How To Protect Your Privacy & Anonymity (Beginner's Guide)

            Before I begin, I would like to discuss basics of overall ITSec scenario & cyber ethics that everyone should follow in day to day use. The internet is for all people, that means good and bad. Programmers, web developers, casual users, social networking etc.  We all use internet with different motive and attitude. However, there are some people use internet for malicious activities. As a whole, they are called Black Hat hackers. Many people don't know that all hackers are not bad. Some white hat hackers often help users, government to catch and trace back many malicious activities on internet. I will be focusing here on black hat only. Because they are the one we should be worried about. Black hat are the one breed that exist only for few motives which are money, reputation and publicity and sometimes boredom. These people will try to steam your personal data, banking passwords, steal, blackmail and all sorts of cyber crime. So how to protect yourself? Lets find out..

Getting Anonymous

While browsing internet, many people dont bother to give up their real name, address and sometimes contact number also. When a black hat gets any piece of information on you, he/she can began searching more information on you and many times if you use right tools, you can find all relevant information about a person on internet. There are tools available that will practically search whole internet about one person, that means in 3-4 years ago if you put something about yourself (could be nonsense) on some xyz site, it will get collected with all other data about you and became relevant information. Hackers will only have to put all pieces together.

------------------
IP(location)- Many sites use cookies to trace user location through (Internet Protocol) IP  geolocation. This gets messy if you have static IP. Its like walking on the streets with your cellphone number on your forehead. You wouldn't want everyone to know your number, right? Most people don't reveal their location to other people. That does not mean, your location can still be exposed. Your IP can easily expose where you are in world.

Name- It is important to not reveal your real name on the internet. If you spend a lot of time on the internet, it is better if you get a sudo(fake) name for internet. As you can see I have identity with name WAR379k (that is warlock, yes as in Die Hard movie!). Even better, use multiple names on the internet.

Birth Date- Okay this is very crucial NOT to give your real birth date on any site except Google, paypal, ebay etc on which you trust. If any black hat found your birth date, he can easily use more social engineering skills to get more information on you and can reset passwords of your facebook or gmail account easily.
------------------

Now we know how important role played by your IP. We need to prevent this from happening. A VPN (Virtual Private Network) are the best solution for protecting your IP and relevant data. VPN will mask your real IP with its own IP so any trace will end at VPN end and your real identity will be secure.  You can use multiple tools like add on proxies in browsers and VPN on the whole network. Its up to you how deep you want to follow rabbit hole :)

Protecting yourself -Online
Online protecting yourself is little bit same with using VPN and  proxies to use internet.
TOR- Tor project is one of the best solution so far for online protection. Tor creates chain of proxies that are interlinked with each other & only first proxy will know your real IP. It gets really hard for anyone to trace back to you. Recenly group of white hackers and programmers built whole Operating System dedicated to just online anonymity.  Do check my previous article with TAILS operating system.
There are few really good browser addons that will help protecting online security. Few of them are WOT, AdBlock Plus, NoScript, UltraSurf, Zenmate. Most of them support browsers like Firefox and Chrome.

Protecting yourself -Offline
When you download any software from internet, you might get unwanted bloatware on your system that can trace your activity. Also make sure you have AV installed on your system. Viruses, trojans will hurt your system's health and it can reveal your passwords.

There are few good antivirus products which are free.
1.Avast
2.Avira
3.AVG

Free VPN softwares
1.HotSpotShield
2.Cyberghost
3.PureVPN

Some other softwares
1.MalwareBytes Anti-Malware
2.ThreatFire
3.Winpatrol

Linux- Tails Overview

Hello,

Over the last few years, I have turned from windows to linux. As it gives much more options for playing with hardware and software. Recently, I came around with new Linux distro, tails.

My several attempts to install Tails in VM as well as on USB failed, as it was very recent and under development version, I presumed that it would happen.

After few months, it got worked & I think it is a new step towards privacy. Some features that makes it much better choice than other linux distros. As being linux, it is free, it does not need installation(Live).

