Review of Ethernet the defin. guide

If you’ve read an introductory book, and hunger for the REAL details, this is the Ethernet book for you! I loved this book, because it covers everything the introductory and certification books can’t. You get a thorough discussion of the MAC protocol – learning such details as slot-time and why the standards are set the way they are.
The author speaks from experience, has in-depth knowledge of past, present, and ongoing technology. Anyone aiming to be a professional Network Engineer, do yourself a favor and snatch this book.

Review of Hacking with Kali

this is a truly good all round primer covering the multiple topics very well.

I am using this book as the primary content source for the groups I currently mentor and have suggested that the secondary school programs in my area use it to augment the current technology classes, and so far the response has been awesome.

well done very well done.

 

I’d strongly recommend you purchase this book.

Learning the vi and Vim Editors 7th edition Review

Learning the vi and vim editor 7th edition by Arnold Robbins, Elbert Hannah, and Linda Lamb; Published by O’Reilly.

 

Learning the vi and Vim Editors’ is the ultimate reference for using ‘vi’ out there on the market. Now in its 7th  edition, this book has been around for 22 years and there is a reason. 450+ pages are spread over XX chapters:

01. Basics
02. Simpled Editing
03. Movement
04. Beyond the Basics
05. ex Editor
06. Global Replacement
07. Advanced Editing
08. vi Clones
09. Vim
10. Vim Improvements Over vi
11. Multiple Windows In Vim
12. Vim Scripts
13. Graphical Vim
14. Vim Enhancements
15. Other Cool Vim Stuff
16. nvi
17. Elvis
18. vile

If you are a Linux user or need vi on a daily basis you owe it to yourself to pick up this great book. It’s a definitive resource and well worth the time and money.

How Mark Zuckerburg, Google, and the government made it easy for you to find any US Citizen… and destroy them. (Part 1 – Vulnerable Humans)

This is a cross post from here: http://www.reddit.com/r/HowToHack/comments/1o4nto/how_mark_zuckerburg_google_and_the_government/

Posted for archival purposes.

A different kind of hacker.

I’m probably one of the most unconventional hackers you’ll ever meet, if you ever do, and you probably wouldn’t even consider me a hacker. I don’t code, even though I can understand most of the source code I read. I don’t develop new exploits, though I’ve discovered a couple by accident. I’ll occasionally run a few that I’ve borrowed, but I don’t really have any of my own. Hell, I don’t even know enough HTML to design a web page that meets all of the w3c standards. I’m a power user at best when it comes to personal computing, miles above the average user, but would you believe that *nix is still a mystery to me?

And yet, I can do horrible, ruinous things that most hackers could never do. I’ve stolen thousands of credit cards from people, not web sites. I’ve bled bank accounts dry. I’ve stolen homes, and taken out loans on them. Sent SWAT teams to houses in the middle of the night. Raided emails and phones. I’ve even made myself a part of the lives of some of my victims in a very real, physical way.

See, I chose not to hack computers. I chose to learn how to do something else. I learned how to hack people.

People

Let’s talk about people for a minute. People are generally simple creatures that tend to fall into a routine quite easily. They are, by nature:

• Trusting (Gullible)
• Predictable (Prone to routine behavioural patterns)
• Followers (Not leaders)
• Social (They talk. A lot.)
• Timid (More likely to run than fight.)

They have many of the same needs:

• Socialization
• Entertainment
• Personal Wealth and Possessions
• Education (Whether for personal enrichment or employment)
• Housing

Needs and Nature Expanded

We can make broad generalizations about people called demographics (or stereotypes), but that’s of very limited use. It’s useful if you want to separate a large body of people from an even greater whole, and it’s good to know if you want to verify data you’ve collected on a victim, but this isn’t why I brought up the earlier points.

We need to examine these points of the human condition not as they are laid out, but as vulnerabilities within society as a whole. Much like a vulnerable computer or network, humans have vulnerabilities built into them, and they don’t even know it.

Trust

Most people don’t operate under the assumption that someone is out to get them. This allows them to interact with each other with relative ease, and without feeling that they must deceive or will be deceived. It’s a good thing, but tends to leave them vulnerable to anyone that would lie to them.

Predictable Behaviour

Most people tend to fall into a routine. Wake up, drink coffee, eat breakfast, go to work, eat lunch, go home, play with the kids, shower, brush teeth, make love to significant other, pass out in bed. Repeat.

These routines are very comfortable, and create an illusion of safety and security that simply isn’t real. Something I neglected to mention is that people are generally very lazy, at least in the first world. We don’t call it that though, instead we call it efficient. So much of our lives, mine included, is automated and completely out of our hands- or even the need to be in them.

Newspapers are delivered, checks are deposited into the bank directly, banking statements are electronic (so no mail), packages are delivered to our house- I could go on ad nauseum. I won’t. All of this allows the comfort of falling into and relying on a basic, day to day routine. This is highly dangerous, as it allows a predator to easily stalk a victim remotely and with a high degree of accuracy.

