlog.txt

Exit and reboot back into Safe mode with networking to verify your connection is back.

Winsock

FIXED CONNECTION: Reset your network adapters via the command prompt to try to resolve internet connection problems

9. Keep scanning

Don't rely on a single security tool when scanning – use the other tools in our recommended toolkit alongside your main security program. If threats are found, deal with them, then immediately reboot and re-run scans again to verify the threat is gone. Don't be surprised to see it reappear – you may have to scan, remove and reboot a number of times before it's finally banished.

Make sure you get a clean scan immediately after rebooting into normal mode before assuming you're in the clear, then switch off System Restore to flush all Restore points and run a clean-up tool like CCleaner to give your PC a good clean out.

Malware scan

SCAN AGAIN: Don't expect all traces of the malware to disappear after a single scan and reboot

10. Burn a rescue disc

If all else fails and you're unable to boot into Safe mode or reclaim control of your PC, try burning a rescue CD from the likes of BitDefender, Avira or Symantec. If they can't remove the infection, they will at least enable you to rescue data prior to wiping your hard drive and starting again from scratch.

Rescue disc

RESCUE ME: If all else fails, burn a rescue CD from major security vendor and boot from that



"



(Via TechRadar: All latest feeds.)

Thursday, April 22, 2010

Dictionary Shortcuts

MacWorld just ran a very cool article that nearly slipped past me but turns out to be full of great little shortcuts.

This one was really cool, though let's see if I can remember the keyboard shortcut....

4. Use pop-up definitions

In many Mac programs, you can hover your cursor over a word and press Control-Command-D to see this definition balloon appear.One of my favorite OS X features, and one that too few people take advantage of, is systemwide pop-up definitions. In most recent Mac applications—including Safari, Mail, and most other programs that display text or let you edit text—just position the cursor over the word you want to define and then press Control-Command-D. A floating balloon appears containing the definition(s) of that word.
You can switch to the Thesaurus entries for that word using the pop-up menu at the bottom of the balloon, and clicking More will open the Dictionary application and look up the word.

A nice touch is that if you hold down Control-Command-D while you move the cursor around the screen, the definition balloon updates continuously to display information about whichever word is beneath the cursor.

Wednesday, April 21, 2010

In Depth: 10 great hardware tools you never knew existed

In Depth: 10 great hardware tools you never knew existed: "

Buy just about any item of PC hardware and it'll come with a disc packed full of utilities.

And if you're like us then you'll grab the bare minimum from it, probably just the drivers, then file the disc away, never to be looked at again.

That's a shame, though, because many hardware manufacturers produce excellent utilities to identify, monitor, test and optimise PC devices.

There are easy-to-use graphics card overclocking tools, motherboard monitors that keep you updated on voltages and temperatures, disk diagnostic utilities, network monitors, printing tools and more, all costing you nothing more than the time it takes to download them.

Some of these utilities will only work with hardware from the same company, of course, but a surprising number are more generally useful. MSI produce an excellent graphics card overclocker (see below) that's worked on every card we've tried, for instance, both ATI and Nvidia.

You're taking an extra risk if you use a tool in this way - there are no guarantees it'll work, in theory you may even damage your hardware - but we've yet to experience any significant problems.

There really is more to a hardware manufacturer's site than driver downloads and BIOS updates, then. They often have some very useful hardware-related tools, too - and here are ten of the best.

1. EVGA Precision 1.9.10

Are you getting the best from your graphics video? EVGA's Precision is a versatile overclocking utility that will fine-tune your video card for the maximum possible performance. You're able to tweak your core, shader and memory clocks by dragging a slider. It's possible to create up to 10 profiles with different settings, and you can even assign hotkeys to them for instant switching.

Great hardware tools

In theory, Precision is for EVGA 6, 7, 8, 9 or 200 series graphics cards only. But in practice, we've found it works on other GeForce cards, too: when RivaTuner wouldn't overclock our BFG GeForce 8800GTS, for instance, EVGA Precision stepped in and did the job very well. Just keep in mind that this isn't supported, and there may be a risk that Precision will adversely affect non-EVGA graphics cards.

