Computer Security

How To Removed Right Click In my Blog

2010-02-23T01:18:00.000-08:00

These days I write about How To Removed Right Click In my Blog!, This article was made because I want to protect this blog from people who want to copy the article in it, although I realize a lot of people I post articles here.

Part of people may be able to do copypaste articles from my blog the other way. but at least it can provide some protection against the writing in this blog.

The following are ways to protect this writing.
Step 1 : Go to Dashboard > Layout > Add Gadget > HTML / JavaScript
Step 2 : Copy the following code and paste it there .

Step 3 : Save the html/javascript and view you blog.

<script language="JavaScript">

</script>

when you try to do right click on your blog will display the message '"I has been remove right click in this blog!", good luck. leave your comment:)

How to Removed FAKE ANTIVIRUS

2010-02-18T08:00:00.000-08:00

This is not new news, but this important for you, you can read this... check this out :)

There is a new fake antivirus software, this time is it known as Antivirus Live. Unlike other fake antivirus, Antivirus Live was created with the intention of cheating you out of your money by making you believe that your computer is infected with lots of virus, imaginary non-existence viruses. You are then scared into buying a ’solution’, what you need to do now is to remove this antivirus.

Below is a simple step by step tutorial on how to remove Antivirus Live:

Download SuperAntiSpyware and MalwareBytes.
Reboot your computer into safe mode.
Install SuperAntiSpyware and perform a deep scan.
Reboot your computer into safe mode again when you’re done with SuperAntiSpyware.
Install MalwareBytes and perform a full system scan
Reboot again and install a good antivirus, Microsoft Security Essentials is a good choice.

p.s. Make sure you scan your thumbdrive too, in most cases, the virus will copy itself to the thumbdrive.
p.s. never download and install unknown antivirus software.

You may want to try the following antivirus – Free 90 Days Norton Internet Security and Antivirus 2010 and Avira AntiVir Free

Source : http://www.geckoandfly.com

Best User Antivirus People in the world

2010-02-17T10:14:00.000-08:00

NOD AntiVirus

NOD32 earns accolades from users and experts for effectiveness and performance. Reports say that software conflicts are rare and that the program won't noticeably slow down your computer. Virus protection is first-rate according to tests. The user interface notably improved in the previous version, and version 4 brings further improvements, making NOD32 easy to use. Unlike most antivirus software, user reaction and satisfaction is very positive.

Best antivirus software

Excels at preventing viruses
Low system drain
No software conflicts
Improved user interface

Doesn't include firewall protection
Relatively expensive

*-------------------------------------------------------------------------------*

AVG AntiVirus

Professional reviewers conclude that AVG Anti-Virus Free Edition is the best of the free antivirus programs, and it is handily the most popular as well. No substantial reviews compare free and commercial programs, but reviews of the commercial version of AVG provide one yardstick. That program fares poorly when compared with Norton and NOD32, among others. AVG and other free programs offer much less user control than commercial programs, but users swear they work. If you're diligent and careful about your personal security practices, free antivirus software might be enough.

Free Antivirus Software

Free
More effective than other free software

Not as customizable as paid antivirus programs
No tech support

*-------------------------------------------------------------------------------*

Norton Antivirus

Security suites bundle antivirus and anti-spyware software, a firewall and other components into a single program. Reviewers like Norton's Internet Security 2009's new simplified interface and the fact that most operations occur seamlessly in the background. User reviews indicate that it's quick to install with minimal impact on system performance. The biggest advantage of using a security suite instead of separate antivirus, firewall, anti-spyware and other security applications is that the potential for software conflicts is eliminated. However, reviewers note that Norton is best used as a standalone application; users report conflicts with other brands of security software.

Security suite with antivirus software

Excellent virus detection
Fast and easy to use
Free online support
Suite minimizes conflicts with other security programs

Poor anti-spam performance
Frustrating technical support
Parental control is a separate download

Keep Secure your Ubuntu

2010-02-17T09:27:00.000-08:00

As a system administrator, one of your chief tasks is dealing with server security. If your server is connected to the Internet, for security purposes, it's in a war zone. If it's only an internal server, you still need to deal with (accidentally) malicious users, disgruntled employees and the guy in accounting who really wants to read the boss's secretary's e-mail.

In general, Ubuntu (and expecially Ubuntu) Server is a very secure platform. The Ubuntu Security Team, the team that produces all official security updates, has one of the best turnaround times in the industry. Ubuntu ships with a no open ports policy, meaning that after you install the machine -- be it an Ubuntu desktop or a server -- no applications will be accepting connections from the Internet by default. Like Ubuntu desktops, Ubuntu Server uses the sudo mechanism for system administration, eschewing the root account. And finally, security updates are guaranteed for at least 18 months after each release (five years for some releases, like Dapper), and are free.

In this section, we want to take a look at filesystem security, system resource limits, dealing with logs and finally some network security. But Linux security is a difficult and expansive topic; remember that we're giving you a crash course here, and leaving a lot of things out -- to be a good administrator, you'll want to learn more.

User Account Administration

Many aspects of user administration on Linux systems are consistent across distributions. Debian provides some convenience tools, such as the useradd command, to make things easier for you. But since Ubuntu fully inherits Debian's user administration model, we won't go into detail about it here. Instead, let us refer you to the O'Reilly Web site for the basics. After reading that page, you'll have full knowledge of the standard model, and we can briefly talk about the Ubuntu difference: sudo.

Ubuntu doesn't enable the root, or administrator, account by default. There is a great deal of security benefit to this approach and incredibly few downsides, all of which are documented at the man pages for sudo_root.

The user that you add during installation is the one who, by default, is placed into the admin group and may use sudo to perform system administration tasks. After adding new users to the system, you may add them to the admin group like this:

$ sudo adduser username admin

Simply use deluser in place of adduser in the above command to remove a user from the group.

One thing to keep in mind is that sudo isn't just a workaround for giving people root access. It can also handle fine-grain permissions, such as saying, "allow this user to execute only these three commands with superuser privileges."

Documentation about specifying these permissions is available in the "sudoers" man page, which can be a bit daunting -- feel free to skip close to the end of it, until you reach the EXAMPLES section. It should take you maybe 10 or 15 minutes to grok it, and it covers a vast majority of the situations for which you'll want sudo. When you're ready to put your new knowledge to use, simply run:

$ visudo

Be careful here -- the sudoers database, which lives in /etc/sudoers, is not meant to just be opened in an editor, because an editor won't check the syntax for you! If you mess up the sudoers database, you might find yourself with no way to become an administrator on the machine.

Filesystem Security

The security model for files is standardized across most Unix-like operating systems, and is called the POSIX model. The model calls for three broad types of access permissions for every file and directory: owner, group and other. It works in exactly the same way on any Linux distribution, which is why we won't focus on it here. For a refresher, consult the man pages for chmod and chown, or browse around the Internet.

We want to actually look at securing partitions through mount options, an oft-neglected aspect of dealing with system security that's rather powerful when used appropriately. When explaining how to partition your system, we extolled the virtues of giving, at the very least, the /home, /tmp and /var directories their own partitions, mentioning how it's possible to use special options when mounting these to the filesystem.

Many of the special mount options are filesystem-dependent, but the ones we want to consider are not. Here are the ones that interest us:

nodev A filesystem mounted with the nodev option will not allow the use or creation of special "device" files. There's usually no good reason to allow most filesystems to allow interpretation of block or character special devices, and allowing them poses potential security risks.

nosuid If you read up about Unix file permissions, you know that certain files can be flagged in a way that lets anyone execute them with the permissions of another user or group, often that of the system administrator. This flag is called the setuid (suid) or the setgid bit, respectively, and allowing this behavior outside of the directories that hold the system binaries is often unnecessary and decreases security. If a user is able to, in any way, create or obtain a suid binary of his own choosing, he has effectively compromised the system.

noexec If a filesystem is flagged as noexec, users will not be able to run any executables located on it.

noatime This flag tells the filesystem not to keep a record of when files were last accessed. If used indiscriminately, it lessens security through limiting the amount of information available in the event of a security incident, particularly when computer forensics is to be performed. However, the flag does provide performance benefits for certain use patterns, so it's a good candidate to be used on partitions where security is an acceptable trade-off for speed.

Deciding which mount options to use on which partition is another fuzzy science, and you'll often develop preferences as you become more accustomed to administering machines. Here's a basic proposal, though, that should be a good starting point:
• /home-nosuid, nodev
• /tmp-noatime, noexec, nodev, nosuid
• /var-noexec, nodev, nosuid

System Resource Limits

By default, Linux will not impose any resource limits on user processes. This means any user is free to fill up all of the working memory on the machine, or spawn processes in an endless loop, rendering the system unusable in seconds. The solution is to set up some of your own resource limits by editing the /etc/security/limits.conf file:

$ sudoedit /etc/security/limits.conf

The possible settings are all explained in the comment within the file, and there are no silver bullet values to recommend, though we do recommend that you set up at least the nproc limit, and possibly also the as/data/_memlock/rss settings.