Unambitious

People are more likely to follow a crowd than to lead their own. We are natural followers, and following the crowd assures us that we’ll reap the same benefits of the crowd. It’s easier that way, and the reasons have a strong basis in the points I made in the earlier section. People tend to succumb to peer pressure, and if you’re keen on the demographics of a victim’s friends and family you can predict their behaviour based on what their peers are doing. This allows for a less reliable form of reconnaissance, but it’s accurate enough for a best guess if that’s all you have to go on.

An explanatory note: Something that people tend to overlook is the unspoken significance of stereotypes and demographics. You are not unique. You’ve been told that you are your entire life, and it’s a bold-faced lie. You might be biologically distinct from your peers, but the reality is that a truly unique person is quite rare- you know one when you see it, and you rarely forget.

Sociable

All people socialize with others, even the anti-social, though they go about it in an unconventional way. Out of everything I’ve outlined here, this is and the first are the two biggest vulnerabilities in the human condition. The first, trust, allows them to be lied to. This one, the social nature of humans, allows you to interact with them with relative ease.

Timid

This is largely conditional, as not all people are timid. It’s not a good word, but a far more fair description would be that people tend to not rock the boat, to upset the status quo, and to run from a fight before standing their ground. Passive when cornered. Some people will fight back if they think they have a good chance of winning, but when they don’t they often don’t resist. This often allows them to be coerced or pressured into something they wouldn’t otherwise do.

An explanatory note: It’s not the willingness to fight that needs to be focused on here, but the achilles heel that removes the will to fight. The crazy drunk hick in the bar might just kick your ass because he feels like it, but threaten to blow up his 4×4 or shoot his favorite dog and he might do anything you ask him to. It’s a rarity to find someone that would fight when they know they can’t win. In that sense, the majority of people are timid and unwilling to fight once you’ve cornered them.

• In a nutshell:

Vulnerability	Exploit/intel
Trust	Deception
Routine	Reconnaissance
Unambitious	Surveillance
Social	Insertion
Timid	Coercion

Socialization

Not only are people social, but they have a compulsion to socialize. It’s a basic human need. It’s been covered earlier, so I’ll leave the bulk of that alone to avoid redundancies.

Relevant to their need to socialize are the places people meet up to do so. Physical places where people meet up will be outside the scope of this paper for now, and instead our focus will remain restricted to the online world.

People meet with friends and family on a variety of social networking sites, as well as chatrooms, bulletin boards, and web forums. I’ll cover this in another section, and while doing so explain the title of this paper in more detail. Facebook, Myspace, Twitter, Reddit, Flickr, Google+, and others are a great place to start looking. You can create an entire outline of the connections a potential victim has with friends and family, and their relationships to each other from any one of these sites.

Entertainment

People have a need to be entertained, otherwise they grow restless and anxious. While this ties in with socialization, knowing the entertainment your victim prefers can give you a great deal of insight into the mind of your victim, and it can grant a foothold into their life by allowing you a common ground- whether real or imagined.

Personal Wealth and Possessions

This is a big one. Personal wealth is acquired through a career of some sort, which is highly traceable if this person is self-employed. Also, you can often learn the real name or location of a person from the sites they buy from.

Education (Whether for personal enrichment or employment)

People are curious by nature, and have a need to learn about the world around them- though they might not express it as a desire to go to school. This gives you a lot, and a little. You can gauge the overall knowledgeability of the victim, the career or desired career, interests, friends, level of income, and even general location if the victim is still a student.

Housing

Everyone needs somewhere to sleep. If they own the home they live in, rest assured that you can find them. They don’t even need to own it, they just need a mortgage and you can find their address. You can also find marriage details in the same place you find information pertaining to the home they own.

• In a nutshell:

Vulnerability	Intel
Social Networks	Contacts
Entertainment	Interests
Wealth	Employment
Education	Various
Housing	Location

Tools

In the upcoming sections I’ll address the following tools and how to use them to gain a foothold in any social network, as well as what you can do while you’re there.

Social Networking:

• Facebook
• Myspace
• Twitter
• Reddit
• Flickr
• Forums
• And more.

E-Commerce:

• Ebay
• Amazon

Public Records:

• Clerk of Courts (Court Records, Legal Documents such as Land, Mortgage, Divorce, Marriage)
• Department of Commerce or Department of Corporations (Business Ownership)
• County Appraiser (GIS)

Useful Tools:

• Wolfram Alpha (Great for guessing an age if all you have is a first name)
• Phone Books (More useful than you think)
• Pay Public Records (We do not pay, we use them for broad searches)
• Maltego (Less useful, especially if you use the free version)
• Creepy (So much awesome, but still in development)

Geolocation

• Google Maps
• County Appraiser (GIS)

 

 

The Information You Need

There are three (or four) pieces of information that can give you almost complete control over the life of another person. These are:

• First and Last Name
• Date of Birth
• Social Security Number (Last 4)
• Mother’s Maiden Name (Optional)

With this information you can find anything else you could possibly need, as well as give you a great deal of control over the victim’s finances and daily life. If you have the person’s real name, you can easily find out where they live in most cases, and you can’t really do much without it.

The date of birth is essential if you want to mess around with their finances, and there are several places you can look to find this. Marriage records are a great place to look.