2. ATTO Disk Benchmark 2.46

ATTA are experts in manufacturing high-end storage connectivity products, like host adapters and storage controllers. So who better to produce an accurate, reliable hard drive benchmark?

ATTO Disk Benchmark is highly configurable. You can try different transfer sizes (512KB - 8MB) and lengths (64KB - 2GB), there's support for overlapped I/O and a variety of queue depths, and a direct I/O option carries out testing with no system caching. Results appear on a graph, or you can save them for reference later.

Great hardware tools

ATTO Disk Benchmark is also surprisingly compact, at a tiny 237KB, and even better - it's portable. Unzip it to a USB drive and it's ready to use on any nearby PC.

3. D-Link Network Monitor Widget

If you need to keep an eye on your network's activity then D-Link's monitor widgets could be very useful. Web, wireless and wired network send and receive rates are displayed in real time on an attractive, if somewhat bulky interface. And more in-depth details, like IP addresses of networked devices, security settings, port connections and more are just a click away.

Great hardware tools

You'll need a D-Link DIR router (DIR-625, DIR-628, DIR-655, DIR-825, DIR-855), or the DGL-4500 for the display to work. But the program is available on three widget platforms: Yahoo!, Mac Dashboard and the Windows sidebar.

4. Seagate DiscWizard

Seagate don't just make hard drives - they give away some useful drive management software, too, and DiscWizard has to be one of their better freebies.

The program works well as an image backup tool, for instance, quickly creating an exact copy of the drive you specify. It's able to create a bootable recovery disc, which can then restore the last backup if your hard drive becomes corrupted and Windows won't start.

Great hardware tools

But you can also mount the image as a temporary drive within Windows, letting you restore just the specific files and folders you need.

But if that's not enough, then you can also use DiscWizard to help add a new drive to your system, or clone your existing partitions to a new drive so you can boot from that instead.

The program works with Seagate and Maxtor hard drives.

5. MSI AfterBurner

MSI AfterBurner is an interesting video card overclocking tool that's based on RivaTuner, but with a flashy interface that's also rather easier to use.

Straightforward sliders give you immediate control over voltages, core, shader and memory clocks, as well as fan speeds. You're able to save your settings in up to 5 different profiles, which can then be called up whenever it's appropriate. And a history window tracks your GPU temperature, GPU usage, clock rates and more.

Great hardware tools

The program works with both ATI and NVIDIA technology on most MSI graphics cards. We've found it works with cards from many other manufacturers, too, but as ever - be careful if you go experimenting. Mistakes when tweaking voltages, for example, could cause real physical damage to your card.

6. Hitachi Drive Fitness Test 4.160

How healthy is your hard drive? If you're not entirely sure then the Hitachi Drive Fitness Test (DFT) may be able to provide an answer.

The program comes on a bootable ISO file, so you must burn it to a CD first. Start your PC from this, let the DFT launch its tests, and it'll report on problems like temperatures, media errors, S.M.A.R.T.-reported issues, and more.

Great hardware tools

You'll get the best results with Hitachi and IBM drives, where for instance DFT can even attempt to repair unreadable sectors. But the program will run some tests on other drives, too, including the Exerciser, which can keep the hard drive active for hours at a time - perfect for picking up intermittent temperature-related problems.

7. Intel Processor ID Utility

The recent news that a US retailer was found to be inadvertently selling fake Intel CPUs suggests that it's a very good idea to check any hardware you buy, just to be sure you're getting what you've paid for.

Great hardware tools

And in the case of Intel CPU's, there's no better place to turn than the company's own Processor ID Utility. Run this and it quickly reports everything you could ever want to know about your processor: speed, number of cores, L2 cache size, the technologies it supports, the packaging, and more.

There's also a bootable version that you can use to check the CPU in a system that won't otherwise start (or isn't running Windows), but beware - this can be difficult to get working.