1. Extensive Tor Support- Those who knows onion routing, all connections from OS to anywhere are default go through Tor Network. To be frank, there is no any option to Tor when it comes to privacy. And even if you have other options like VPN, still you can not trust private companies when it comes to privacy.
 2. Encryption- All files/folders/emails etc are encrypted with LUKS algorithm. Which is pretty standard.
Also everything you browse, regardless of TOR, is encrypted with standard HTTPS.
 3. Traceback- Shutting down Tails is my favorite part. I do not see any other OS that clears all files generated by OS at the time of booting and additionally it wipes out RAM too. As we have seen data can be retrieved from RAM even if computer is shut down. That is the best part!

As it is not yet fully supported with Virtual Machine, hopefully it will get very soon. 

Tails ISO https://tails.boum.org/download/index.en.html 

5 Ways to Check Website Security Without any TOOL

"This is not the 80s, no one says 'hack' any more"

There are various tools available for web testing. You can check website security without any 3rd party tool. 

Here's what I do for web penetration testing of my own website. 

Go to site

www.example.com

1.Search Directory Listing

type www.example.com/test

"test" is my favorite word. I wanted to check security of a website & test is the word that popped in my mind so I typed 'test' insted of /login.php & I was watching the directory structure of website.

It took me 2 minutes to locate password.txt file which was never intended to view by anyone from the website.

2.XSS
Look for search boxes in website
type

  


hit search. If website throws alert box then you can perform advanced xss script to get user cookie.

3. Code

Most of the times web developer make mistakes in code. You can look for get, post methods. You can even fatch name of database which is important. You can check loops and then try to overwrite that logic by other methods like sql injection

Firebug is excellent addon to check programming flaws in website or web-app.

4. SQL injection

This is most notorious thing to do with websites. For that you need knowledge of website scripting & overall how to make a complete website. If you are good in web development and sql then you are good to go.

Start by injecting website url with error

www.example.com/login.php'
(beware of ' sign)

look for error that throws server name, version & other details even sometimes piece of code.

Also look for any input box in website. You can use search box, username & password box anything that accepts input from user. Put test’ OR 1=1. You will get logged in with admin privileges because admin is usually 1st record of database. For more, Google with keyword sql injection basics or something similar.

5.XML injection

Today I read news that major flaw found in Gooogle servers about XML injection. Till now I thought its not powerful as sql injection. But you can actually add new record (probably admin user) in directly database using XML. 
To perform XML injection, locate sign up form, entersingle colon ‘ or double colon “ just like sql injection. If it is not sanitized then it will throw XML exception. After stretching this we can even inject tag into XML & make it invalid.
Make sure you read concept “tag injection”.

For more information refer OWASP link https://www.owasp.org/index.php/Testing_for_XML_Injection_%28OWASP-DV-008%29

There are various tools available on internet for even more fun. Try these

Caja
Keyczar
Native Client (NaCl)
Ratproxy
Skipfish
DOM Snitch
Gruyere
Havij (for advanced SQL injection)


Make sure you use these tools responsibly. If you want to try them out make test server and try on ONLY your personal website.

Feel free to contact if you need any help or want to share anything new.

5 BEST FREE ANTIVIRUS 2013

"So, here we are.... In INDIA it's 23 DECEMBER and everyone is living well. No doomsday till now.... As I am getting lot of complaints of DMCA about content  on my blog (even I don't care) I thought its good to post FREEWARE's for some time.... YES we Indians love free....!!!!!"


 A computer virus can be programmed to do anything such as stealing sensitive information, locking up or slowing down the computer, data loss through corruption or deletion, and etc. With so many brands around and they all claim to be have the best detection and lightest in system resource, it is certainly not easy determining which is really the best. Billions of dollars are spent every year on antivirus software alone by enterprise because they know that computer virus can cause a lot of down time and making the company lose money. For HOME USERS most of antivirus companies offer cheaper versions or even FREE versions for non-commercial use.