TIP: A Real-Life Resource Limit Example

Just to give you an idea of what these limits look like on production servers, here is the configuration from the general login server of the Harvard Computer Society at Harvard University:

as 2097152 data 131072 memlock 131072 rss 1013352 hard nproc 128

This limits regular users to 128 processes, with a maximum address space of 2GB, maximum data size and locked-in-memory address space of 128MB, and maximum resident set size of 1GB.

If you need to set up disk quotas for your users, install the quota package, and take a look at its man page.

System Log Files

As a system administrator, the system log files are some of your best friends. If you watch them carefully, you'll often know in advance when something is wrong with the system, and you'll be able to resolve most problems before they escalate.

Unfortunately, your ability to pay close attention to the log files dwindles with every server you're tasked with administering, so administrators often use log processing software that can be configured to alert them on certain events, or write their own tools in languages such as Perl and Python.

Logs usually live in /var/log, and after your server runs for a while, you'll notice there are a lot of increasingly older versions of the log files in that directory, many of them compressed with gzip (ending with the .gz filename extension).

Here are some log files of note:
• /var/log/syslog - general system log
• /var/log/auth.log - system authentication logs
• /var/log/mail.log - system mail logs
• /var/log/messages - general log messages
• /var/log/dmesg - kernel ring buffer messages, usually since system bootup

Your Log Toolbox

When it comes to reviewing logs, there are a few tools of choice that you should become familiar with. The tail utility prints, by default, the last ten lines of a file, which makes it a neat tool to get an idea of what's been happening last in a given log file:

$ tail /var/log/syslog

With the -f parameter, tail launches into follow mode, which means it'll open the file and keep showing you changes on the screen as they're happening. You can now easily recreate the Hollywood hacker movie staple: text furiously blazing across the screen.

Also invaluable are zgrep, zcat and zless, which operate like their analogues that don't begin with a "z" but on gzip-compressed files. For instance, to get a list of lines in all your compressed logs that contain the word "warthog" regardless of case you would issue the following command:

$ zgrep -i warthog /var/log/*.gz

Your toolbox for dealing with logs will grow with experience and based on your preferences, but to get an idea of what's already out there, do an apt-cache search for "log files."

A Sprinkling of Network Security

Network security administration is another feature provided largely by the OS, so it's no different on Ubuntu than on any other modern Linux distribution. That means we won't cover it here but will leave you with a pointer.

The iptables command is the front end to the very powerful Linux firewall tables. Unfortunately, dealing with iptables can be rather difficult, particularly if you're trying to set up complex firewall policies. To whet your appetite, here's iptables in action, dropping all packets coming from a notorious time-sink domain:

$ sudo iptables -A INPUT -s www.slashdot.org -j DROP

Tutorials, how-tos, and articles about iptables are available on the Internet in large numbers, and the system man pages provide detailed information about all the possible options. Spending some time to learn iptables is well worth it, because it'll let you set up network security on any Linux machine, and will make it pretty easy for you to learn other OS firewall systems if need be.

Final Words on Security

We've barely even scratched the surface of system security in this article, though we've tried to give you good pointers on where to start and where to get the information you need to learn more. But let us give you some sage advice on security in general, since it's a painful truth to learn: There is no such thing as a fully secure system. Securing systems isn't about making it impossible for a breach to occur. It's about making the breach so difficult that it's not worth it to the attacker. This definition is pretty fluid, because if your attacker is a bored 14-year-old sitting in a basement somewhere chewing on cold pizza, you can bet that he'll leave your system alone if it's even marginally secure. But if you're keeping around top secret information, then it's a lot more difficult to have the system be secure enough that breaking into it isn't worth it, from a cost/benefit point of view, to the attackers.

Security is also neat because, as a concept, it permeates the entire idea space of computer science. Getting really good at security requires incredibly deep understanding of the inner workings of computer systems, which has the nonobvious advantage that if you're trying to get a deep understanding of computer systems but don't know where to start, you can start with security and simply follow the trail. Use this to your advantage!

Source: August 24, 2006 (Computerworld) -- This article is excerpted from The Official Ubuntu Book by Benjamin Mako Hill, Jono Bacon, Corey Burger, Jonathan Jesse and Ivan Krstic, copyright Prentice Hall. Reprinted with permission of Prentice Hall, all rights reserved.

ALL Command "DIR" in DOS PROMPT

2010-02-16T01:26:00.000-08:00

DIR command is a DOS command that serves to display the files in a drive or folder is active.

This command is similar to the Copy command in the previous posts both on the run from the prompt drive.
This command is most often used for those who are accustomed to dealing with Command Prompt, do not continue to read, but for those who are unfamiliar please read carefully and try to practice the commands I give here.

Before executing the command DIR there are some things that must be understood as an active drive, the current folder.
Active Drive is the drive currently being accessed, as well as the folder is a folder that is used or diakes today.
How to do I know if the folder is active or being accessed at this time? Here's how to explain my logic, Suppose you from windows click Start - Run then type cmd and press enter when the cursor is (the sign minus karakater shaped guide flashing) is at C:\Document and Settings\user> then the current drive is now drive C and the current folder is the folder \Documents and Settings\ and sub folders on the \user>. and \user> usually can be changed to another name as a user in your computer.

So if you give DIR command (the command with a lowercase letter may be all), then all files and directories that display the files and folders in the sub folder \User>.

Various forms of DIR command, try the command (yellow) as the experimental materials and the early exercise to try in windows directory and then run the command below, do type the command: cd \windows and press Enter.

DIR and press command to display all files and all extensions

DIR *.* Enter, the command to display all files and all extensions

DIR? O *.* Enter, the command to display the file name from the left second letter is the letter O and the subsequent extensions free encyclopedia

DIR?? M *.* enter, the command to display the files from the left third letter is the letter m and the free extension

DIR *. c * Enter, the command to display the files and free the file name extension first letter is the letter C

DIR? O *. c * Enter, the command to display the file name both the letter of the file name is the letter O and the first letter of the extension is the letter c

DIR ?????.* Enter command to display the file names that only have 5 (five marks) or smaller letters, and free extensions

DIR *.?? Enter, the command to display files with the file name extensions freely while only 2 (two) letters only.

Maybe that's part of DIR command I can give, for later you can try with variations wildcards (special caracter * and?) On the DIR command to suit your needs.

Good luck with your practice with DOS commands

How to looking for bad sectors in your hard drive

2010-02-15T06:20:00.000-08:00

Your computer slow? or even frequently hangs? if it happens, there are many causes that can cause your computer to be slow in part because infected by the virus, the data stored on the hard disk capacity is too large for example in the form of films, photographs, while also could be because your hard disk sector is bad already, so the data access process occurs when the computer is in turn susceptible to interference on the bad sectors so that the process of reading or writing data on hard disk media to be slow due to bad sectors affected by this.
There are several ways to find out whether we have hard disks with bad sectornya or not, can use the DOS command CHKDSK as in our practice today or could also use a software utility like Partision Magic, or any other.
As I gave at the top that this time we try to do simple checks on your hard disk to see our state of the hard disk is really healthy or being sick (sick with bad sectors...)

Perform the following ways to check on your hard disk.
From Windows, click Start menu - All Programs - Accessories - Command Prompt or it could be a way Click the Start Menu - Run, then type CMD and enter. The second command above to lead us to the window or command prompt window.

Command Prompt by typing the command CHKDSK C: (orders must use small or large letters the same) and then enter, this command to find out or check the hard disk in drive C. Note the picture below.

Press Enter and show like this picture :

From the image above to inform the form:

Total Disk Space, stated the maximum amount of capacity hard disk
N Hiden Files (n declare certain value), said scale capacity used by the files hidden (the hidden files are usually files the operating system)
N Folders, said the number of folders that are in a drive
N Files, declare n / number of files inside a single drive
Bad Sector, said the number of bytes affected by bad sectors in a drive (if 0 (zero) bytes means your hard drive is healthy and the bar is greater than 0 (zero), then your hard disk already exists Bad Sector him so watch out for the the bad sector data is the possibility of damage can occur at any time)
Available, stated hard disk capacity in a single drive that can still be used to store data.

Lets try guys :)

How to disable Autorun In Drive Computer

2010-02-11T22:26:00.000-08:00

we must have a lot of what's known computer viruses and computer viruses are often spread through a kind of intermediary data traveler flash disk or CD games and the like. computer viruses are very dangerous if we are not able to control its spread. and now all that can be a bit overcome by disabling the autorun in flash disk or a frequent traveler data connected with our computers.

The following are steps to disable this autorun:

1. Click the Start button - Run.
2. Type gpedit.msc and press OK.
3. Click on User Configuration - Administrative Templates - System.
4. Click 2x on the Turn Off Autoplay.
5. Click on the Enable option.
6. At the option Turn off Autoplay on, select All drives.
7. Click OK.
8. Done.

good luck guys :)

Excel Tutorial Part. 2

2010-02-11T19:38:00.000-08:00

This time we will start by creating a table in Microsoft Office Excel, before starting I explain a little about the CELL. Tues where the intersection between the column and row, for example, you place the pointer at the C column and row to the four it would read "pointer is on C4 cells".