8. Seagate SeaTools 1.2.0.1

SeaTools is Seagate's own hard drive diagnostic tool, that will quickly check the condition of USB, 1394, ATA (PATA/IDE), SATA and SCSI drives.

Tests available include a S.M.A.R.T. check, the option to call the drive's own internal self-tests, a quick scan of key drive areas, or a full check of every drive sector (with the option to repair any that are faulty).

Great hardware tools

The program works best with Seagate and Maxtor drives. Seagate say it also works with other drive types, but we found these weren't always detected.

Still, it could be a useful diagnostic tool to have around. SeaTools isn't supported on Windows 7, unfortunately, but there is a bootable alternative you can use, and this can also be used to check PCs with no operating system at all.

9. HP Photo Print Gadget

This clever Windows gadget makes it much quicker and easier to print photos. Just configure it with the print size you need, and you're ready to go.

Now, when you want to print an image, all you need to do is drag and drop a file onto the gadget. Or, if you're viewing one of the supported websites, (Flickr, PhotoBucket, MSN Mail, Gmail, Snapfish) you can also drag and drop an image directly from the page. And then the program goes to work.

Great hardware tools

First, it detects the orientation of your image (portrait or landscape). Then it uses HP Smart Crop technology to ensure your subject's head isn't cropped out in landscape photos. And finally, it sends your image to the printer, using the print size you've defined (so no need to change it manually beforehand, then back again for the next regular print job).

Best of all, you don't need an HP printer to take advantage of it. Well worth a try.

10. Asus PC Probe II

Is your PC behaving oddly? Maybe there's a hardware cause, a temperature or voltage problem. To find out you need a hardware monitor, and the first place to go looking is your motherboard manufacturer.

Asus PC Probe II, for instance, displays live information on motherboard voltages, temperatures and fan speeds. Play games or otherwise stress your hardware, watch the figures change, and you just might discover the real cause behind your PCs crashes, hangs and other issues.

Great hardware tools

If you'd like to give it a try then visit the Asus support site, search for your motherboard and check the available downloads.

Most motherboard manufacturers have their own equivalent tools, though, and many go much further. MSI Dual Core Center lets you overclock your system from Windows, for instance. And Gigabyte EasyTune 6 provides easy access to many BIOS options from the desktop.

Check your motherboard manufacturer's support site to see what downloads are available - you might be surprised just how powerful they can be.



"



(Via TechRadar: All latest feeds.)

Tuesday, April 20, 2010

Troubleshooting Blue Screen of Death (BSOD)

TechRepublic has some tips for troubleshooting BSOD issues.

10 ways to make your Samba life easier

10 ways to make your Samba life easier: "

Samba allows Linux, Windows, and Mac to communicate with one another, but it has a reputation for being tricky to configure and administer. Here are some ways to reduce Samba headaches.





Samba is essential for many SMBs. Not only does it work like a champ as a file server, it does so at zero software cost. The biggest hurdle to adoption is what most people consider to be complicated setup and administration. Like many assumptions about the Linux operating system, that’s a myth. Samba does not have to be a challenge to configure or administer. In fact, it can be downright simple. Here are some tips to make your Samba life is as painless as possible.


Note: This article is also available as a PDF download.


1: Share folders from your desktop


The two main desktops, GNOME and KDE, now have easy tools to facilitate sharing folders with the help of Samba. If Samba is installed (as well as kdenetwork-filesharing, nautilus-share, and libpam-smbpass) on the machine, all you have to do is right-click a folder, select Share Options (in GNOME) or Properties | Share tab (in KDE 4). When you set sharing up this way, you won’t have to configure Samba by hand.


2: Use a GUI tool, such as Gadmin-Samba


If you don’t use GNOME or KDE (or would rather have a GUI tool that has more options and security), you can easily install a tool like Gadmin-Samba to take care of your Samba configuration/management needs. This tool doesn’t help with GUI-less Samba servers, but it will certainly help anyone needing an easier means of configuring Samba than cracking open that smb.conf file.