After extensive testing on my netbook (Asus EEE 1000H) and my desktop. I have managed to make list of 5 antivirus which are free

1. AVAST FREE ANTIVIRUS
Recently avast! Free Antivirus has gained a lot of popularity and has even taken the first spot in CNET’s Download.com overtaking AVG and Avira. After installing avast! Free Antivirus on our test computer, it didn’t even feel like running a crippled slim down version of an antivirus program because it has all the features from the paid version except SafeZone, Firewall and Anti-spam. The comparison chart displayed on their website says that the sandbox feature is unavailable on the free version but in fact it’s actually still there.

Memory usage is very little for AVAST FREE and comes with extra features such as auto sandbox, boot-time scan, remote assistance, non-annoying browser protection plugins, 8 different real-time shields and cloud reputation service.


2.AVG ANTIVIRUS FREE
The free version of AVG AntiVirus "used to be" the most popular and well known free antivirus software and they are currently at the second spot after avast! Free Antivirus(Source: CNET). AVG has an updated GUI to match the Windows 8 modern UI. It helps protect your computer from viruses, malicious emails, web-based attacks, and identity theft. The anti-spam, firewall and performance fix functions are excluded from the free version.

I am annoyed by the whole installation process because it takes 3 steps to get it completely installed and updated. Firstly I need to download a small 4MB web installer to download the full installation file. After installation, there’s another 60MB of definition file (Update) to download. They do have the full distributable setup file buried somewhere deep in their website. Pay attention during install as the AVG Security Toolbar will install by default. Which really makes me angry.

3. AVIRA FREE
Avira is well known for its superior detection where it tags everything that moves silently in the Windows operating system. After installing Avira, you should see that most of the features are grayed out and only the button to enable/disable the real time protection against virus, trojan, spyware and malware is accessible.

Avira Free Antivirus used to rank number 1 but has dropped to 4 probably due to them embedding a toolbar and changing the web browser’s default search provider to ASK.com. Although the SearchFree toolbar by ASK.com can be opted out of during installation, it is with a cost of disabling the web protection feature. Moreover the daily notifier popups of recommending you to upgrade is a bit annoying as well.

4. ZoneAlarm 

ZoneAlarm (now owned by CheckPoint), well known for their firewall applications has added an award winning antivirus engine by Kaspersky. If you don't know Kaspersky, it's a shame. FOR those didn’t know, Kaspersky has always been a shareware that is at the top spots for independent detection rate tests even if they do not take the first place. Thanks to ZoneAlarm, they made it possible for anyone to use the excellent Kaspersky engine from their ZoneAlarm Free Antivirus + Firewall product. Most free antivirus software offers very minimal functionality other than the real time virus detection and protection but ZoneAlarm wins in this area by offering a really good antivirus engine, identity protection and a firewall for FREE if you need protection against hackers getting in to your computer.  

The user interface and settings are straight forward and not confusing. The game mode can be enabled from the Tools menu and you can even password protect the application to prevent against unauthorized access to the program.The reason I did not include Kaspersky to the list (even I am a big fan of Kaspersky) because even with greater protection it does not support offline support for updates. This is the feature still missing from last 4 years. As I always format my PC (don't call me paranoid) it is not feasible for me.

5. COMODO Antivirus

The free Comodo Antivirus is one of the very few that is allowed to be used at any place including commercial, educational and enterprise, unlike most of them are only allowed as personal use at home. It comes with 2 main modules which is the antivirus and Defense+. As for the Defense+, it is an additional protection to further protect your computer against unknown threats by running programs in sandbox, heuristic and behavior analysis, cloud scanning and etc. You can also turn on the game mode from the tray icon and protect the settings with a password.

Pay extra attention during installation because by default it makes a lot of changes to your system. The setup modifies your DNS server settings to COMODO SecureDNS,  At customize installation, you will see that it installs GeekBuddy for live support, and Dragon, a secure web browser by Comodo based on Chromium. Make sure you uncheck whatever that you don’t need. The installer itself is already nearly 100MB and the first time update will download a main definition file that’s nearly 100MB in size as well.

