Hacker 10 – Security Hacker

Category: Security

Computer Security

  • Ways to find out your IP Address

    Ways to find out your IP Address

    The easiest way to learn your computer IP address is by visiting one of the dozens of sites that perform an IP look up on the screen, the best websites will add extra information like browser language, installed plugins, ISP and even show a map with your approximate location in the world, this is the same information a webserver gets when you visit it, it is often used for targeted advertising purposes up to the point that US surfers from the West Coast will be shown different advertisements from those in the East Coast if Google or Bing feel like it.

    NetIP.de: You are shown your IP, Hostname, country, region and city, with a big map and a pin indicating your geolocation, they offer a free widget that can be integrated on your website and a toolbar showing your computer IP for Internet Explorer and Firefox.

    Infosniper.net: Infosniper shows your computer IP, country, region, city and if you don’t like Google Maps, Infosniper can be changed to show your geolocation using Yahoo Maps or Windows Live Maps instead, visiting this website with a VPN shows the ISP/Organization, this is useful to know what company the VPN service has rented its servers from.

    InfoSniper find out computer IP address
    InfoSniper find out computer IP address

    IP.cc: A quick to type URL to learn your computer IP address, it takes less time to load than a map, it will also let you know your browser language settings which can be used to know your native language even if your are using a proxy, browser language set up is visible by all websites you visit, it can be changed using browser settings, IP.cc  also tells you if Java and Javascript are enabled.

     NOTE: You might be using a VPN proxy server physically located in for example Germany, and you could notice that some websites detect your computer IP as located somewhere else, like for example the Netherlands, this happens because although the server is located in Germany, the company that owns that server is located in the Netherlands. A web based look up tool will correctly identify your IP geolocation, but advertisers and music or video services might not, as far as they are concerned if the company is Dutch, they will show you Dutch adverts/services believing the company that owns that webserver is your local ISP.

    Find your computer IP address in Windows

    1. Go to the Start button (Windows logo), type the words cmd or command in the search box and click on enter to launch cmd (command line Windows), type netstat -n to see a list of active connections, these are all of your computer Internet activities, your IP is listed under foreign address, the number after the colon (:) is the port number your computer is connecting to, port 80 is for http traffic (web browsing), 21 for FTP, 143 for IMAP, etc.To see more information on what programs are connecting to the IP addresses shown type netstat -nab
      How to find your IP address using Windows cmd
      How to find your IP address using Windows cmd


    2. Go to Windows command prompt as explained above and type ipconfig, your computer IP address is listed where it says IPv4 (unless you are using IPv6), if you are using a wireless router you will notice that IPv4 is listed twice, one of them belongs to the Ethernet (wired) connection, and the other to the Wi-fi (wireless) connection, to find out advanced information like your hostname, DNS server and MAC address then type ipconfig /all

    NOTE: If you are using a proxy server to connect to the Internet, Windows command prompt will show your real IP and not the VPN or proxy IP you are using, you will still be surfing anonymously on the Internet. You require administrator rights to launch Windows command prompt.

    TIP: If you would like to know your network card physical address type getmac -v in Windows command prompt (cmd), this address is not visible to the websites you visit but your Internet Service Provider or Wifi Access Point will see it when you lease an IP from them, it can only be changed using special software (MAC changer).

    Find out your IP address with Javascript

    You could set up simple find your IP address website on your own webspace, a free webhost can do the trick, all you have to do is to upload a single HTML page with a small Javascript code inserted in between the <head></head> tags,right before the <body>, HTML code placed inside the <head> tags is not visible to visitors, it is used to instruct the browser where to find style sheets or to place scripts.

    Javascript code to show IP address

     Find out if your IP address Is static or dynamic

    Most ISPs will use the Dynamic Host Configuration Protocol (DHCP) to assign you an IP address, the computer IP address will change with each connection/disconnection, the longer you stay disconnected from the Internet, the more chances there are that your former IP address will be given to someone else. A static IP address remains always the same, they are typically used for routers (corporate) and servers that need to have a permanent IP as this is linked to applications and hardware.

    The most obvious way to find out if your ISP or network administrator has assigned you a static or dynamic IP address is by asking them, if you are unable to do this another way is by disconnecting your computer from the Internet and see if you are given the same IP address when you reconnect, make sure to allow some time in between disconnections so that the DHCP server can reassign the old IP to a different user if you are in a dynamic IP environment, if nobody else requests an IP from the server while you are disconnected you will be given the same IP address and it will look as if it is a static IP.

    ipconfig all Windows command prompt
    ipconfig all Windows command prompt

    If you have administrator rights launch Windows command prompt (cmd) and type ipconfig /all you will see a line that says DHCP Enabled indicating Yes or No, if it says yes then you have a dynamic IP address.

    You can force a DHCP server to give you a new IP by releasing the connection and typing ipconfig /release which will terminate your Internet connection, after a few minutes type ipconfig /renew to get a new IP.

    If you do not have administrator rights, unplug your network cable from the computer, this will disconnect it from the Internet, wait for some minutes, and reconnect the network cable, now you can see if a new IP has been assigned or you keep the old one indicating it is a static IP address.