3: Don’t forget to add users with smbpasswd


One of the biggest mistakes I see with setting up Samba is forgetting to add users to the smbpasswd file. This is easily done using the smbpasswd command like so: smbpasswd -L -a USERNAME (Where USERNAME is the name of the user you want to add) and smbpasswd -L -e USERNAME (again, where USERNAME is the name you want to add). If you don’t add users to the smbpasswd, they’re going to have a lot of trouble connecting.


4: Use the mode/mask options


When you (or your users) want or need to create files and folders on the Samba share you’re connected to, the parent folders must have been created with the right permissions. To ensure this happens, you must add the create mask = 0777, create mode = 0777, and (if your share is being particularly stubborn) force create mode = 0777. These will ensure that all directories/folders created within the parent have read/write permissions. NOTE: Use this with caution, as it does make those directories/files fully read/writable.


5: Create smaller shares instead of one big share


Some people are tempted to create one big share that all users can access. This can cause a problem because all users will be able to access the entire contents of the folder. Instead of this approach, create smaller shares allowing only specific users to access them. This will give you better control over security and a better file system structure.


6: Don’t forget to restart Samba


This one trips up a lot of people. If you make a change to your Samba configuration, make sure you restart Samba. You do this with a command similar to sudo /etc/init.d/samba restart. It’s an easy step to overlook.


7: Use the right security mode


This is a hotbed of contention. Most want to go the route of uber paranoia (and I do not blame them). The only problem is that it does make your Samba setup much more complicated. My preferred method (and this is ONLY on a secure internal network) is to use security = user, which means anyone that has an account on the server serving up Samba shares has access to the shares. There are actually five modes of security: User, Share, Domain, ADS, and Server. Check out this page for a detailed description of each.


8: Keep the smb.conf file simple


When you install Samba, the /etc/samba/smb.conf file can be rather confusing to the uninitiated. This confusion, ironically enough, is generally due to the amount of comments in the file (comments meant to make understanding the file much easier). The configuration file really only needs (at minimum) a [Global] and a [Share] section. The cleaner and more minimal you keep this file, the easier it is to set up. I always just make a backup of the initial file and create my own smb.conf file that looks similar to this:


[global]

netbios name = NETBIOS_NAME

workgroup = WORKGROUP

security = user

encrypt passwords = yes

smb passwd file = /etc/samba/smbpasswd

interfaces = 192.168.1.1/8


[SHARE]

comment = COMMENT

path = /PATH/TO/SHARE

writeable = yes

create mode = 0750

locking = yes

Configure this to suit your needs and you’re good to go.


9: Automount using /etc/fstab


A lot of people don’t know that you can use /etc/fstab to automount your Samba shares. By doing this, you won’t have to manually mount those shares every time you reboot (which is rare anyway, right?). A typical /etc/fstab entry for automounting a Samba share will look like this:


//SAMBA_SERVER_ADDRESS/SHARE     /PATH/TO/MOUNT/POINT    cifs  credentials=/etc/samba/user.cred 0 0

10: Learn how to ‘cross-platform connect’


Because Samba is so friendly to most every operating system, why not learn how to connect to a Samba server from Linux, Windows, and Mac? Each OS has a different method. Let’s take a look.



  • Linux: The best method is in GNOME. Click on Places | Connect to Server. You will want to select Windows Share.

  • Mac: From the Finder click <Apple>k and enter the address of the server in the form smb://ADDRESS_TO_SERVER.

  • Windows: Open up Explorer and enter \\ADDRESS_TO_SERVER.


Use caution


Don’t forget: Always consider security first. Make sure your network is safe from unwanted users and traffic before opening up Samba to anyone and/or everyone.


Your turn…


These tips will make your life with Samba much simpler. Do you have other tips to add to this list? If so, share them with your fellow TechRepublic members.





Check out 10 Things… the newsletter


Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic’s 10 Things newsletter, delivered every Friday. Automatically sign up today.







"



(Via 10 Things.)