CONCLUSION:- 

Best Antivirus: AVAST FREE (CNET's No1, offline updates, less memory)

Best Antivirus+ Firewall: ZoneAlarm (Kaspersky engine, Simple UI)

Best Antivirus For Collages, Commercial Organizations: COMODO FREE

POST BY WAR379K ("the war prayer")

How To Secure Your Portable Devices

Now you can prevent your data from being abused in case of theft, loss or casual snooping in your portable devices.
There are many methods to protect your portable device (pen drive, flash drive, usb hard disk etc.). Here we've discussed world's most effective (and free) tools and techniques for protection.

*Picocrypt*
It is a small and extremely fast encryption utility that uses Blowfish encryption algorithm in CBC mode. It is easy to use and support multiple files drag-and-drop. In addition, it is portable, you can put it on your USB memory stick and run it anywhere you go! Very useful for users who want to keep their document secure on their computer or transfer over Internet using unsecure channel. It uses a 128-bits key. 

The main advantage of "PicoCrypt" is as name (pico), it is extremely small. The portable version is only of 13kb!! Also there is no installation needed. But it lacks in encryption speed of large files and GUI is not too good. But if you need only tool for protect your media then its good for you.

Hotlink:- http://www.picofactory.com/download/zip/free/software/pcrypt.exe


*Ninja Pendisk (aka USB Ninja)
Ninja is the popular and freeware program designed for guarding computers against viruses transmitted by USB pendisks. This ninja awaits quietly in the system tray for the times whenever a USB pendisk is inserted on the computer which will be examined to uncover the commonly malicious or virulent files known as “autorun.inf” and “ctfmon.exe” amongst many others.
To keep things simple, ninja is fully portable, self-contained and requires no installation. 

Besides removing known virulent files, this tool will also immunize your pendisk and create a folder called autorun.inf with special protection permissions to protect your pendisk from being infected again when plugged on contaminated computers.

Note that it is NOT file protection or encryption tool. It just saves your PC from being infected from any removable media. 

Hotlink:-http://reboot.pro/files/download/15-ninja-pendisk/

*USB Drive Antivirus*

USB Drive Antivirus provides fully USB security solutions , it not only allows you to prevent data leak from usb port, but also provides 100% protection against any malicious programs trying to attack via USB storage.

For me, if you don't have internet connection then just uninstall your resource sucking antivirus and install this, it will prevent viruses and other threats from outside world. The software is BEST. It also have many other helpful tools.

Features:

√ 100% protection against any threats via USB drives √ Detect and Clean USB virus in the infected system √ The best solution to protect offline computer √ The world's fastest and smallest USB antivirus software √ 100% compatible with other anti-viruses √ Pay once and get it all (All Updates FREE) √ Easy to use

It has 2 versions. One is Standard Version and another is Portable Version. I think portable version is best. Initially it is not free. But only for blog readers I am sharing my Lifetime License key....

Hotlink (Portable):- http://www.usbantivirus.net/down/USBAntivirusPor.zip

Hotlink(Standard):-http://www.usbantivirus.net/down/USBAntiVirus.zip  

License Info
Your Name:-WAR
Key:- YEX


*Nevious USB Antivirus*

USB drives are so popular and generally get used to move data between multiple systems frequently. Even though USB drives are very useful, they are potential breeding ground for viruses. When you stick your flash drive the host computer will look for commands in "autorun.inf" to be executed automatically. Normally those commands in "autorun.inf" are harmless, but if the file was modified, it may call for execution of a Trojan or whatever program in your USB flash drive automatically.
Naevius USB Antivirus is a tool which protects your pen drive from autorun-viruses. 

Hotlink:- http://www.naevius.com/files/usb_antivirus.exe


License Info
Your Name:- WAR379K
Key:- 393E3f4C529A9bBC9dB0b2D5eeEC10a17618b1C11d11F722b25827f2BB2e32DC3133463843B93fc43Es5741523337394B

Norton Anti-Virus 2012 & Norton 360 v5 Free For 90 Days

Norton is a well-known security brand. And the security products of this company are always ranked highly in the charts for best security software of the world. To Norton AntiVirus 2012, this official version of this edition has just released.  Norton AntiVirus is always popular as the lightest and fastest scan all kinds of malicious thread. 