Okay now let's start with our lesson today is to get a table.

First run your Microsoft Office Excel by clicking Start - All programs - Microsoft Office - Microsoft Office Excel 2003 (for those who use another version of Microsoft Office such as Microsoft Office 97, Microsoft Office 2000, Office XP Office Microsoft, not a problem). note the following images :

After the worksheets are in Microsoft Office Excel, make a table like the following picture:

How:
Place the pointer on the cell B3 and then type in Table 1 and Enter
Next place the pointer on cell B5 and typing NO then Enter
The next step place the pointer in cell B6 and type the numbers 1 (do this step until the cell B10 to make Number Sort).

After a number Sort, now we make a column name, the way same way over the place the pointer on the right C5 No. column on the right.
Do this until the complete address and the City so the result will look like the picture above.

When finished making the table above, now we must set the column width to fit the width of the data (text / number) that the inputs on each of each cell.
The trick is:
Because here we are just changing the column width for the placement of the pointer must be akolom pad that will be changed in size, while the line-free. Suppose you want to change the width of column B aka pointer must be in column B and the line could be in line 1, 2, 3 and so on until the very last row.

Change column Table 1 above that you created with the following sizes:
Column B: 4.43
Column C: 12
Column D: 22
Column E: 12
How: to change the width of column B, place the pointer in cell B1 or B2 or B3, and so on and then click the Format menu - Column - Width, and then enter or type the number for the column width of 4.43 and press Enter. View images :

After changing the width of column B, then change the width of column C = 12, D = E = 22 and 12 do follow the way to change the width column B above.

After all, save the file with the file name TABEL1.XLS, by clicking File Menu - Save As and then typing the name TABEL1 file and click save.

Repair registry editor in Your Computer

2010-02-08T20:46:00.000-08:00

Your PC is just like a machine, the defense needs to be working in perfect condition. And, one of the most significant jobs you have to do is regular maintenance to repair your registry. Windows Registry on your computer is a file cabinet, storing all the information the Windows operating system plus application system. But as the filing system, when the cabinet is often dismantled pairs of its contents, at some point he will become a mess and rubbish everywhere. If it so it becomes increasingly difficult to detect computer information necessary to do the job efficiently. Archiving registry repair computer software, identify the files that are no longer required is routine work to be done.

Windows already has a way to remove the garbage that is not valid in the registry, called the Registry Editor or regedit. This application allows you to view and delete registry entires that are not valid anymore. Unfortunately, unlike the clear office files are labeled, is not easy to know and often have strange names such as HKEY_CURRENT_USER MicrosoftWord Applications that do not indicate if they are needed or not, then you do not know if it is safe or not to delete it. In fact, even more profesionalpun computer users will not use regedit to clean the registry. They rely on software from third-party developers.

Registry repair software is best to not only to remove rubbish from the registry, it must also correct errors that always arise. Such errors occur when, for example, a program installed and uninstalled but uninstalled junk files are still there, aka accumulate. When finished scanning, the software should indicate the file is invalid and obvious errors, so you can make good decisions if the key is removed or left alone.

When deciding which registry repair software is best for you, you should use criteria such as user-friendly, easy installation and a short time, feature set and support and help available in everyday language understandable to the user. And most significantly, the use of cleaning must have security features such as backup function that allows you to restore the registry to a previous state in case of important files accidentally deleted.

Some registry repair software best available as a free download, so you do not need to invest money to make this vital maintenance tasks. But if you're willing to take the commercial registry software is also good because it'll make other important system changes, there are free trial versions that you can get to test. If you find a registry cleaner that allows you to run a scan of their site without downloading, you may be able to test their software. After you finally select the registry repair software is best and right for your computer skill level, always make sure you have backed up your registry and all the important information in your drive.
In conclusion, treating the registry was not easy then you need software registry. Good luck!

Showing the screen saver tab is hidden

2010-02-08T08:20:00.000-08:00

While my blog suddenly appeared a short message on my Hanphone coming from one of our friend loyal blog visitors Computer Science Learning which was about to ask a question that occurs to the laptop.

The problems presented by him that the screen saver on his laptop missing alias does not appear in the display properties.

Problems like this myself yet know exactly what caused the problem but the truth is a screen saver may be lost due to accidentally disabled person may also own a friend who was idly toying with you. If the screen savernya accidentally or lost due to accidental by the person to return the matter was simple.
What is meant by a screen saver here is the Screen Saver tab is shown in the Display properties window is not a screen saver view or display a screen saver.

Screen Saver tab can be displayed or it can also be hidden, it is very helpful in keeping our computers not as good for people to change the settings of personal computers let alone computers. What if the screen saver is modified by someone else using the object, image or pornographic images or images that are not feasible. It's changed back to display the screen saver is not difficult, but if this will be done in the workplace by fellow idle and eventually it caught the boss can be a big deal.

In order not to get to the green table mending the Screen Saver tab to hide it. To hide or display the Screen Saver tab again please follow the following way:

Click the Start menu and select Run
Type gpedit.msc and press ENTER / OK to enter the Group Policy window
Click the sign + (plus) on the left User Configuration
Click the + sign on the left Administrative Templates
Click the + sign on the left Control Panel
Click Dipsplay
In the right window double-click on the Hide Screen Saver tab to go to the Hide Screen Saver Tab Properties
Select Enabled to display the Screen Saver tab
Select Disabled to hide the Screen Saver tab (select sala one no. 8 or No. 9)
Click OK
Close the window Tab Screen Saver Hide Properties
Close the Group Policy window
Done

Easy is not how to display the screen saver tab is missing or hide screen saver tab. Good luck hopefully useful. [compsecured.blogspot.com]

How To Booting From CD-Rom change BIOS Setup

2010-02-08T06:00:00.000-08:00

Once the software installation on computers made by using the floppy, but this time was much different that using the compact disk (CD). Cd can be stored in many kinds of programs and drivers.

Because now all programs are stored on the CD then the boot process must also be through the cd, but the problem is setting the BIOS (basic input / output system) to the default state does not lead to a cd rom boot, so there are still many who do not know how to change the boot order in the BIOS so the CD is the first priority when booting.

To enter the BIOS menu different way someone using DEL key is using the F2 function key and others are using a variation of 2 key on the keyboard, but it can be seen in the bios first read and seen on the monitor.

If the boot process too quickly, so you do not have time to read or even press the button to enter the bios then you should press the Pause / Break on your keyboard to pause the boot process, this is done so that we could read the instructions that can be done to get into Hereinafter in the BIOS menu.

In this article we use the DEL key is more common today.
Initial steps to enter the BIOS menu is blaming a computer, by pressing the computer power, note the blinking lights on the keyboard then press the DEL key multiple times with the intention that you are not late pressing the DEL.

Once inside the BIOS menu menu note Advanced BIOS Features option, there are First Boot Device option. Drag the cursor and place it on the First Boot Device selection and do a boot media by using a plus sign (+) or minus (-). Because at this time we practice to boot using the cd then choose the CD-ROM as first boot media.

The next step is to click Esc on your keyboard to exit the BIOS menu Advaced Feature and primary human return to the BIOS. From the BIOS main menu select Save & Exit Setup and then select Y (yes) and press Enter to exit the BIOS menu and do Booting.

Now your computer will always read the cd-rom as the boot process on your computer that you made the change, if you want to restore booting from the cd-rom to your hard disk, then step into the same setupnya BIOS and change the First Boot Device to Hard disk.

How To Hide Drive Computer? Check This Out

2010-02-08T05:47:00.000-08:00

There are many ways to secure data is not easily found by other computer users. Let's say there is no data in the form of photographs or documents for adults who do not deserve shown to the children would have to hide it so as not easily be found by the children. The father of a laptop may be used by the children but of course there is a limit not to the father discovered the secret of all.
Frequently used way is by protection of file or folder by giving password, but this way is still considered very inconvenient because every time you open a file or folder must be busy with typing a password.

for us computer users is very important data so that every person who has the data will always try to keep data safe from interference perceived hands ignorant. Moreover, these data are confidential data.

Here is one way to avoid the reach of children from the secret files in order not to consume the children.

Follow these steps to hide a hard disk drive.

Prior to hide drives are advised to make a special drive to store files that are considered confidential, which will be hidden drive let's say the drive is drive D: \>

Suppose that the computer has 3 fruits such as drive A drive (Floppy disk), drive C (Hard Disk C) and Drive D (Hard Disk D)

Of the three drives that would be hidden on the D drive (hard disk D).

Way as follows:

Click the Start menu, Run and type gpedit.msc and press ENTER or click OK.
Click the + (plus) on the left User Configuration
Click the + sign on the left Administrative Templates
Click the + sign next to the left of the Windows Components
Click Windows Explorer
Double-click thesive Hide specified drives in My Computer
On the Settings tab select the Enable
Click OK

Close Windows Explorer and refresh or restart your computer and reopen Windows Explorer, then dive which had been hidden will not be visible.
Even if the file does not seem to drive but to open the drive is not difficult because only with type D: and then press ENTER then the D drive will appear.