Monday, April 19, 2010

In Depth: How to create your own free computer forensics kit on a USB drive

In Depth: How to create your own free computer forensics kit on a USB drive: "

The super-sleuth detectives in TV show CSI have some very nifty tools to help solve crimes. But the need to keep things interesting and wrap the show up in an hour means the technology used in each episode bears little resemblance to the work of real forensic experts. Or does it?

When it comes to computer forensics, today's tools are becoming more advanced, leaving fewer places to hide information. This tension between fact and fiction took on a whole new dimension when Microsoft's police-only forensic toolkit was leaked on the internet. Reports say that it has more in common with CSI than The Bill.

We're going to show you how to mimic Microsoft's offering using open-source software to unlock Windows accounts, investigate suspicious activity, see any file on a Windows disk and even peruse files that others believe have been permanently deleted.

Forensic toolkit

During November 2009, it was announced that someone had leaked Microsoft's secret crime-fighting software online.

Described as a collection of programs linked by a sophisticated script, hackers and other cybercriminals had been dying to get their hands on it for some time. Now it's reportedly available to anyone brave enough to download and install it.

The Computer Online Forensic Evidence Extractor (or COFEE for short) has been available to police forces since at least summer 2007, and is designed to gather forensic evidence at crime scenes and during raids from the still-running PCs of suspects and victims.

COFEE

COFEE reportedly takes the average police officer about 10 minutes to master, and comes supplied on a bootable USB pen drive. It enables trained officers to gather evidence from a running system without the need to call in cybercrime specialists, thereby speeding up investigations.

The USB drive itself is said to contain a package of about 150 forensic programs that enable an investigator to record sensitive information like internet history files and complete practical tasks like deleting Windows passwords. It also enables them to upload the recorded data for further analysis.

By April 2008, it was reportedly in use by over 2,000 law enforcement officers throughout 15 countries. At the time of the leak, Microsoft claimed that COFEE was nothing more than a collection of commercially available programs brought together in a single handy package, which it makes available free of charge (if hitherto secretly) to help combat computer crime.

If that's true, then is it also possible to create your own version of COFEE using free, open source software that will grant you complete access to a Windows computer?

The answer is a resounding yes, but we must stress that using what you're about to learn for malicious purposes on a computer you don't own isn't big and it's certainly not clever. Don't use the following information to try to hack other people's computers or networks. Without the in-depth knowledge required to cover your tracks, you'll be caught and will probably face prosecution.

If you hack computer systems in the US and get caught, you should be prepared to undergo a one-sided extradition process and go through a judicial system that will put you on a par with hardened terrorists before forcing you to serve a long prison sentence.

There are plenty of commercial computer forensics systems around these days, but many of them cost serious money or are only available to the police. However, the open source community has a solution in the form of a special Linux distribution called Backtrack 4.

Introducing Backtrack 4

Backtrack 4 is based on a stripped-down version of Ubuntu Linux, which is a popular choice for home users because of its ease of installation and use. The makers of Backtrack 4 have stacked the application with special security and forensics tools. These make it extremely useful to network security specialists and police forces, as well as anyone interested in knowing exactly what's happening on their own networks and any second-hand machines they've bought.

Despite being Linux-based, Backtrack will grant you complete access to data stored on computers running any version of Microsoft Windows. That's because Windows isn't running when Backtrack is booted from a DVD or USB pen drive.

Linux can read Windows disks, but it doesn't obey the file permissions, so the machine's hard disk simply seems to contain a lot of files waiting to be accessed. As well as booting and running directly from a DVD as a Live CD installation that never installs on your computer, you can also install Backtrack on a hard disk as the only operating system, or next to an existing Windows installation.

If you plan to install Backtrack on a USB pen, you'll need one with a minimum 2GB capacity. This booting option brings Backtrack closer to Microsoft's COFEE than any other option.

First, you need to download the Backtrack 4 ISO file, which is just under 1.6GB. You can download it from the Backtrack site directly or click the 'Torrent' link on the same page. There are multiple sources from which you can leech parts of the file in parallel, so in practice it's faster to download the ISO as a torrent.