This information is useful as well:

• Property Records (Titles, Deeds, Mortgages)
• Photographs
• Relatives
• Workplace
• Businesses Owned or Operated
• Signature
• Phone Numbers
• Criminal Record
• Facebook
• Twitter
• Instagram

And I’m going to teach you how to get all of it.

An explanatory note: One thing to remember is that there is no such thing as useless information when it comes to your victim. It is all useful, it is all relevant; unless it is redundant. In that case, make a note of it as a source in your dossier and move on. Yes, Myspace, Twitter, and Facebook are as important as property records and phone numbers. Social Networks let you monitor their activity, and the others let you know where they are. Don’t discount any of it!

Collecting and Filtering Data

Start Broad and Narrow Results by Mining Data

There are a few starting points, usually either a username or a birth name. Locating data based on this can be of varying difficulty, depending upon how open a person is about themselves if only a username, or how much you know about the person if it’s a birth name.

People seem to think that while usernames are unique, birth names aren’t. This couldn’t be further from the truth. Usernames are often a unique arrangement of characters, where birth names tend to be linked to a very unique set of locational, age, and marital data. Usernames are less likely to hold this much information.

Consider the very generic sounding name John Wilson. It’s not of any real significance, as I just pulled the name out of the aether. Substitute with John Smith, Paul Johnson, Doug Jones… You get the idea.

John Wilson Intellius Search

With a name that sounds that generic, there are only 99 entries in Public records, several of which are duplicates. How many lived in Florida? How many are in their 30s? How many, given the age group and locations, probably voted Republican? How many are or were married? Had children? Even if you know next to nothing about the person, you could easily know everything.

Let’s go back to the username for a minute. Usernames are unique strings of data, and can generally tell you something about the person behind them, as they were chosen; not given. This is going to be very difficult to explain without a username to go on, but doing so might just violate the rules here at Reddit. Believe me, I’d love nothing more than to give you a detailed example, but I can’t. Sorry.

Unique strings are great for searches. I prefer Google, but you should never rely on only one search engine. Search for that particular string, open up Notepad++ or a similar text editor, and paste anything remotely relevant in there. Also, paste the exact query you used, so you can go back and filter it down later.

Take that information and look for: * Forum posts * E-Commerce * Social Networks * Hotmail, Yahoo Mail, Gmail/Google, and Chat programs * University or related .edu sites * Random comments on blogs or other sites * Anything else

If you found the username in an IRC chat, try to see the IP when it logs on or off. If you found it in a forum, join up and read every single post the user ever made. All of them. Copy and paste them into another .txt. Keep doing this until you’ve copied everything and it’s respective URL.

If you find something useful along the way, pull that out and keep it in a final text; a dossier. This is where all the information you’ve narrowed down will go, but not yet verified.

Store all of your texts except the dossier in one directory. Use the search function to find States and Cities. Any time you get a hit, read it. This should narrow down a great deal for you. After you’ve exhausted that, it’s time to start reading everything. This might take a while, but you should really be getting to know your victim by now. You’ll have a great deal of insight into the victim’s mind, and you’ll probably start finding its friends among fellow internet denizens.

Look for any data concerning a career, education, location, friends, family, pets- anything that you can to paint a picture of the person. Even people that go to great lengths to obfuscate their identity let on much more than they think about their personal life. Use it.

If you haven’t found anything yet, search them. Eventually you will find something that links them to a birth name. Immediately go to Social Networks and find that person. Start looking at all of his or her friends until you find someone that most matches your target.

Once you have this, start working backward until you find a link between the two. If you find nothing, start over and try again until you do.

Here are a few good tools for this:

• Paterva’s Maltego, a data transform tool
• Creepy, useful for linking Twitter, Image Host, and Geolocational Data based on usernamnes

Once you have a name and an approximate age or some locational data it’s time to move on to the next section.

Identifying Your Victim

Nationwide Public Record Pay Sites

Let’s start with another Public Records Search. Oh, and just a reminder, we never pay for this. Ever. That’s how you get arrested, by using your own credit card to assist you. If you haven’t stolen one, you can’t use one.

Paul Johnson US Search

Notice how there are only 50 matches for such a generic sounding name? In a country with over 300 million citizens, you’d think there’d be thousands. There aren’t.

Depending on the information you have, you can attack this in a variety of ways. Say you only know a general age group for your victim, for example; 35-45. That would be numbers 2, 6, 11, 14, 16, 31, 34, 37, 40, 42, 45, 46, 47, 48, and an unknown- 49. 15 names you’ve pulled from an earlier 50.

Look at the other data here as well. Many of these men are related. Brothers, sons, fathers, uncles, nephews. They probably even live or have lived in the same household. Try to find a link between the information you have about the person and the data on the screen. Don’t discount the names you’ve wiped either, as they might be relevant. Look at relatives and (former) addresses. Take special care to note duplicate cities between separate entities- this is a sign that they are likely relatives, especially if the difference in age is 20+ years.

Search for the other relatives. Does he have a 19 year old daughter or son that just went to college? All of this serves to narrow your information to a specific person. Once you have that it’s time to verify your data and get the good stuff, but I’m going to cover a few more things first.