A few tips from the blog Learning Computer Science this time to hide the drive and hopefully useful.

Excel Tutorial Part. 1

2010-02-05T07:36:00.000-08:00

Introduction to Microsoft Office 2003

What is microsoft Office Excel? Microsoft Office Excel is a spreadsheet program or the software company's issued by microsoft. Application program features the calculations and graphs.

Workbook to know Microsoft Office Excel
Consider the following picture and read the information below in accordance with the serial number which I gave a red color.

Title Bar / Line Title, the title bar microsoft office excel to display the name of the program being used is Microsoft Office Excel and Book1 workbook states that 1 (one).
Menu Bar / Line menu, where the menus can be used in office excel micrsoft
Tool Bar / Line Tool (components), the components or the commands represented by the images a certain image to help users to more quickly excel in their work
Name Box / box name, said the active cell, for example, are on bari pointer to column 2 to B then the Name Box displays the B2
Formula Bar / Line Formula, a line to display or type of formulas or typed formulas in the worksheet
Column / Column, line stating that the columns in the beginning of Alphabet A through IV
Row / Line, which states the order of lines starting from 1 to 65,535
Workspace / Worksheet, the area where tables are used to make calculations or graphs
Pointer, rectangular box or a dark color called pointer states of cells (cell) is active for typing something into the worksheet.
Sheet, said the order page working, if the white sheet sheet / page is active and when the writing sheet of gray is not the active sheet.
Status Bar / Line Status, which provides line information about the use of microsoft excel, and information pengggunaan keys / keyboard keys

how to change unwritable be writable in joomla

2010-02-04T20:51:00.000-08:00

In accordance with the title of this article is configuration.php unwritable, is a problem sometimes encountered in managing the website made with joomla. Incidentally today I experienced it myself that I can not make improvements or changes to the joomla global settings.

because I finally found the problem started surfing with Google, known for its speed in finding something of information and ultimately the results of my surfing led to a result so I can change the status of configuration.php to unwritable once can I change them to writable.

To find out how to change the configuration.php writable joomla to follow tips to change permissions on the following cpanel.

After finding the file, the name kllik configuration.php file and then look at the window located on the right there is the option Show the file, Delete File, Edit File, Change Permissions, Rename Files, Copy File, Move File. Because we want to change the permissions then click on Change Permissions.

then came the default configuration.php as shown in the picture below :

Change like this :

After giving a check mark or contreng an empty box, the last step is to make storage configuration.php file by clicking on the Change.

Logout from cpanel and then try again to edit and do global storage settings. Global settings can be edited and updated.

Good Luck :)

Dos command to format the hard drive and other drives in Your Computer!!

2010-02-04T06:10:00.000-08:00

The following is an example command to format the hard disk, flash disk, floppy disk on the computer, reading good friends.

FORMAT volume [/FS:file-system] [/V:label] [/Q] [/A:size] [/C] [/X]
FORMAT volume [/V:label] [/Q] [/F:size]
FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors]
FORMAT volume [/V:label] [/Q] [/1] [/4]
FORMAT volume [/Q] [/1] [/4] [/8]

volume : Specifies the drive letter (followed by a colon), mount point, or volume name.
/FS : filesystem Specifies the type of the file system (FAT, FAT32, or NTFS).
/V : label Specifies the volume label.
/Q : Performs a quick format.
/C : Files created on the new volume will be compressed by default.
/X : Forces the volume to dismount first if necessary. All opened handles to the volume would no longer be valid.
/A : size Overrides the default allocation unit size. Default settings are strongly recommended for general use. NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K. FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K, (128K, 256K for sector size > 512 bytes). FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K, (128K, 256K for sector size > 512 bytes). Note that the FAT and FAT32 files systems impose the following restrictions on the number of clusters on a volume : FAT: Number of clusters <= 65526, FAT32 : 65526 <>
/F:size : Specifies the size of the floppy disk to format (160, 180, 320, 360, 640, 720, 1.2, 1.23, 1.44, 2.88, or 20.8).
/T : tracks Specifies the number of tracks per disk side.
/N : sectors Specifies the number of sectors per track
/1 : Formats a single side of a floppy disk.
/4 : Formats a 5.25-inch 360K floppy disk in a high-density drive.
/8 : Formats eight sectors per track.

Safari Review From My blog :)

2010-02-04T05:24:00.000-08:00

Safari browser is the browser that comes from Mac OS. but now can be used in the operating system safe to use and windows.Safari fast enough, because we know that firefox is the main windows operating system.

but safari better than firefox in Mac OS versions, because safari can work well in windows operating system, then he has added value.

But the shortcomings are in the safari browser if we do open new tab will feel very heavy compared to firefox that not many java / display against.

Another deficiency is that the tool in the safari options are incorporated in different IExplore with Firefox. good but not the best in windows operating system:)

Partition Magic 8.0, How to increase hard disk partitions?

2010-02-04T04:48:00.000-08:00

Partitioning your hard disk by using the operating system was used and was often done while to partition the hard disk after the operating system is installed there are still newbies who have not tried it from that article is very useful for beginners who want to add a partition on the computer hard disk using Partition Magic 8.0 .

To get started, please create a new partition start partition magic 8.0 in your PC.

Once inside the Window Partition Magic, the next step is to click the C drive partition and then the Operations tab click the Partition Resize / Move partition resizing windows so that they appear / Move Partition as the following picture :

type size of space (MB) is needed in Free Space Free Space Before or After. To use free space free space before or after depending on whether we plan to place the new partition before or after the c drive c drive, where to put the new partition before the c drive then type the amount of space to free space before and when to put the new partition after c drive then type the amount of space on the free space after.

For example here I put a new partition after my drive c then type in the amount space for 15,000 MB of Free Space After then click OK.

after typing a number of bytes the size of hard disk partition view would be like the following picture:

Click on the partition that had just added and then click Create Partition to Partition Operations tab so that the Create Partition window appears.
Change the options in accordance with needs such as Primary Partition or Logical Partition, Drive Letter, Partition Type (FAT / NTFS), Size. Here I explain to create a logical drive so just click OK without making any changes to create the windows partition.

After click OK then the overall result of the hard disk partition will look like the following picture which has added a new drive called the drive G.

After the partition is complete next mark is the last operation is to click Apply at the Pending Operations tab so that all pending operations is completed. When you click Apply then the message will appear Apply Changes consisting of 3 choices are Yes if you agree to continue the process, then select No if you did not continue the process and select the details to see a detailed process that we have done and are still in pending. Click Yes because we want to continue the process ..

If you Need to restart your computer, you can restart now for take new effect. now! The process adding a new partition on a computer that already installed windows operating system is complete. good luck!!

Thumbs.db, what is this?

2010-02-03T21:05:00.000-08:00

sometimes we get a folder in a file that is hidden, and we think it is a virus, but what exactly "Thumbs.db" let us see the explanation.

The default behavior for many folders in Windows XP is to display thumbnail images of the files in the folder. This is primarily true of folders created from digital cameras or filed under the My Videos and My Pictures folders. Thumbs.db is Microsoft's way of caching thumbnail images of any image or movie file in a folder. The idea behind creating a thumbnail cache is to improve the speed of displaying thumbnails the next time you open the folder by caching a set of thumbnails for the image and video files in the folder. If you hadn't seen this file in your folders previously it's likely you didn't have Show hidden files and folders enabled. Deleting the Thumbs.db file simply deletes that cache, which is regenerated the next time you view the folder contents. It is possible to configure Windows to never cache thumbnails.

Howard asks, "I just recently noticed that in any of my picture or video clip files a (Data Base File) called thumbs has recently appeared. When I delete it, it reappears. It was never there before. I noticed it after a couple of updates from Microsoft. What heck does it do? It doesn't seem to effect my ability to see the img or mvi pics, etc."

One of the biggest annoyances to the Thumbs.db file is the way it changes folder settings. You can specifically set all folders in Windows to open in Detail view, for instance. If any folder contains a Thumbs.db file, that folder reverts to the thumbnail view, ignoring your preferences.

To turn off thumbnail caching, open Tools > Options in Windows Explorer and click on the View tab. Check the box next to Do not cache thumbnails and click OK.

Comparison of REGEDT32 and REGEDIT.

2008-12-21T18:12:00.000-08:00

Most users who have been using Windows NT for a long time have used REGEDT32.EXE, the Windows NT Registry Editor. Windows 95 users, or NT users coming from a Windows 95 background, however, have always used REGEDIT.EXE. The good news is that both are included with Windows NT 4.0, and you can use either. Windows 95 users don't have a choice.

There are significant differences, however, in the features that each possesses. Each has its strengths and weaknesses, and most NT users will end up using both. Table 10.1 compares REGEDT32 with REGEDIT.

Table 10.1. Comparison of REGEDT32 and REGEDIT.