Norton Antivirus 2012 Features

• Norton Protection System – provides four unique layers of powerful protection proven to stop online threats before they can infect your computer.
• Insight – checks where files came from and how long they’ve been around to stops new online threats before they can cause you trouble.
• Download Insight 2.0 – protects you from dangerous applications by telling you if an application may harm the health and stability of your computer before you download it.
• SONAR 4 Behavioral Protection – monitors your computer for suspicious behavior to more quickly and accurately detect and stop new threats.
• Norton Management – is cloud based so you can download, install, transfer, update or renew Norton products from anywhere right over the Internet.
• Network threat protection – detects threats as they travel over a network and eliminates them before they can reach your computer.
• Browser protection – smart protection springs into action as your browser begins to load to stop online threats before they can do any harm.
• Vulnerability protection – stops cybercriminals from using security holes (vulnerabilities) in applications to sneak threats onto your PC.
• Bandwidth management – limits non-critical Norton updates when you connect to 3G networks so it won’t eat up your monthly data allotment or cause overage fees.
• Norton Pulse Updates – updates your protection every 5 to15 minutes—without disrupting you—for up-to-the-minute protection against the latest threats.

Norton 360 v5 Features

• Insight — Instantly checks where files came from and how long they’ve been around to identify and stop new crimeware fast for industry-leading online threat detection.
• PC tuneup — frees up memory so applications start up and run faster, and removes unnecessary files to improve hard drive performance.
• Automated backup — securely and automatically backs up your photos, videos, music, financial documents and other important files.
• Norton Safe Web Social Media Scanner — lets you check your Facebook Wall and News Feed for bad links and other threats from your Norton Control Center.
• Proactive Performance Alerts — let you know when an application is slowing down your PC so you can make changes to improve performance.
• Parental controls management — provides the latest updates on your kids’ online activity from your Norton Control Center, so you can help keep them safe from online dangers

 In the cooperation between Microsoft and Symantec, they offer the full download link of Norton Antivirus 2012 for Microsoft’s users. You can use this software for free in 90 days.

For Norton Anti-Virus  (99 MB)
http://buy-download.norton.com/akdlm/dm/estore/downloads/OEM/18.1/NAV_18.1.0.37_MS_LOEM_MRF1325A_5452.exe?LNG=EN&None&fileExt=.exe


For Norton 360 v5 (154 MB)
http://buy-download.norton.com/akdlm/dm/estore/downloads/OEM/N360/5.0/N360_5.0.0.125_MS_LOEM_MRF1441_5671.exe?LNG=EN&None&fileExt=.exe

These are Direct Server links. (HotLinKs)

By WAR379K

Review: IObit Unlocker (Solution for "cannot delete file or folder")

Often when we try to delete a file or folder in Windows, we see annoying messages such as "Cannot delete file: Access is denied;" "Cannot delete folder: It is being used by another person or program" "There has been a sharing violation;" "The source or destination file may be in use;" "The file is in use by another program or user;" "Make sure the disk is not full or write-protected and that the file is not currently in use;" or "Cannot read from the source file or disk." This is usually because the file or folder is in use by another program or user. IObit Unlocker is an ideal tool for such situations. It releases the file or folder that's in use by other programs and allows you to quickly remove or modify it.


I was on the mission to find best Unlocker software from many days. Because no software is able to delete some files and folders on my computer.  Recently IObit has released an UNLOCKER software called IObit Unlocker which seems to do the same thing as The Unlocker, but it is definitely smarter and coded to work with the latest Windows 7. Most of the time there are two ways to use these file unlocking software. You can either right click on the locked file and select the software from the context menu, or drag and drop the locked files to the software. The IObit Unlocker is way better than Unlocker or FileAssasin or even codesector's software. It seems to really nice software.

IObit Unlocker is free and works on Windows 2000, XP, Vista, 7 on both 32bit and 64bit. It can also unlock drive letters, useful for USB flash drive.