Telephone Directory

This is going to save you a great deal of time and effort before we start looking into government records; and by that I mean committing a crime. Take the list(s) you’ve created from the previous sections and go to the phone book. No, not the paperbacks silly, these:

• Whitepages.com
• YP Yellow Pages
• Anywho
• Switchboard
• ixquick
• 411.com
• Addresses,com
• Real Pages Live

I personally go with the three at the top of the list, but you can use whatever you like. Search for what you have, and don’t forget to search every state you have. You might not find the person you’re looking for, but chances are you’ll see an address and possibly a phone number. Keep what you find.

Now, and here’s the fun part. Once you have Phone numbers, do a reverse search and don’t limit yourself to one Telephone Directory. Search them all, as many as you can. Run the number through Google as well, or the search engine of your choice. You’re trying to do two things here: First, to see if the address listed in the phone book has changed or to get one if you don’t already have it, and second; to verify that the number still belongs to that person.

Yes, this is a lot of work.

Google Maps and Street View

Take the address(es) you have and run them through Google Maps or any other Map service you like. Get satellite and Street View images for extra credit. Capture the images and store them with the dossier. Be sure to save the links to both Satellite and Street Views with your Screen Captures, and place the links with each address. We’ll be revisiting this later.

Take note of the make and model of the vehicle, security/alarm company signage, animals, and anything else. Be sure to zoom in and verify the address on the house- often Google is off by a few numbers.

Property Shark

This is one of the few paysites I’d bother signing up with. You get one free report, but you can always sign up with as many throwaway emails as you like and milk them for free. Still, I’d go with the Property Appraiser in the next section before I’d trust them. Still, some jurisdictions make you pay to see records, or require you to visit them in person. When all else fails, you can get a decent detailed report here for free or cheap.

Property Shark Website

Facebook

Facebook is a personal favorite of mine, and actually deserves its own section. I’m going to go into greater detail in a later paper, but for now it serves to mention that you can gather a great deal of information about a person’s interests, family and friends through Facebook. I hate it for personal use, but love it for gathering data.

Limited Datasets and Inaccurate Information

An interesting situations can arise when you have limited data. In one scenario, I was trying to locate a person named Marybeth, but didn’t have a lot to go on. I had a picture of her and knew her general interests, but didn’t have much else; I was flooded with an array of Marybeths as I searched through phone books and Public Record Pay Sites. I’d guessed her age as being mid-20’s, but I was coming up with nothing.

Enter Wolfram Alpha. Wolfram Alpha is a complex online database created and maintained by the Wolfram Research Company, the makers of Wolfram Mathematica.

Marybeth Wolfram Alpha Search

It is exceedingly useful at pulling up data on a number of things, especially names. If you scroll down to the section that says “History for US Births”, you’ll see a graph that illustrates the birth (used to estimate age group) statistics for every Marybeth born between 1880 and 2012. It also cites sources, and is very accurate. Birth names are a trend like any other, and they rise and wane in popularity just the same. Take a look at the year on the graph where the line drops off. What was my mistake? I was looking for a twenty-something year old that was actually thirty-something. With that hammered out, I found everything else very quickly.

Gathering and Confirming Sensitive Information

An explanatory note: Everything in this section is illegal. Do we give a fuck? Hell no. Why should we? I only mention it because it is unlawful to access government records with the intention of committing a crime- or at least it says so on every disclaimer page I ignore and click through.

Clerk of Courts

This is, bar none, the most important place for gathering information on the internet. You can get all sorts of goodies here- but you’ll need to do some research. First, let me give you a little insight as to how this all works.

The United States is divided into 50 states, and within each state are separate jurisdictions- either counties, parishes, or burroughs. Within each county (etc), incorporated municipalities comprise their own separate jurisdictions. Incorporated municipalities and townships have their own police force, but property, criminal, civil, and family court is all handled by the county.

Some states allow you to search for records statewide, some don’t. Some states have counties with limited to no online access, while other counties have state of the art records you can download as PDFs or TIFFS and others. If you have an address, you’ll know the city and state- you’ll need to look up the county. Wikipedia is your friend.

Once you have your county you can search by name, docket if you know it, or a few other methods. You’ll find a bunch of listings for Judgements, Agreements, Annulments, and documents of varying use. Grab them all, particularly Mortgages, Deeds, Marriage Licenses.

This is what they look like, but some jurisdictions differ slightly:

• Sample Louisiana State Marriage License
• Sample Mortgage Agreement

Marriage licenses always contain ( for both parties):

• Date of Birth
• Full Names
• State of Birth
• Mother’s Maiden Name

Mortgage Agreements and Deeds/Titles generally have this speech:

Grantor [Previous Owner] Grantee [Current Owner]

[Party 1’s Name], a (un)married man, and (if married) [Party 2’s Name], a married woman, are Granted the property at [Address] on this date of [Date] by [Party 3’s name]

You’ll want to confirm this with the information you have. You might find that they’ve sold the property and moved. Another thing to keep in mind is the fact that SSN’s are redacted on these documents, and often family court documents are censored or unavailable. Don’t be discouraged. These are not scanned into the server by hand, but are done in bulk by overworked bookkeepers.