Feature	REGEDT32	REGEDIT
All handle keys available	X	X
Edit current Registry	X	X
Edit local NT Registry	X	X
Edit local 95 Registry		X
Remotely edit other NT Registries	X	X
Remotely edit other 95 Registries		X
Export and import hives	X	X
Export hives as text	X	X
Tiled view of multiple handle keys	X
Copy key name available		X
Right mouse button support		X
Single-click cascading of folders		X
Print contents	X	X
Edit multiple string entries	X
Security available on keys and values	X
Auditing available on keys and values	X
Search for keys	X	X
Search for values		X
Search for data strings		X
Read-only mode	X
Change screen font	X
Resource list entries as window	X	binary only

REGEDT32.EXE focuses more on the high-security, hardware-level editing, whereas REGEDIT.EXE is designed for ease of use and broad appeal. Most tasks you perform can be done in REGEDIT.EXE with no problem, and, in many cases, it can be done more easily and quickly than with REGEDT32.EXE.

How to Make a Backup of Registry Using Regedit

2008-12-21T17:46:00.000-08:00

How to Make a Backup of Your Registry Using Regedit

Computer users who are seeking a way to produce a backup copy of their Windows registry can easily accomplish this task from within Windows, and without any third party software.
Users need to make backup copies of the Windows registry because it is a large file that contains information about the settings of your computer and the programs.

A lot of users don't exactly understand what exactly the Windows registry is, and why they should backup copies of the data. You see, the Windows Registry is basically a vault of the various settings Windows and other programs use. It's where programs get information from. As I said before, the Windows Registry is basically a giant vault for data.

The reason why users need to make backup copies of their registry is rather simple; one little mistake in your registry can basically stop Windows from loading at startup.
It is essential for users to produce backup copies of their registry because every program you install or download has the ability to modify, even destroy it.

It's important for users to remember that every program you install on your system has access to your system's registry. A lot of adware and spyware applications will modify your system's registry in order to take over your web browser.

Making weekly backup copies of your data is not only a smart thing to do, but takes only a few seconds to successfully make a backup copy. As mentioned before, users do not require a third party utility to backup their registry. A tool, entitled RegEdit is installed on every Windows PC, and although it looks quite complicated, making backup copies of your system's registry is actually rather easy.

To start out, click the Start button and select Run. Type in regedit and press the enter key. A few seconds later you will be presented with a two pane window that resembles the Windows Explorer.

Go into the File menu, and select Export. Find the location of where you wish to store the registry backup file, and type in a name for the file. Click on the Save button, and you are finished. You now have a nice backup of your Windows registry.
Remember that registry backups take a large amount of data, so if you make daily backups remember to delete the older copies.

If you decide to make registry backups every day, remember to delete the older copies. Because of the large amounts of data stored in the registry the files can be very large (fifty to a hundred megabytes).

When you find the need to restore a backup copy of your registry, the process is simply. Locate the backup file, and double click it. You will be presented with a dialog asking you if you are sure you wish to add the data to your registry. Click on Yes and your registry will be restored within seconds.

Using backup copies of your registry is a great idea whenever you stumble across a program that takes control of your web browser, or if you are having problems with an installed application that was working file whenever you produced the backup.

Structure of the Registry Editor!

2008-12-19T18:52:00.000-08:00

The Structure of the Registry

The Registry has a hierarchal structure, although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer.

There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows:

HKEY_CLASSES_ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface.
HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings.
HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer.
HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch.
HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.

Each registry value is stored as one of five main data types:

REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
REG_DWORD - This type represents the data by a four byte number and is commonly used for boolean values, such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format.
REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)
REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
REG_SZ - This type is a standard string, used to represent human readable text values.

Other data types not available through the standard registry editors include:

REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format.
REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format.
REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type.
REG_NONE - No defined value type.
REG_QWORD - A 64-bit number.
REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format.
REG_RESOURCE_LIST - A device-driver resource list.

What Is A Registry [Regedit]?

2008-12-19T18:06:00.000-08:00

What is the Registry?
The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the PC. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry.

The physical files that make up the registry are stored differently depending on your version of Windows; under Windows 95 & 98 it is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, for Windows Me there is an additional CLASSES.DAT file, while under Windows NT/2000 the files are contained seperately in the %SystemRoot%\System32\Config directory. You can not edit these files directly, you must use a tool commonly known as a "Registry Editor" to make any change.

And in this blog you can studying all about registry editor. enjoyed.

Google Chrome Review. Nice Result!

2008-12-18T19:10:00.000-08:00

Google Chrome, the search giant's first ever web browser, was released to great fanfare on Tuesday, amid talk that it could one day pass Internet Explorer as the world's most popular browser.

The version released for free download is only at the beta - testing - stage, but users and critics have been quick to pass early judgment. The consensus? Google Chrome is attractive, fast and has some impressive new features, but may not - yet - be a threat to its Microsoft rival.

Here is a selection of reviews from some of the most respected technology blogs and writers on the web. Click on the links to read the full reviews, or post your first impressions of Google Chrome in the box at the bottom of the story.

All in all, Google Chrome, after just a little time using it, is superb. It’s not only fast, but it’s useful. It’s not only elegant, but it understands what you really want to do with a browser. And although it suffers from some setbacks that shouldn’t be overlooked, it’s still a highly-capable browser. Download Chrome. You won’t regret it.
TechCrunch

Google has produced an excellent browser that is friendly enough to handle average browsing activities without complicating the tasks, but at the same time it's powerful enough to meet the needs of more-advanced users. The search functionality of the Omnibar is one of many innovations that caught my attention.
PC World

While Chrome's performance is a little better than that of Firefox, in practical terms, it is far less useful, because it lacks the broad array of third-party add-ons programs like Flashblock that make Firefox so customizable. With time, it might catch up, but in the meantime, I'd recommend giving the new Internet Explorer a spin.
The Associated Press

The interface in Chrome is very different from other browsers and takes a little getting used to. Instead of the traditional Netscape/IE-style toolbar across the top, Chrome puts tabs across the top. Moreover, the tabs are detachable, so the terms "tabs" and "windows" become interchangeable within Chrome.
CNET

Will Google Chrome shape the way Web browsers are developed and designed? It is too early to tell, but Google has certainly come up with something appealing and unique. Will Chrome replace Internet Explorer or Firefox? Perhaps not in its present form, and not for a very long time. Overall, Chrome is a killer little application to have and offers a nice break from tradition when surfing the Web. While there's plenty of room to for growth and improvement, the first beta release is impressive.
The Tech Herald

Chrome is a smart, innovative browser that, in many common scenarios, will make using the Web faster, easier and less frustrating. But this first version — which is just a beta, or test, release — is rough around the edges and lacks some common browser features Google plans to add later. These omissions include a way to manage bookmarks, a command for emailing links and pages directly from the browser, and even a progress bar to show how much of a Web page has loaded.
Walter S Mossberg from the Wall Street Journal

It munches through media sites with ease, streaming music and video and handling Flash very smoothly. PDFs open so suddenly that you might not even realise you're using them. Opening a new tab brings up not your home page (although you can switch to that) but a thumbnail view of your nine most visited sites, plus recent bookmarks and a box to search your history. Overall, my first impression of Chrome is 9/10 for speed, 8/10 for ease of use and 7/10 for stability. And those figures should have Microsoft and Mozilla very, very worried.
TechRadar

What I discovered was a product that has some clear advantages over Microsoft's, but also some shortcomings that, overall, hardly make it a killer - at least today. To be sure, Chrome is a work in progress. In addition to being a test version, outside developers are invited to make improvements. But it faces a stiff challenge from Microsoft, which also is making improvements with its latest iteration, which includes some of the same features as Chrome, like tabbed browsing.
San Francisco Chronicle

Our first impression of Chrome is that it's nice and fast. There's very little lag opening pages and the entire interface feels very streamlined. Dragging tabs in and out of windows is awesome, with a transparent version of the page pulling away with your mouse. The fact that you can pull tabs out of windows as well as combine windows is a great touch. Everything involving the tabs feels very, very smooth.
Gizmodo

Safend Data Leakage Prevention Solutions

2008-12-18T18:16:00.001-08:00

Susan Callahan, senior vice president of business development and marketing at Safend, is seeing a change in trends. In the past, corporations were looking to check a box on compliance. Now, data is their most important asset. CEOs are no longer looking to fill a checkbox; they now want a granular solution, she said. According to a recent study by the IDC, 60 percent of all corporate data is accessed via an endpoint. As the perimeter continues to expand, encryption is no longer enough protection for company data.

Safends solutions offer a fix to data leakage prevention. The acronym DLP has several definitions depending on who you ask: data loss prevention, data leakage prevention, or create other acronyms such as information leak detection and prevention (ILDP) and information leak prevention (ILP). Callahan said, How much of DLP is a process versus a process? Its such a complex problem to protect data. Its a process or methodology that needs to be adopted within a corporation. Technology enables you to accomplish it. If there is no way of enforcing it, its not going to happen. Technology is the means to an end.