Once the ISO has downloaded, use it to make a bootable DVD. We've listed a free and easy to use CD/DVD package capable of making bootable disks in the Resources section. When that's done, test your work by ensuring your BIOS is set to boot from CD/DVD before attempting to boot from your hard disk, then insert the DVD and reboot the PC. Select the option to boot with a screen resolution of 1,024 x 768.

Backtrack boot

When Backtrack has booted, you'll see a command line. To start a desktop environment, enter the command startx and press [Enter]. After a few seconds, the standard KDE desktop will start.

Find your way around

Backtrack is loaded with all the obscure little utilities used by professional security consultants. Many of them are fiddly command-line programs, but a lot have graphical front ends that make them simple to use.

Hover your mouse over the icons on the menu bar at the bottom of the desktop and KDE will tell you the name of each one. We'll use the names that appear when you do this to make thing easy to identify here.

The network interface cards are designed for network security work, and are disabled by default when you boot up Backtrack. This is because if anyone (or anything) is listening to network traffic, the last thing you want to do is announce your presence by requesting an IP address over DHCP.

To enable networking, click the black Konsole icon to open a terminal window, then enter the following command:

/etc/init.d/networking start

After a moment or two, during which lots of verbiage scrolls up the screen, open Firefox (the icon is next to the terminal on the menu bar) and enter www.google.com as a URL. You should see the world's favourite search engine appear.

networking

Much like the Start button in Windows, the left-hand icon on the menu bar brings up the installed programs and system configuration options. This is called the K menu and is organised into subject areas. The one we're most interested in is the first: 'Backtrack'.

Click on this and you'll see a submenu containing categories of hacking programs, with which Backtrack has been preloaded. Clicking one of these reveals nested subcategories right down to individual programs.

Map the neighbourhood

Let's begin by scanning the local network for hosts (another name for networked computers). Starting from the K menu, select 'Backtrack | Network Mapping | Identify Live Hosts | Autoscan'. A wizard will appear. Click 'Forward' and you'll be asked for the name of a network to scan.

Leave this as 'Local network' and click 'Forward' again. The next screen asks where the network is located. We're scanning the local network, so accept the default of it being connected to your computer by clicking 'Forward' once more.

Next, select the default network adaptor. This will usually be called 'eth0'. If you don't see any adaptors in the pull down menu, it's because you didn't start networking earlier. Close Autoscan, start networking and run Autoscan again. Click 'Forward' one last time to confirm what you've asked Autoscan to do, then maximise the user interface that appears so you can see everything.

Autoscan now contacts every possible IP address on the local subnet to see if there's a machine connected to it. If there is, it adds an entry to the left-hand pane. Notice that in some cases, Autoscan can even tell you the username that's logged in.

When you select a host, Autoscan will attempt to gain more information about it for you. A wizard will also appear, asking you to add it to the Autoscan online database. Cancel this. You can go between tabs between the interface's right-hand panes to display a summary of the machine, detailed information or an inventory.

Autoscan works by sending a stream of specially crafted packets to each host in turn. These are designed to return information about the running system and can give away a surprising amount of information. Autoscan is a useful tool for detecting whether your neighbours are leeching your Wi-Fi, for example. If you don't recognise a host, it's probably an intruder – so up your security!

Wipe passwords

Logging into a Windows system is easy using Backtrack, even if you don't know any of the usernames or passwords that have been set up. That's because you can use a utility bundled with Backtrack to remove the password on any Windows account, including administrator accounts.

This is possible because of a file called the SAM (Security Access Manager), which is normally locked by the Windows kernel so that no one else can read it. This is modifiable while Windows isn't running.

First, we need to find out where the system's hard disk resides in Linux. To do this, click the Konqueror icon on the desktop menu bar. This will open the Konqueror desktop browser. Click the 'Storage media' link. If you don't see anything right away, press [F5] to refresh the view.