They use pattern recognition software to find SSN’s, or redact them in places where they commonly appear . Sometimes the paper goes in at an angle, leaving a SSN only partially or entirely unredacted. If you know some of it, you can figure out the rest. Plenty of Public Records Pay Sites allow you to search by SSN for free, and try to get you to pay to see the whole record- but you always get the name. Only know 5 of the nine numbers? Brute force that shit. Why not?

Finally, you’d be surprised to see how many times I’ve found a SSN in places where it shouldn’t appear. I found one in the middle of a paragraph on a court document detailing a court case where a woman was charged with petty theft. It had no reason to be there, but it was. Just don’t give up.

Property Appraiser

I love the Property Appraiser. Few things say as much about a person’s net worth like the value of their home. Some of the older systems can be a bit wonky, but most allow you to search by name, address, and a few other listings. You can see floor plans, additions and the dates they were added, previous owners, and tons more. Some jurisdictions allow you to download the entire database, which I always do whenever I’m given the opportunity.

Remember when I said we’d revisit Google Maps? This is when we do it. The resolution at most CIS(or GIS, I forget) and related systems is crap. Make sure the house they own is the one you took a capture of. If it is, kudos; otherwise find the right one and grab some more pictures. I’d get as many angles of the house as possible- you’ll need them if you ever plan an entry…

Department of Corporations/Commerce

Every state has one. This is the state registry of businesses, be it a Corporation, LLC, Sole Proprietorship, Doing Business As(DBA) or Fictitious Name, or others. Look them up my Registered Agent Name to see if your guy runs it. The only problem is that not too many states allow you to access this without paying a fee or showing up in person.

Still, you can really get a good idea about your victim’s net worth if you know the value of his or her business and home. Also, you can use this information for Purchase Order fraud, provided you have or can make a letterhead for their business.

In the next part I’ll detail some of the hacks you can use to make money and/or completely fuck someone’s shit up for life with the information you’ve gleaned here.

 

 

Networking Cheatsheets

Here is a collection of networking cheat sheets, they are available in PDF format and are really useful.

Ethernet Specifications tips

Network Implementation Tips

Network Management tips

Network Security tips

Networking Basics tips

Troubleshooting Tips

Wide Area Network Tips

Wireless Networking Tips

These are also available in DOCX format upon request.

Name(required)

Email(required)

Comment(required)

Submit

Δ

Viruses, Spyware, and Annoying Ads

This article will cover Viruses, spyware, and advertisements on the internet. The purpose will be to inform and help the user decide on the best anti-virus, anti-spyware, and the best ad blocking solutions.

Viruses

Wikipedia defines a virus as a “a computer program that can replicate itself.” I tend to agree with that statement, Normally Viruses cause stability issues with your system. They can also cause loss of data/theft of data. Some viruses masquerade as legitimate programs, and trick the user into installing them. To combat this, several companies have developed anti-virus programs that scan your computer to detect, quarantine, and remove these threats. I will be listing several commonly used anti-virus programs, as well as best practices when using them. Before I go into detail about the various anti-virus programs, let me explain some concepts and keywords.

Scheduled scans – Allows you to set a day (say once a week, or only on Tuesdays) and a time (4pm, 5am, etc.) for the anti-virus scanner to scan your computer. This will happen automatically at the set time. One thing to note however, your computer may be unusable during the scanning period, so it is recommended that you set the time and day to be when you know you will not be using your computer.

Real time Protection – Real time protection means your computer will check all files being downloaded, or attempting to run automatically, and quarantine them if they meet a set criteria. Almost all Anti-virus scanners support this feature, and it uses virtually no RAM or CPU usage, so it is best to always leave it on.

Excluded Files/Folders – Allows you to specify certain Files and Folders to ignore while scanning. It will not quarantine or delete any files/folders you specify. You may wish to use this option when you have a program that you know is one hundred percent safe, yet your anti-virus scanner removes it. (One example would be using Cain and Able, due to the nature of the program, most Anti-virus programs delete it, but it is safe.)

AV or A/V – Anti-Virus or Antivirus shortened.

Database – In context of anti-virus/spyware scanners, the database is a list of files/folders that are confirmed to be malicious. It is rapidly changing and you will be updating it a lot. Thankfully, most anti-virus programs do this automatically.