    Microsoft ipconfig syntax and options

  • List of free online antivirus scanners

    List of free online antivirus scanners

    Once malware has entered in your computer the first thing it might try to do is to disable your antivirus and firewall, online antivirus scanners can scan all of your hard disk, not just a single file, the great advantage of online antivirus scanners is that you will be sure that it has been updated and it can not be disabled because it resides on a server, the disadvantages are privacy concerns as you will have to allow access to your computer files and having to install ActiveX or Java.

    It is recommended that you temporarily disable your offline antivirus software before scanning your computer online with a second antivirus, it will not harm your operating system running both antivirus but it will slow down the scan.

    List of online antivirus scanners 

    ESET antivirus online scanner: Using the same ThreatSense® scanning technology and signatures than ESET Smart Security and NOD32 Antivirus to detect well known Trojans, viruses and warms, it detects zero day Internet threats through heuristics (a way to detect software malicious behavior), it requires administration rights and ActiveX enabled in Internet Explorer to run, supported browsers include Firefox, Opera, Safari and Chrome.

    It includes rootkit detection and you will not have to register any details to use this online antivirus scanner, one click is all that is needed after installing the components, they can be easily uninstalled once finished, a log file will be stored locally indicating what actions have been performed by ESET antivirus in your computer. You can select specific folders or files for virus scanning, when it detects malware it will delete or quarantine them in a special folder, quarantined files can be restored later on if you are convinced it is a false positive.

    ESET online antivirus scanner
    ESET online antivirus scanner

     

    BitDefender antivirus online scanner: Bitdefender Quickscan runs in the cloud and detects malware and spyware, it uses very low Computer Power Processor as most of the action happens in the server where the antivirus software is hosted, you can scan your PC by visiting Bitdefender online antivirus website or installing a browser extension or widget, bear in mind that this antivirus will only detect malware that is active already in memory, inactive virus bodies are not scanned.

    Bitdefender is a paid for antivirus software and you can now scan your computer online for free using the same antivirus signatures that their paid product uses, however there are no configuration options like the offline version has.

    Bitdefender antivirus online
    Bitdefender antivirus online

     

    F-Secure antivirus online scanner: It needs Java installed in your computer to run, it will flag tracking cookies as spyware, and they actually are, just do not be scared when you see the word spyware next to a cookie as it is easy to remove.  You can run this online antivirus in multiple languages, just choose your preference before starting the scan, there is no need to install anything as everything runs in Java.

    F-Secure online antivirus scanner
    F-Secure online antivirus scanner

     

    Zoner antivirus online scanner: It can scan Windows or Linux computers for viruses using Internet Explorer, Firefox and Opera, it only needs Java to run. It uses signature based virus detection, an appropriate system to detect well known malware by comparing file contents with their database, complex and new viruses are detected using dynamic code emulation which simulates the execution of a program to see what it does, dynamic and static heuristic analysis is used by Zoner AV to detect malware, compressed files (.zip, .rar, .7z, .gz, etc) will be automatically unpacked to scan them for viruses.

    Zoner antivirus online scanner
    Zoner antivirus online scanner
  • Free personal firewall Privatefirewall review

    Free personal firewall Privatefirewall review

    Privatefirewall is an all purpose firewall with real time monitoring and intrusion detection, unlike Windows firewall that only monitors incoming connections, PrivateFirewall checks and blocks outgoing malicious trojans, in addition to monitoring computer processes and the registry which Windows firewall also leaves out. Privatefirewall is very easy to install working right out of the box after a computer reboot, it integrates tightly in the Windows Security Center disabling the built-in Windows firewall.

    Running two firewalls at once could block some applications inadvertently, it is good practice to only use one, if firewalls rules were to conflict in between them there is no saying on what the network would do, to secure your computer a single firewall and a single antivirus is enough, you could run a hardware and a software firewall but once again, rules could conflict and it would not keep you much safer on the Internet.

     

    Windows firewall alternative Privatefirewall
    Windows firewall alternative Privatefirewall

    Privatefirewall allows you to create a list to blacklist or whitelist (trusted) websites, everything that happens is logged in case you want to look up suspicious activities or just learn what certain installed application is connecting to on the Internet, emails are monitored to detect anomalies, like sending 100 emails in under 5 minutes, a strong indication that some kind of bot is doing that, the firewall rules based filtering allows for customization of individual software blocking Internet access to selected  programs while letting others through.

    Privatefirewall main features

    • Packet filtering supports IPv4 and the new IPv6 addresses
    • Antihacker protection checks software behavior to identify malware activities
    • Email anomaly protection protects against own computer being used for sending spam
    • Advanced application management restricts programs rights, like executing code

    Privatefirewall has a multilayered approach to computer security, it controls the way applications and processes operate in your computer, it detects Windows registry key value changes and stops untrusted executables being launched by camouflaged malware, popping up an alert when that happens, the firewall is lighter in resources than Comodo and ZoneAlarm, very easy to use for newbies, it comes with three preset profiles (home,work, on the road) with semi advanced control management for experienced users, definitely much better than the built-in Windows firewall and free for personal and commercial use, it seems like a bargain, specially indicated for those wanting a firewall for their tablet or notebook due to the few resources it uses and the “on the road” profile for mobile users.