Among the media that Backtrack knows about on your system, you'll see your hard disk. Click this and you'll see the folders in C:\, which is useful if you need to copy, add or modify files without logging into Windows directly.

Now select the Home icon on the Konqueror toolbar (the one that's shaped like a house) and click the blue 'up' arrow next to it. Click the Media folder, and then the 'Hard disk' icon again. The location bar will change to give the name we must use to access the disk. It'll be something like '/media/disk'.

Chntpw

Now, from the Start menu, select 'Backtrack | Privilege Escalation | Password Attacks | Chntpw'. 'Chntpw' stands for 'Change NT Passwords' and it works on all versions of Windows. When you run the command, a terminal window opens. You can ignore the verbiage on the screen and enter the following command:

chntpw -i /media/disk/Windows/System32/config/SAM

The capitalisations are very important here – 'chntpw' is all lowercase. If your Windows partition is called something other than 'disk', put its name in place of this in the command.

Press [Enter] and a text-based menu will appear. Select 'Option one' and press [Enter] again. This gives you a list of the Windows user accounts. Type the name of the account you want to change (taking care to use the correct case for each letter) and then press [Enter].

Chntpw displays lots of details about the account and gives you a number of options. Select 'Option one' and the password will be removed from the account. To exit, type ! and press [Enter], then press [Q] and hit [Enter] again. Chntpw will ask if you want to write the hive files. You do, so press [Y] followed by [Enter].

If you now reboot into Windows, you'll be able to log into the account you've changed without being prompted to enter a password.

Recovering deleted files

Many people believe that when they delete a file and then empty the Recycle Bin, it's gone for good – but this isn't the case. Windows, like all modern domestic OSes, simply marks the sectors on the disk occupied by the deleted file as available for future reuse. It would be inefficient to overwrite the data those sectors contain until new data is ready to be stored.

In the meantime, the old file is still there, available to be read by anyone with access to a file recovery utility. Backtrack contains several such applications. Among the easier to use is PhotoRec, which is capable of scanning a hard disk and recovering a comprehensive list of all files marked as deleted.

In fact, it can recover far more than just files deleted by users, including temporary files left over from when the operating system was installed. This means it's a good idea to have a spare USB pen drive handy to store the recovered files for later perusal, because they can easily run into the thousands.

To get going, insert the drive and run Konqueror. Click 'Storage media' and then select your USB pen drive to ensure that Backtrack is aware of it. You can leave Konqueror open and check the scan's progress later.

Now run PhotoRec by navigating to 'Backtrack | Digital Forensics | Forensic Analysis' and then selecting 'PhotoRec'. The program itself runs on the command line, but it's menu driven, making it easier to use.

PhotoRec

When PhotoRec runs, it first presents you with a list of the hard disk partitions on the computer. In the case of a Windows-only machine, there'll probably be only one large one. However, in some Windows 7 installations, there may be a second, small partition that the system uses to store recovery data.

Use the up and down arrow keys to select the main partition, then press [Enter] to continue. PhotoRec can understand a large number of partition table types and will automatically identify the one used on your disk, so accept the default on the next screen by pressing [Enter] again.

The next screen enables you to specify the file types to recover. Use the left and right arrow keys to highlight 'File Opt' at the bottom of the screen. Next, press [Enter]. The resultant display will give you a long list of all the recognised types.

If you only want to recover one file type (JPG, for example), press [S] to deselect everything, then scroll down to the relevant type and press [Space]. You can use the [Page up] and [Page down] keys to navigate through the list more quickly.

Once you're happy with your file type selections, press [Enter] and select the filesystem you want to scan. Use the left and right arrow keys to select the 'Search' option, then press [Enter]. This presents you with a choice of file system types.

For a Windows filesystem, make sure you select 'Other', then press [Enter]. On the next screen, select 'Free' to ensure that the program only scans disk sectors that are marked as free space. Press [Enter] again to continue. You'll now be asked where to store the recovered files.

The default is the directory '/usr/local/ bin', which is on the boot media. Press the left arrow key three times to get back to the root directory, then press the down arrow key repeatedly to navigate to the media directory. When you reach it, press [Enter] to see the media connected to the system.