 

 

Anti-Virus Programs

Microsoft Security Essentials – Works on Windows XP,Vista, and Seven, both 32 and 64 bit versions. One thing to note, you must have a valid copy of windows to run this software, it will not work with pirated versions. MSE allows scheduled scans, supports real time protection. It also allows you to send information to Microsoft when it detects suspicious program actions (it helps them build their anti-virus database.) Also a cool thing to note, this program uses very little resources, so it is perfect for laptops/netbooks that don’t have a lot of ram. I have also personally used this application for years, and have never had a problem with it, so I would recommend it. You can download it from here:

http://windows.microsoft.com/en-us/windows/security-essentials-download

AVG Free – AVG only works on windows XP, Vista, and Seven. AVG free supports real time protection, and Scheduled scans. The pro version (Titled AVG Internet Security 2013) Supports more features such as link checking, instant message checking, email scanning, and a tune up utility for your computer. You can try the pro edition for free for 30 days, or buy it for $59.95 Website is here:  http://free.avg.com/us-en/homepage

ClamAV – Clam AV works on Windows XP, Vista, Seven, and various flavors of Unix/Linux. This is a more advanced anti-virus scanner, and it is recommended for experienced computer users, it supports real time scanning, scheduling, built in support for almost all mail file formats, anti-virus database is updated three to four times a day. One other thing to note, it has an interesting feature called “command-line scanner” which allows you to run a scan from the command line. This is really good for computers with very low ram. (Personally I have used it on my Raspberry Pi microcomputer that has only 256 MB of ram.) This program is open-source, and free. Website can be found here:  http://www.clamav.net/lang/en/

Kaspersky – Commercially available anti-virus solution, Works on Windows Vista, Seven, and Eight. It is subscription based, requiring you to pay a certain amount of money every year to continue using it. It supports Scheduled scans, Automatic updates, Technical support (Via Email, Live chat, and phone.) and a feature called rollback, which, if forever reason Kaspersky anti-virus can’t delete a virus on your computer, it will roll it back to the last usable date. It can be bought from amazon, Bestbuy, or their official website here: http://usa.kaspersky.com/store/kaspersky-store

Anti-Spyware

Several people during the course of this project asked me: Why do I need anti-spyware protection When I already have anti-virus protection; To put it simply, Spyware is different from Viruses, traditionally Anti-virus and Anti-spyware programs are separate applications. One interesting thing to note: Most anti-spyware programs do not have real time protection, or automatic scanning, and must be done manually. Scheduled scanning, however, can be used.

Spybot S&D – It runs on Windows XP, Vista, Seven, and Eight. Spybot Search and Destroy is the best spyware scanner out there in my honest opinion. It can scan for spyware, malware, and rootkits; it supports a registry scanner for fixing issues caused by spyware.  It also have a two paid editions, named Home and Professional, which cost money, but offer more features. The website is here:  http://www.safer-networking.org/

Malware Bytes Anti-Malware – Also known for short as “MBAM” it runs on windows XP, Vista, and Seven. It supports scheduled scanning, Advanced malware detection and removal, Email/Forum support, Multilanguage support, Zero day protection, and a myriad of other features. There is a free version and several paid versions, I personally used to use this as my anti spyware/malware solution, but then it got too resource intensive in my opinion. That doesn’t mean it is a bad choice however. For more information on MBAM, the official website is: http://www.malwarebytes.org/

Advertisements and Scripts

For this section I will be listing a good ad blocking tool as well as some utilities that makes you safe online. I want to make two things clear however. 1. Some of these applications may require some advanced knowledge to use effectively, so reading the manual is important. 2. I understand ads are important for people, some websites solely run off of ads to make money, I just don’t agree with them, and believe people have a choice in the matter.

Adblock Plus – also known as Ad-block + or ABP, this is the de-facto Best ad blocker hands down, it installs on almost all web browsers (Firefox, Chrome, Safari, Opera, As well as mobile versions of those browsers.)  To put it simply, it blocks advertisements from displaying in videos and websites. It is updated automatically by whitelists, which can also be configured manually. There is one option that allows unobtrusive ads to be displayed, I would strongly recommend leaving it on.  Their website is http://adblockplus.org Another thing to note, this website should AutoDetect which web browser you are using, so it is a one click download/install.

Noscript – Only for firefox. Noscript blocks javascript, java, flash, and other plugins that are malicious. This plugin requires advanced knowledge to use however, as it blocks everything by default, so you will have to create a whitelist to suit your needs. It can be found here: http://noscript.net/

Ghostery – Runs on almost all web browsers in existence. Works almost identical as Noscript, but with some key differences: It is more user friendly, reading the manual is still highly recommended though. It can also  show you which websites are trying to track you. (For example; online shopping sites.) It can be found here: http://www.ghostery.com/

Backups Strategies

As a college student, backups are important, you could say the might even effect your grade! Ever lose an English essay due to a faulty hard drive or Flash Drive? And it was due the next day. What if I told you that there are programs out there that allow you to back up your data, automatically and easily?

Before I go into specific programs and methods, let’s talk about different backup mediums, as well as the pros and cons of them.

Mediums

Hard Drives – Hard drives normally come in two flavors, Internal (as in, the kind in your desktop or laptop computer) and external (the kind that plug into your computer’s USB ports, and sometimes require AC power to operate, although some are small enough to use USB power.) For most people, they buy external hard drives to back up their data, which, is good. However, external hard drives are prone to failure, and should not be your only source of backing up data. There is also several variables for external hard drives such as Read/Write speed, manufacturer, size, and type.