FEATURES

Extremely Easy to Use

Simply right click on the locked file or folder or just drag and drop the file or folder into IObit Unlocker to unlock it. Just one click will solve the problem "Access Denied" problem.

Quick Post-Unlock Options

You can choose from "Unlock & Delete", "Unlock & Rename", "Unlock & Move", or "Unlock & Copy" to easily carry out your requirements.

Unlock Multiple Files/Folders

IObit Unlocker supports unlocking multiple files or folders on your desktop or else where at the same time.

Terminate All Related Processes

IObit Unlocker can terminate all related processes that lock the file or folder when switching to "Forced" mode.

Safe and Secure

IObit Unlocker is safe and secure, and is 100% free of malware.

(Source: iobit.com)

Though surprisingly it has no portable version, from all features I found best feature is it is FREE also easy to use interface. And it is very good software for freeware. Generally we've seen that freeware is just above average softwares. 

Direct Download Link

http://download.freenew.net/unlocker-setup.exe

IDM Extention Problem with Firefox 4 - Solved

                     Like a million users of Internet download manager (aka IDM) i love IDM. Especially IDM's most powerful addon that allows users to download videos, music or any streaming media directly. But after updating Firefox from 3.6 to 4.0 most of the extentions (addons) didn't work. I've searched and tested most of alternative software's for IDM like Free Download Manager(FDM), Flashget, Orbit downloader, Download Accelerator Plus (DAP) but none of them has capability to download "streaming" media. So after a while, I've found a external addon of IDM on Firefox site. But still it gave me an error that Firefox 4 is not supported. 

             So, i've fetched a DIRECT link of extension from IDM's server using Websniper and other tools. I'm going to share with yo all guys!!! Just click on the link and "allow" it. 


Prerequisites:- Firefox 4 (installed)
                        IDM (any version)

LINK:-
http://www.internetdownloadmanager.com/idmmzcc/idmmzcc.xpi

WAR379K@GMAIL.COM

----------------- Media Player WARS -----------------

There are many things we need to consider when we choose media player for pc. Its speed, full support of all formats, expandability, various options and ease of use. I've tested few media players based of these criteria.



KM PLAYER

For Windows XP, all i can say this is THE one. Don't ever think about other media player. Personally I've been using this player for over 3 years and it never caused any problems. The best thing is it has many many options and dedicated hotkeys at keyboard. As you use it again and again you'll come to know. Also it supports almost all popular formats even MKV. Only problem occurs with Windows Vista and Windows 7. I don't know why it hangs down whole system while forwarding a movie (especially HD). But i am looking forward from new versions of KM player.
Download link
http://kmplayer.en.softonic.com




GOM PLAYER

I never used it on my pc. But it is again best player as per my friends. It is widely used player after VLC. I cannot give you other deails. Just use it and let others know. But its gotta be good.
Download link
http://www.gomlab.com/eng/GMP_download.htm





VLC (VIDEO LAN) MEDIA PLAYER

Best feature of VLC is full support of ANY media format. Its world's best media player and it has a big reputation too. You can definately use it on any windows based platform without a problem it only lacks hotkeys. Otherwise simply best!

Download link
http://www.videolan.org/vlc/

A WAR RELEASE

FLAG COUNTER AND FLAGS AMONG US

Flag Counter

 If you are crazy about your blogging and wants to promote it and also make it attractive then on my personal recommendation you can definitely use 'Flag Counter" and "Flags Among Us". These two are gadgets for personal websites and blogs.

The first one Flag Counter is just a online counter. Every time someone from a new country visits you, a flag will be added to your counter. Not only will this make your site far more interesting, but clicking on your Flag Counter will reveal amazing information and charts!. It is a free gadget and if you want additional feature, of course you have to pay. But on my openion, free features are enough for even regular blogger.


Flags Among Us

The second one is Flags Among Us which good gadget from whois.among.us. It gives a graphical map description. And again its free for basic use. You can merge these two gadgets as i did in this blog. Use it for free and get vivid stats from both. You have to just register for free at their respective sites first to save and control data.

http://flagcounter.com/
http://whos.amung.us