Safend offers three solutions to address DLP and regulatory compliance: Safe Auditor, Protector and Reporter. Their solutions protect an organizations data in motion, data in use and data at rest. Safend Auditor provides detailed audit logs of all devices currently or historically connected to your endpoints. Download an evaluation copy of Safend Auditor at Safend.com for a free trial. It will reveal how many USB sticks have been used on your machine. It also has a client list utility for IT admin to see who is connected on what devices in the network. According to EOM partners market survey, 72 percent of people within a corporation use at least one USB stick, and many use up to seven different USB sticks. Its important to know who and what devices are connecting to your environment. Safend Auditor is built within regulatory compliance for HIPAA, SOX, PCI and other state privacy laws.

Safend Protector guards against data breaches by applying granular security policies over removable storage devices. Safend Protector offers endpoint monitoring, device identification and blocking based on administrator-defined policies with automatic data encryption. It protects all ports including USB, WiFi, Bluetooth and all removable storage devices. Safend conducted an endpoint security and data leakage threat survey that included responses from enterprise executives and IT administrators. Nearly 60 percent of all respondents were unaware or unsure of how many devices connect to their corporate endpoints. Also, nearly 25 percent have no policies for endpoint and port security at all.

Safend Reporter is an add-on module that provides reporting and analysis on security incidents and operations status. The tool reports on data accessed by removable storage devices and wireless ports that further enables data security and compliance.

Callahan recounted an event where a student used a key logger to get access to his teachers password. He then had access to the answers to his teachers exams before each test. When the student performed exceedingly well, to the point of writing his answers almost word for word from the teachers answers, the compromise was discovered. If kids can do that with a key logger, imagine what can be done to steal company secrets.

With the average cost of a data breach being $6.3 million per company, its too expensive to leave to chance, said Callahan.

------------------
Kristen Romonovich is Associate Editor at the Computer Security Institute. She is dedicated to secure green computing, compliance in the cloud and the security of mobile devices. Learn more at our upcoming conference CSI SX: Security Exchange, csisx.com, May 17-21 in Las Vegas.

A (Tentative) Wish-List for a Better, More Secure, Web Browser

2008-12-18T18:15:00.001-08:00

Web browsers are where the client machine rubber meets the Web server road. So it stands to reason that strong Web browser security is paramount—far more effective than relying on thousands of Web application/ plug-in developers to write more secure code.

There are definitely some browser developers that are making strides in the right directions, but none of them are quite there yet. I’m still thinking through this, but if I were writing my wishlist for a more secure Web browser today (and, well… I am) then here’s what it would be:

1. It has to work. This is absolutely the most important piece of the puzzle. The trouble is, the most effective ways browsers have thusfar come up with to improve security also cause some truly damaging impacts on performance.

2. It has to be built like a platform, not like a singular application. Once upon a time, the Web was a series of static pages, and the Web browser was an application that let you find and view those static pages. Times have changed, however, and now the browser itself plays host to many rich, Web-based applications. Thus, browser development should be treated more like operating system development. Some browsers–Google Chrome, principally–are beginning to make strides in this direction. (As my fellow CSIers, Kristen Romonovich and Robert Richardson, said from the get-go, Chrome is more a Windows competitor than it is an Internet Explorer competitor.)

3. It needs a modular–not monolithic–architecture. In a modular architecture, the browser is divided into at least two components–generally speaking, one that interacts with the client machine, and one that interacts with the Web and operates from within a sandbox. The main benefit is that it’s a great defense against drive-by malware downloads. If an attacker compromises the Web-facing component of the browser, they won’t automatically gain full access to the client machine with user privileges. They’ll only gain access/privileges to whatever the Web-facing component needs. Internet Explorer 8 (beta) and Google Chrome (beta) use modular architectures. The OP Browser still in development by researchers at the University of Illinois uses a more granular modular architecture that splits the browser into five components.

Yet monolithic architectures are used by all the major browsers today. (Monolithic architectures are kind of like real-estate brokers who represent both the buyer and the seller–you just can’t quite trust them.)

4. It has to support some sort of process isolation. In essence, isolating processes means that when one site/ object /plug-in crashes, it doesn’t crash the entire browser.

5. Its security policies cannot rely heavily on the user. Average users should not be expected to understand the intricacies of privacy and security settings. They shouldn’t be expected to dig into their Internet options, flip JavaScript on and off and on and off again, disable plug-ins, delete nefarious cookies, or anything else.

6a. It’s got to figure out how to securely handle plug-ins.
6b. It’s got to figure out how to securely handle JavaScript.

The troubles with plug-ins are that they tend to run as one instance–so process isolation doesn’t really work with them–they’re given unchecked access to all the browser’s innards, and they tend to assume/require the user’s full privileges. In order to allow plug-ins to run properly, Chromium (the modular, open-source Web browser architecture used by Google Chrome) runs them outside of the sandbox, and with the user’s full privileges–so the browser can’t do anything to save the user’s machine from malicious downloads through an exploited plug-in.

The OP Browser has some very innovative ways of handling plug-ins. Rather than using the Same Origin Policy–which prohibits scripts and objects from one domain from accessing/loading content (scripts/objects) from another domain–the browser applies to plug-ins a “provider domain policy,” in which the browser can label the Web site and the plug-in content embedded in that Web site with separate origins. The plug-in’s origin will be the domain that’s hosting the plug-in content, which is not necessarily the same as the domain of the page you’re viewing. (So if you were here on GoCSIBlog.com and I’d embedded an Adobe Flash media file from YouTube, the OP browser could recognize the page’s origin as GoCSIBlog.com and the Flash file’s origin as YouTube.com.) The benefit here is that you can add a site to your “trusted” list–thereby allowing plug-ins and allowing any plug-in content that originates from that trusted site–without needing to allow plug-in content that is running on the trusted site but originates from untrusted sites. This greatly mitigates the risks of cross-domain plug-in content… however a) there are some cases where this policy will prevent plug-ins from operating properly and b) as Robert Hansen, CEO of SecTheory pointed out to me, the primary vector for cross-domain content attacks (XSS, CSRF) is JavaScript, not plug-ins.

Yet, browsers (the OP browser included) continue to apply the same origin policy to JavaScript, and there are many JavaScript-based attacks–JavaScript hijacking, for example–that sidestep the same origin policy.

The trouble is, none of the browser companies have really figured out yet how to securely handle JavaScript in a way that doesn’t disrupt one’s browsing experience and/or require security-savvy action from users. The NoScript plug-in for Firefox is a good tool, but a) it’s not a standard Firefox feature, and b) it’s a bit advanced for the average user. Other browsers allow you to simply disable JavaScript, but doing so means the user won’t be able to enjoy some of the fun, quintessentially Web 2.0 things the Internet now has to offer. Further, JavaScript is automatically enabled on any sites on the user’s “trusted” list, so malicious JavaScript on a legitimate site continues to be a problem.

Web browsers’ inability to elegantly handle JavaScript-related threats, is a big problem, because it means that we all must rely upon the individual Web site developers to keep their sites free of cross-site scripting flaws and cross-site request forgery vulnerabilities.

Part of the trouble may be that currently available rendering engines, used for parsing HTML and executing JavaScript, are error-prone and written in generally insecure languages. (So if you’re a young researcher, maybe “Creating a more secure HTML rendering engine” would make a good thesis project. Pretty please?)

I’m still thinking some of this through, so do let me know if you disagree, see errors in my judgment, or think something else should be on this list.

Also: should one browser be expected to do everything? How likely are you (and your users) to use one browser for everyday activities and another browser for more delicate activities?

We’ll be devoting the next issue of the Alert–CSI’s members-only publication–to browsers and other elements of client-side Web security issues. We’ll also be discussing some of during the CSI 2008 conference next month. Tuesday, Nov. 18 Gunter Ollmann of IBM-ISS will present a full 60-minute session on “Man-in-the-Browser Attacks,” and, also on Tuesday, browser security will be discussed during the Web 2.0 Security Summit, moderated by Jeremiah Grossman (CTO, WhiteHat Security) and Tara Kissoon (Director of Information Security Services at VISA, Inc.).

------------------
Sara Peters, senior editor at the Computer Security Institute, is a well-rounded geek-at-large with particular enthusiasm for Web 2.0 security, Web vulnerability disclosure law, virtualization, and cartoons about ninjas.

Sour Travels with SugarTrip

2008-12-18T18:14:00.000-08:00

As Web browsers are becoming more like operating systems, and phones are becoming more like computers, there are a host of new web applications that are supposed to enhance our lives, making them more fun and functional. However, there are also a host of security and privacy concerns that come along with these applications. For instance, SugarTrip is an application available through Google’s Android platform used with the iPhone. SugarTrip utilizes the GPS units that are integrated into most Android phones to measure street traffic. As users drive their cars, SugarTrip measures how quickly they are traveling and reports their speeds back to a central server. The application will also allow users to view routes taken by other drivers to plan the fastest route. It can also pinpoint cars on a map so when a person parks, it is easy to find the car later.

SugarTrip is being marketed as a green application as it should help drivers plan better driving routes and prevent cars from sitting in traffic. However, it seems to me one should be aware of SugarTrip’s privacy concerns before everyone goes out to download the free app.