Universal Serial Bus Drives – aka USB or Flash drives are great for short term solutions, although care should be given when using them. (I can’t tell you how many times I forgot I had one in my pants pocket, and then it went through the washing machine.) usb drives come in a variety of sizes, Normally you can easily find a 8GB drive for $20 – 30 on amazon or bestbuy, depending on the brand. I should make a point though, They should Never be relied on for long term use due to the fact that they have a limited Read/Write cycle, I will admit the “shelf life” of usb drives are improving, as technology improves.

Secure Digital Card – aka SD card for short, is primarily used in Digital cameras, and mobile devices (although in mobile devices, it is a Micro version of the SD card, it is the same technology.)  They have almost comparable speeds to flash drives, but are rated by “Classes” so a Class 10 SD card will have better Read/Write speeds then a Class 6, they will also cost more/less. For desktop computers, you normally have to buy a SD card reader to read the cards, most laptops/netbooks have them built in though, which is why it is a great short term solution for backing up your data, Coupled with flash drives makes it even better.

Optical Discs – Although Hard drives, Flash drives, and SD cards offer more storage space then Most optical discs they are less reliable in my opinion. Back in 2004, I used to use CD’s to backup data often, the downsides were slow write speed and low capacity at the time (700mb) But now more modern mediums have surfaced such as Duel Layer DVDs, BluRay Discs, Regular DVDs, etc. I could spend a whole article on just optical discs alone, but I will try to boil it down to the important bits: DVD’s if properly maintained, are a good way to back up your music, movies, games, and documents; this also applies to Bluray, although Bluray discs are still expensive to buy, and the writers/readers are expensive.

From left to right: USB drive, SD card, Micro SD card, External Hard drive (USB Power) External USB drive, (AC power) Optical Discs

Now on to programs; several programs exist for backing up your data to the cloud. Some of the more popular ones are: Dropbox, Evernote, Mozy, and Carbonite.

Programs

Dropbox – Bills itself as a “sync” service, I personally use it to back up my essays, scripts, and articles I write. This application works on Windows, Mac, Linux, Android, Apple IOS, Blackberry and Web Browsers. By default you get 2GB’s of storage space to use, and can easily get up to 18GB if you referral people to sign up for drop box. Upon installation, you specify a folder on your device to use for Dropbox, and anything you put in the folder in then synced with drop box’s servers, and then with any other devices that you have dropbox installed on. You can even share folders with other people, so if you are working on a project, they can get the most up to date version. There is a paid version, if you want more space, they even offer business accounts as well. Plans and more information can be found at their website.    https://www.dropbox.com/

Evernote – Mainly used for note taking and essays. works on IOS, Android, and Windows. This software really isn’t intended for backing up regular data, and would only work good if you like working on your college essays on your mobile devices (I have seen people do that though.) When First installing Evernote, you create your first “Notebook” to keep all of your stuff in. (If you have used Microsoft’s Onenote then you will feel right at home here.) There is a paid version for this application, after some research it appears that the paid version might be worth it. More information can be found here: https://evernote.com/evernote/

Mozy – Mozy offers a home edition of their backup software, It currently runs on Windows and Mac. You get 2GB of storage space, the main feature about this product, in my opinion is that it supports automatic or scheduled backups. (Which means, you can specify and time and date to backup files) You can use your mobile device (IOS and Android, no love for blackberry it seems.) to view files on the go, but not backup anything from those devices. Mozy also offers a cheap plan if you want more storage space you can purchase a paid plan. More information here:

http://mozy.com/home/

 

 

Carbonite – Runs on Windows and Mac. Uses Scheduled and automatic backups. US Based customer support. You can try this software for up to 15 days for free. After that you have to buy a paid plan, paid plans vary in pricing, the cheapest plan they have is listed at $59 per computer per year. I would normally say that is pricy but, they allow unlimited storage space, you if you only have one computer, this may be the best option for you. Their website is here: http://www.carbonite.com/

Methods

So far I have given you mediums and programs to back up your data, now we will take about methodology aka when should I? Most people I have talked to while writing this article only back up data when needed (example: I finished writing an essay, so I backed it up to my flash drive.) Which is fine in my opinion, but you can do so much better with automatic backups (Example: telling windows to back up my documents every Sunday at 1 am to my external hard drive.)  Normally you want to do automatic or scheduled backups when you are not using the computer, due to the fact that programs will be slow. I personally backup my laptop every Sunday night, at 11pm.

Some people only do backups on the weekends, and a few people I know backup stuff on the weekdays, you need to find what works for you, also you need to stick with it, and don’t forget to back up your data if you’re not using automatic schemes.

Conclusion

This article informed you of the various mediums you can use for backups, special programs which you can use, and methodology, you should now be able to effectively preserve your digital files.

Passwords, managers, and security questions

The purpose of this article will be to inform/educate students in good password policies, commonly used password managers, and security questions.

Developing good passwords are important in this day and age. A Decade or so ago people thought using simple easy to remember passwords were ok, which they were, an example of one of these would be “detroittigers” but nowadays, with the ease of cracking or brute forcing passwords, It is vital to ensure you have a strong password, One example of a good password would be: SunShine45AcP%

A good strategy would be to develop a password based on this criteria: 9 – 16 characters, Uppercase and lowercase letters, as well as numbers and special symbols (if the website in question lets you use special symbols.)