One of the devices you find should be the USB pen drive you inserted and navigated to in Konqueror just a moment ago. Select this and press [Enter] again. Finally, press [Y] to begin recovering deleted files. The extraction process can take quite a while, depending on how much free space there is to scan on the disk and the number of file types you've specified.

As the scan progresses, the number of files of each type will increase. PhotoRec creates a long list of subfolders in which it stores all the files it's recovered. By perusing these, you may be able to locate some interesting or even incriminating pictures and other documents.



"



(Via TechRadar: All latest feeds.)

Microsoft debuts 'fix it' program

Microsoft debuts 'fix it' program: "Windows users suffering PC problems can now turn to software from Microsoft that will automatically diagnose and fix common bugs."



(Via BBCTech.)

5 handy apps to monitor Windows system resources

5 handy apps to monitor Windows system resources: "

When your PC seems slow or unstable, or you think it might be infected by malware, your first step should be to take a very close look at the processes it's currently running.

The question is, how do you take a peep under Windows' hood and find out what's ailing it?

You could turn to the Windows Task Manager, but that provides only basic information. If you want an in-depth report – something that makes it easy to spot and control unnecessary, resource-hungry or malicious processes – you'll need to try an alternative.

Here are five of the very best apps available to download.

1. What's Running 3.0

At the heart of What's Running is a Task Manager-type display of all the processes running on your PC. Clicking a process will display a graph showing its recent RAM, CPU and I/O activity great for identifying programs that are hogging your system resources.

Whats running

If you don't recognise a process, right-clicking it reveals a 'Check online' option that compares its name to an online database and will usually give you more details about it.

What's Running crams in plenty of functionality. Its tabbed interface shows you running services, loaded drivers and DLLs open internet and network connections, start-up programs and basic system information. The program even provides a snapshot feature to save all this information.

You could set a baseline snapshot this month, say, then compare it with another next month to see what's changed. This is helpful if you're trying to find out why your system has suddenly become unstable.

What's Running has one or two problems: we found the interface occasionally confusing and it won't list the files, Registry keys and other Windows objects opened by your processes. The program does make it very easy to access a great deal of useful system information, though, and it's definitely worth a look.

2. Process Explorer

Launch Process Explorer and you'll see a colour coded tree view of your processes that makes it easy to see what's running. If you spot a name that looks unfamiliar, simply right-click it, select 'Search Online' and the program will launch a web search to help you discover what it is.

Process explorer

Click a process to reveal the DLLs and other modules it's loaded, as well as the files, Registry keys and other Windows objects it has open. Doubleclick to display a process's performance graphs, open network connections, thread details and more.

There's even a Strings tab, which displays text strings inside the executable file – very useful if you're trying to identify malware or find out what a particular process is doing.

Process Explorer doesn't have as many extras as some of the competition (there's no list of start-up programs, for instance), but that's because it concentrates purely on Task Manager-type functionality. In fact, it's produced by Microsoft. It's lightweight, extremely reliable and portable, making it a must-have for your troubleshooting toolkit.

3. Anvir Task Manager

Check out the Startup tab in Anvir Task Manager – it gives you control over all the processes that are launched when Windows starts. Its Log window records major PC activity, such as processes started and windows opened.

Anvir

There's also Tweaker for Windows, a TweakUI-type app that provides easy access to more than 100 hidden Windows settings.

4. Process Hacker

This tool's top features include a Services tab, which you can use to view, stop and start services; a Network tab that displays open internet connections; a Hidden Processes tool that detects simple rootkits; and an option to trim the working set of selected processes to help free up RAM on your machine.

Process hacker

5. System Explorer

This program is particularly good when it comes to identifying mysterious processes. With just a couple of clicks, you can look up a process name in the software's own database, search for it using Google or upload its file for a malware check at either virustotal.com or virusscan.jotti.org.

System explorer



"



(Via TechRadar: All latest feeds.)