I mention this because of my recent trip to Connecticut. I found myself stuck at the E-ZPass toll with an increasingly long line of angry New Yorkers just as anxious as me to flee the city for the weekend. Being that the E-ZPass lane is supposed to be faster than cash, and my E-ZPass failed to pay my toll, they expressed their feelings with angry honking and loud expletives in my direction. After being told by a cop to wait in the E-ZPass help lane, (who knew there was such a thing?) and with passing cars showing their appreciation with friendly one-fingered waves, my E-ZPass was revoked.

Revoked? I hadn’t the faintest clue as to why. Once safely out of NY, I was told my E-ZPass had been revoked thanks to another driver on my account who sped through an E-ZPass toll at 35 mph instead of the requested 10 mph.

And with that tidbit, I realized the significance of my technological conveniences working against me. My E-ZPass was tracking my every trip, measuring the time it takes me to go from one toll booth to the next, recording how many times I travel to Connecticut or Manhattan or who knows where else.

With the SugarTrip application sending our traveling speeds and locations back to some unbeknownst central server, I would take a lesson from my E-ZPass experience and ask yourself whether the convenience is worth the trouble.

Sandboxes and Surfing with Google Chrome

2008-12-18T18:13:00.002-08:00

Google designed Chrome to be faster, more stable and most importantly, more secure than other Web browsers. So with these features in mind, Google Chrome was built from scratch to be a Web browser designed for today’s web application users. As more businesses venture into the cloud, it’s becoming increasingly important that your browser doesn’t crash when you’re creating reports in Google Docs or when you’re video conferencing. In order to prevent crashes, Google Chrome developers sandboxed each tab, so that if one tab malfunctions, the whole browser doesn’t crash. If one tab does go down, a “sad tab” will appear depicting a ‘sad face’ emoticon.

This isolation process is similar to modern operating systems. With sandboxing, the goal is to prevent malware from installing itself on the computer or allowing what happens in one tab to affect what happens in another. The perimeter of the sandbox is based on permissions. Each process is stripped of its rights and can compute but can’t write files or read from sensitive areas such as the desktop or documents. Chrome has taken the existing process boundary and made it into a metaphorical jail. Malicious software in one tab is unable to sniff credit card numbers, interact with mouse operations or tell Windows to run an executable start-up. Since Google is writing the code, they have the ability to say who and who isn’t granted permission.

If sandboxed tabs don’t offer enough security for your end users, there are also privacy modes to ensure that your surfing history isn’t being tracked, such as Protected mode used in IE7 and Windows Vista, which can be enabled or disabled by group policy or parental controls. (Apple’s Safari also has a private browsing feature). Google Chrome offers a similar mode called Incognito. (Chrome currently cannot disable through parental controls or group policy).

These modes are jokingly referred to as ‘porn mode’ as the Web surfing activity isn’t tracked because the browser does not store history information or cookies. A spouse that doesn’t want their significant other to know that he/she has been surfing disreputable sites would not be found-out while surfing in these modes. These privacy modes also have business-related uses as well. Privacy modes are good to utilize when typing passwords or financial, personal or sensitive information onto a Web site.

Cutting Through E-Voting Semantics

2008-12-18T18:13:00.001-08:00

The United Kingdom’s government said unequivacobly that UK will not now, nor in the forseeable future, adopt electronic voting. According to today’s story at The Register:

Michael Wills, a Minister of State at the Ministry of Justice, was asked if the government planned to introduce e-voting before the local and European elections in 2009. He said last week: “The Government do not plan to introduce e-voting for the 2009 European or local elections … The Government have no plans for further e-voting pilots in statutory elections at this stage.”

I did a story about e-voting a few years ago, and found it quite a vexing, exhausting process, because one had to viciously hack through a thicket of semantics to find out what e-voting proponents and e-voting opponents were really arguing about so vociferously.

So I’ll now attempt to save you (and your machete) the effort, and give you the gist of the semantic debate. If you want a much more thorough minutiae-rich account (and you’re a member of the Computer Security Institute) you can read that here.

First off: not all e-voting machines are created equal. “Optical scan” voting machines are technically e-voting machines, but are actually heartily recommended by many people who are often lumped into the category of “e-voting opponents.” What we most often think of as “e-voting machines” are DREs (Direct Recording Electronic machines).

In essence the debate is all about whether or not meaningful audits of the voting machines’ accuracy and integrity can be conducted. Meaningful.

After the polls close, a voting machine spits out a summary report of how many votes were cast for each candidate. There should be a way to verify that a) the machine’s count is accurate (like if 500 voters cast votes for Candidate A, the summary report will actually say that 500 voters cast votes for Candidate A), b) the machine recorded each individual vote accurately, and c) the machine/votes have not been tampered with.

Most e-voting opponents say that the only way to conduct meaningful audits is for the voting system to create a “Voter-Verified Paper Trail” or VVPAT. In a basic DRE system, a voter presses a button (or types in a write-in ballot) to cast their vote, and then the DRE system pops up a little message on the screen saying “You voted for ‘Upstanding Citizen’ for ‘Senate.’ Is that okay?” and then the voter will press either “okay” or “decline.” The voter simply has to trust that when they pressed “Upstanding Citizen” the machine did not record “Evil Mastermind.”

In a DRE-with-VVPAT scenario, the voter doesn’t see the “Is that okay?” thing just on screen. The machine, rather, prints the voter’s votes on a slip of paper, which appears behind a glass window. If the printout has it right, you hit okay, and the slip of paper is then dropped into a secured box.

If for some reason–either because there’s a call for a recount, or because the polling place has been randomly chosen for a manual audit mandated by the state–the votes need to be verified, the human-count of the little slips of paper can be verified against the machine’s count. (And presumably, in the event of an incongruity, the paper count will be considered the official number.)

Here’s where we really get into semantics. Here’s an excerpt I’ve lifted directly from my November 2006 Alert story:

can

voter cast

machine recorded

So, technically speaking, a DRE can provide the necessary elements of a recount. The individual votes can be printed from the machine’s internal memory and hand-counted. The DRE even goes one step further, because the votes could also be printed from the removable memory card in case the internal memory was destroyed or corrupted. These devices are encrypted to make them resistant to tampering of stored data.

However, there is still no way to assure the integrity of any of the data. If some error or fraud happened between the time that a voter cast their vote and the time the vote was stored, then a recount would simply retabulate the same erroneous or fraudulent data.

Some say a VVPAT (or other form of voter verification) captures the intent of the voter, but once again, this isn’t exactly true. Paper doesn’t magically divine a voter’s will. If it did, there wouldn’t be questions like “Does this dimpled chad indicate a vote for this candidate or that the voter abstained from casting a vote in that race?” “If the voter filled in equally dark circles for two candidates in the same race, which one did they actually want?”

What a VVPAT does capture is what vote the voter actually cast. If the voter leans on the keyboard, types in “”Aa;KJF” for governor and clicks “OK” it’s their error, not the machine’s, so it’s still a valid vote.

As Avi Rubin, author of Brave New Ballot, told the Associated Press in 2006, “The problem is not that elections have been rigged, necessarily; it’s that you can’t say for sure that they weren’t.”

Murder in Virtual Worlds

2008-12-18T18:12:00.001-08:00

According to LinuxInsider, a 43-year-old piano teacher was arrested after she murdered her virtual, recently-divorced husband’s avatar in Maple Story. (Maple Story is Japan’s equivalent to the virtual world of SecondLife). She had apparently used his login information and password (that he gave her during the happy years of their ‘marriage’) in order to perpetrate the crime.

Authorities were first alerted to this crime by the ‘husband,’ who came online to discover the murdered body of his avatar. His ‘wife,’ who was extradited 620 miles across the country to stand trial in his hometown of Sapporo, was charged with illegal computer access and manipulation of electronic data. If convicted, she could face a prison term of up to five years and a fine up to $5,000.

Just a month before the incident, I explored the legality of virtual worlds in the April Alert, My So-Called Second Life: Virtual worlds inherit the security woes of both the physical world and the logical world. This incident, however amusing, shows how the ‘virtualizing’ of society has helped us discover new ways to commit crime.

It’s important to remember that the woman was effectively charged with hacking, not murder. With the advent of World of Warcraft, virtual murder of other people’s avatars has become a passé societal norm. This phenomenon was satirized in an episode of South Park, where the boys united to defeat an ‘omnicidal’ maniac in order to save World of Warcraft from other players’ disinterest.

With society continuously escaping the real world to live virtual world fantasies, carelessly overenthusiastic people can find themselves committing crimes that, in the past, weren’t the hallmarks of felony. Thanks to virtual worlds, you can actually be arrested for killing people who have no lives (avatars, not geeks).

Optical scan machines, not just DREs, giving voters troubles today

2008-12-18T18:11:00.000-08:00

If voters do not even have confidence in the voting machines recommended by the Verified Voting Foundation, what hope have we in any voting system in use today?

Luckily none of the technical problems thusfar experienced by voters have been called “systemic,” but rather are isolated incidents.

Nonetheless, it was no doubt frustrating and perhaps shocking to some citizens, when after waiting in line for hours at their local polling places, they were told that the optical scan voting machines were malfunctioning; voters were given the option of waiting for the machines to be repaired or filling out the paper ballot and relying on poll workers to scan the paper ballot when the scanning machines were once again fully functional.