Although it may seem hard to develop and remember a password such as this, fear not! Because you can download and use special password management software.  What this software does is allow to you have one “master” password  to unlock your password “vault” which allows you to view your saved passwords.

This is a picture of the Keypass password “vault”

An important thing to note about password managers they require administrator access to run however, keypass allows you to download a version that can be ran from external media (Flash drives, SD cards, and external hard drive disks.) You can also download keypass for your mobile devices (Android store and IOS.)  Some additional features on these password managers may include: The ability to randomly generate a password based on a certain criteria. Almost all of these managers are free to use, and download.

Now for security questions, a good rule of thumb is to never use default security questions (For example, where were you born is a bad example of a security questions because it is relativity easy to figure out your place of birth.) Instead, try to create a good security question, don’t make it extremely personal, but something that is hard to guess about you, but easy to remember.

My old cyber security essay

This is an essay I wrote in college, it is a year old but it still has some knowledge to be gained by reading it.

22-Mar-11
Exemplification Essay:
Some people don’t think computer Maintenance is important, but I Disagree, it is essential to maintain your pc.
Almost everyone uses a computer at some point in their day; it might be some simple things such as typing an English essay, sending an email, or browsing the internet; or something complex, like coding software, developing a video game, or making the next big viral video. But did you know it would be lost to viruses, spyware, and other things on the internet, without properly securing your personal computer, you can, and most likely will get a virus; and be forced to reformat, or delete all the data on your computer.

There are several pros of keeping your pc up to date, by up to date I mean running Windows update, keeping your anti-virus updated, anti-spyware updated, running defragmentation utilities once a week. I have been keeping my pc up to date and have rarely gotten a virus. Also as an added bonus, my computer has been very fast, webpages load up quickly, and my laptop boots up very fast now.
There are negative outcomes of not keeping your computer up to date, such as, there could be key loggers; which will capture your keystrokes and send them to the person who installed it on your computer, Trojans; which give complete access of your computer to a stranger, and more importantly, these viruses will cause you to lose your data, and if you using online banking you might even get your account hacked, and might possibly lose your money, or have it tied up for a very long time. Some other effects would be: your pc is very slow, it takes forever to run basic programs such as word, or internet explorer, some webpages like Microsoft and other anti-virus websites will refuse to load on your browser. One time I had a virus on my computer, and I didn’t realize it, within three days of having a virus I lost access to my email account, bank account, and several other important things; all because I did not have anti-virus installed on my computer at the time.

Some Popular anti-virus programs on the internet today are: AVG, Avast, Microsoft security essentials, Kaspersky, Norton anti-virus. The most important thing an anti-virus program should have is real time scanning, which means the program will constantly scan your computer for viruses. If an anti-virus program does not have real time protection, then you will have to manually tell it to scan, which is bad because if you get a virus, you won’t know it until you scan your computer, which could take hours. With real time protection it is instant. Most free anti-virus programs offer real time protection, but there is still a few that don’t, so I would stay away from those. I personally use Microsoft security essentials on my laptop, it is lightweight, and doesn’t constantly bug you about updating, as a plus, it is completely free, and can be found on the official Microsoft website; or by searching for Microsoft security essentials on Google.

For anti-spyware programs, there are several to choose from as well, they are: Spybot Search and Destroy, Malware Bytes Anti-Malware, Web root Spy sweeper and Windows Defender, Which comes preinstalled with every computer running Windows Vista and Windows 7. You should run an anti-spyware program and scan your computer once a week. It will get rid of spyware, and other unwanted programs that anti-virus programs will not pick up. I personally use Malware Bytes Anti-malware because it is very simplistic, and gets the job done.
Firewalls come built in with every copy of windows, not much to say about those. Normally it is on by default, so you don’t have to worry about it, and most Routers come with their own firewalls. No matter what anyone says, Do not disable the firewall on your router, because it will open ports to your computer, think of it is as leaving the door open to your house so everyone can just walk in and take your stuff, you wouldn’t want people to do that.
There are also some other things you should run on your computer at least once a month, such as a program called Ccleaner, that program frees up space on your hard drive, it deletes your temporary internet files, cookies, browsing history, and some other files that are created by various programs that can be deleted. Another thing you should do either monthly or once a week, depending on how much you use your computer, is run a disk defragmentation utility, which will speed up your computer greatly. Several popular programs are: The built in utility that comes with Windows called Disk defragmenter, or Defraggler, which is what I use, and was made by the same company that made Ccleaner.
As you can see computer security can be overwhelming at first to new people, but in the 21st century it is vital to maintain your computer, it’s like changing the oil on your car, you just have to get it down, and I feel the same way about computers.

What is the purpose of this blog?

This blog, is being written by me (caboose10392) to help users understand good security practices, I hope to inform the general public on good password policies, smart browsing habits, and other cool things.

The target audience for this blog is ideally everyone, from the security professional, to joe blow at home. I will be writing articles relating to networking (subnetting, troubleshooting, TCP/IP, Cisco) security (Good practices, tools, software.) and linux (How to use it, mastering the command line interface, distro reviews.)