Optical scanning machines are preferred by the non-profit organization, Verified Voting, because they automatically provide a paper trail, unlike most direct recording electronic machines (DREs, which are most often thought of in discussions about e-voting.) Optical scan machines basically work like those ScanTron machines you might have used when taking tests back in high school. You’re given a paper ballot, you fill in some boxes or circles with your choices. You then personally insert the paper ballot into the machine, which scans your answers, adds them to the tally, and then drops the paper into a secured box. So in the event of a recount (or in the event that the polling station was randomly selected for a mandatory audit), the machine’s tally could be compared against a manual count of the paper ballots filled out and confirmed by each voter themself.

Yet some troubles have been reported with these optical scan machines today, including quite a low-tech problem–after heavy rain yesterday, the paper ballots at one Virginia polling station were damp, and were getting stuck in the scanning machine.

This morning Tom Brokaw, current moderator of “Meet the Press” and the moderator of one of the presidential debates, said that regardless of who wins, the nation needs to fix the problems with the voting system. It would be difficult to make a convincing counter-argument.

Some of the swing states being given the most attention by analysts and candidates today are Ohio, Florida, Colorado and Virginia. Florida has the most rigorous policy, requiring both a voter-verified paper trail and a manual audit of randomly selected polling places–some of these paper ballots, however are still the infamous “butterfly” ballots that had the country hanging in an uncomfortable suspense during the 2000 election. Colorado also requires a VVPR and manual audits, but according to Verified Voting, Colorado is “shown as having a VVPR requirement because they have enacted VVPR legislation, but these states’ requirements will not be fully implemented until after 2008.” Ohio has a VVPR requirement, but no audit requirement, and Virginia requires neither the paper trail nor the audit.

See the requirements for other states here.

Data in the Clouds with Casdex

2008-12-18T18:10:00.000-08:00

From a legal point of view, if you work for a publically traded company, you must meet certain terms of compliance. However, even if your organization is compliant while using a cloud service provider, the big question remains: who is liable for the data? There is always a risk when using a provider, but David Barley, Chief Technology Officer for Casdex, (a digital archiving firm that also ensures full compliance and security) said, “At the end of the day, if your organization does experience a data loss, you want to be able to prove what happened. Whether it’s an act of God or an error, things happen.”

For instance, when you use Google e-mail, you’re using a free service. If there’s down time, Google doesn’t have to communicate with their users. Barley stresses the importance of trust while performing business operations in the cloud: “If you have the information you need and you have a trusted relationship [with your provider], it makes it easier. When you join with a provider, you’re joining a business relationship. It’s your company, but the service providers need to be able to help,” said Barley.

Before committing to any data storage provider, there are a few questions you should ask of the service before becoming a customer. Barley said you should be clear on exactly what the service provider is offering: data storage, e-mail, transactional data for the database, archiving and long term protection of data? Even though you may choose to go with a service provider brand name you trust, Barley stresses to learn more about the people running it: “Have they run IT shops in the past? Managing storage at the enterprise level is a different skill set.” Most importantly, what are the rules in place to get access to your data? “Information is your most critical asset. Even if you operate a dry cleaners, your contact list, your list of customers; that’s your gold,” said Barley. You want to be sure you would be able to retrieve your data in the event the provider is no longer in business. “Are they using fly by night facilities?” These are some things to watch out for as you want your provider to be readily available to you when you need to access your data. Barley said, “What types of guarantees do they offer? Things happen; companies go out of business. How do you get your data back?”

The Linkup, formerly known as MediaMax, allowed users to backup and share files online, but then lost 45 percent of their customers’ data. They had about 20,000 paid, disgruntled subscribers. Much of the error was a result of all of the data being on a few computers instead of a system where the data is spread out and stored at several locations. “Casdex’s data is in more one place because it has to be.” As an archive data company, most of their customers’ data does not need to be pulled for everyday business use, but more for auditors. That’s why the data is stored in different locations so if access to Los Angeles is busy, you can be redirected to Las Vegas.

Casdex has setup an escrow account, a fund that is set aside for your organization, in the worst-case scenario that they would go out of business. The funds are set aside as Casdex’s guarantee to continue to run your services for a period of six months. Within those six months, you would be able to go into the service to download your data back out to retrieve it.
In the past, companies backed up their data in filing cabinets, offsite paper file storage facilities and onsite with CDs or thumb drives. Now with an increased risk of data theft, new government regulations, natural disasters, an increasing number of businesses need digital archiving. Casdex offers an Internet storage solution to provide proof of authenticity in court and guarantees that the data has been accurately reproduced. Casdex’s digital archiving solution allows businesses to maintain full compliance with federal regulatory retention policies outlined by the SEC, HIPAA and SOX. When archiving a document, the owner may program the retention time, at the end of which the document is both destroyed and deleted from the server.

There are several different regulations that most companies need to comply with that include retention policies, grant access, etc. “But when you turn on compliance, retention policies tend to change,” said Barley. Casdex can prove with hashes that your data is the same file that it was three years ago to prove compliance or for court cases. With data archiving, it’s important to be able to verify that the data you stored ten years ago is the same data today. HIPAA states that the files stored can’t be read by third parties and to delete the data after ten years, so there are mechanisms in place to control these regulations. Barley said, “Everything is logged, and you can’t tamper with them. If you want to meet these regulations, you need these mechanisms in place. You need these log reports to prove compliance which is as simple as logging into the portal and pulling the report yourself.”

Free Software to Protect Virtual Machines in the Cloud: Third Brigade VMware Protection

2008-12-18T18:09:00.000-08:00

There are some ways to effectively begin securing your information in the cloud. We’ve recently been pondering whether or not one can prove compliance with security and privacy regulations in the cloud. Luckily, while cloud services still may not be right for handling health or payment card information, security vendors and cloud service providers are beginning to offer ways to effectively secure your cloud-based computing resources and satisfy some compliance requirements.

Last week, Third Brigade announced the availability of Third Brigade VM Protection, a free software package for organizations to achieve protection and compliance for VMware virtual machines deployed in a private or public cloud.

When an organization chooses to operate in the cloud, data is located outside of the perimeter, which should come as no surprise. “The big difference is that your perimeter isn’t helping anymore,” said Bill McGee, vice president of products and services for Third Brigade. While you still can’t implement security on the underlying infrastructure, you can add security measures on the top level. McGee said, “There’s no difference by definition between a physical, virtual and cloud server. Management and deployment of the technology is the same. But from the point of view of how you’re protecting it, the difference is around location and what perimeter is in place.”

Third Brigade’s enterprise product Deep Security 6 adds a firewall and IDS/IPS protection onto each virtual machine. It also offers integrity monitoring and log inspection capabilities. While you may not have all of the log files to hand over to your auditor, you at least have logs of what is happening on the VM if not on the hypervisor or physical server level. For instance, if only one of your servers contains personally identifiable information, you can segment the firewall functionally to limit it to the VM that needs to comply with regulations such as the Payment Card Industry Data Security Standard. Since security is operating on each instance, you can customize which security tools you want to place on each VM.

Currently the enterprise product is made for Amazon EC2 that uses the Xen hypervisor, but Third Brigade is working with VMware to offer Third Brigade VMware Protection. The free software will work with any cloud service provider that uses VMware and will also work on your private network. “The VMware vCloud Initiative brings together enterprises, more than 100 service providers worldwide and industry innovators like Third Brigade to deliver enterprise-class cloud computing,” said Wendy Perilli, director of product marketing at VMware. “Whether businesses want to expand their IT infrastructures into internal private clouds or leverage off-premise compute clouds, combining the VMware platform with partner security solutions like those offered by Third Brigade gives them the flexibility and comfort to deliver business-critical applications when and where they want, while enhancing IT agility and security.”

Can You Vote for Me Now? Estonia First Country to Cast Cell Phone Votes

2008-12-18T18:07:00.000-08:00

The Estonian Parliament has passed a law that will allow its citizens to vote via cell phone by 2011. In the past, Estonians were able to cast their votes over the Internet which apparently worked seamlessly despite security concerns. See Sara Peters’ coverage of e-voting in Estonia in the November 2005 Alert.

The cell phones will each have a free, authorized chip for their phone that will verify each voter’s identity. However, the Estonia government should be wary of this new system because of what could happen if a person’s cell phone is stolen and used to cast a vote. Additionally, hasn’t it learned from its sustained cyber attack on the country’s Internet infrastructure last year?

Although Estonian officials did not accuse Russia of being behind the attacks, relations between the Kremlin and former parts of the Soviet Union have been on shaky terms. The cyber-attack involved users overloading the Internet system, thus making it impossible for Estonians to perform such basic tasks as buying bread, milk and gas. Several of the main targets were Estonian government ministries, news and communications organizations, and banks.
The Estonian government estimated the attack cost 2.7 million to 4.5 million US dollars in damages.

Estonia is the first country to have cell phone voting, but supposedly Finland and Sweden also have the capability to hold one. Time will tell how cell phones set the tone for future voting methods.