    Visit Privatefirewall homepage

  • Test for intrusion detection with Patriot NG

    Test for intrusion detection with Patriot NG

    Patriot NG is a real time monitoring tool keeping an eye on changes in your Windows operating system and network, the program warns you of registry changes, new files in the Startup directory, new users being added, new services, changes in Windows host file, new scheduled jobs, Internet Explorer alteration(toolbars,configuration changes), changes in the ARP table (used for man in the middle attacks), opening of ports by new processes and anomalous network traffic.

    This is a good tool to catch zero day threats, Patriot NG relies on software behaviour to predict if malware is changing files instead of using signature files like antivirus software without heuristics does.

    Patriot NG IDS system
    Patriot NG IDS system

    If you suspect your computer has been infected by a trojan the first thing to do should be detaching your router to stop all Internet access, if someone has managed to infect your computer they can disable intrusion detection tools and send you updated malware via the Internet. After you have disconnected your router an antivirus, anti-spyware and anti-rootkit software should be run in the computer until something is found.

    An Intrusion Detection System (IDS) tool is best used by people with good computer knowledge, newbies might not realise that they are giving access to a trojan horse since malware is normally disguised and named as something else, the user will need to know some basic operating system files (locations&names) to understand what is going on.

    Visit Patriot NG homepage

  • Cloud forensics tool OWADE pulls online services data

    Cloud forensics tool OWADE pulls online services data

    One of the problems that traditional computer forensics has is that lots of information is stored on the cloud, MSN, Yahoo, Skype, Dropbox, GoogleDocs, Facebook, etc, online data is accessible with a court order but that involves lots of paperwork making the investigation more complex with the physical data still unsecured and in some cases with the server located offshore out of local authorities jurisdiction. OWADE (Offline Windows Analysis and Data Extraction), is an open source cloud forensics tool developed by a Stanford University team and launched at the BlackHat 2011 security conference able to extract information from cloud services that a user has accessed in his computer.

    Cloud computer forensics diagram
    Cloud computer forensics diagram

    OWADE can reconstruct Internet activities and search for the online identities that have been used, Encase and FTK (The Forensics ToolKit) can already do this, OWADE advantage is its ability to decrypt files ciphered using the various Microsoft built-in encryption schemes, like Syskey and DPAPI (Data Protection API), OWADE combines its ability to decrypt Microsoft encryption algorithm with traditional data extracting techniques in order to access Skype chat history, decrypt Internet Explorer stored logins & passwords, by cracking the Windows user password, or access  historical Wi-Fi location data stored by Windows, providing a list of access points with dates and times.

    Traditional computer forensics software has a hard time reconstructing cloud services data stored in the hard disk due to Windows scattering everything across multiple files and encrypting some portions. OWADE does not pull data from the servers, the data was downloaded on the hard disk when the user accessed the service, what OWADE does is to search, decrypt and put together all of the cloud personal accounts, logs, logins and passwords that have been accessed.

    This tool is still being developed, an Alpha version (not stable) has been released, and it can only analyse the Windows operating system.

    Visit OWADE homepage

  • Jitsi the encrypted chat software with VoIP and video

    Jitsi the encrypted chat software with VoIP and video

    Jitsi is an instant messenger with VoIP and videochat compatible with any other IM software supporting SIP (Session Initiation Protocol), an application layer protocol for voice over IP, XMMP/Jabber (Extensible Messaging and Presence Protocol), an open standard communications protocol used by Google Talk and most open source instant messengers, MSN/Windows Live Messenger, AIM, Bonjour, ICQ, Yahoo Messenger and Facebook chat, one of the few not supported IM is Skype.

    Call encryption is implemented with SRTP (Secure Real-time Transport Protocol), a protocol with no effect on voice quality providing encryption using the AES cipher as default, authentication and message integrity, together with ZRTP, an open source protocol from Zfone for public key encryption in VoIP chats that can also be found in secure Linux instant messengers like SFLphone.

    Jitsi encryption chat software
    Jitsi encryption instant messenger

    Jitsi IM main features

    • Encrypted audio and video calls
    • Support for most instant messenger software
    • Call recording in SIP and XMPP (MSN in progress)
    • File transfer preview, small photo thumbnail preview before accepting file

    This secure instant messenger will encrypt video and voice calls across all services, including group chats, besides that, feature wise is pretty basic with little to show other than emoticons, text formatting, file transfer preview and avatars, this is a useful chat software with IPv6 support for those who care about privacy and security in VoIP and video conferences with no interest in playing songs while chatting or changing the IM skin/looks, a great IM for businesses due to its security and lack of bells and whistles that tend to reduce productivity while chatting, the messenger itself can be password protected and passwords are stored encrypted.

    Visit Jitsi IM homepage

  • Lock a computer screen with ClearLock

    Lock a computer screen with ClearLock

    If you have a user password set up in Windows clicking on “Windows key +L” on the keyboard will quickly lock your computer but you will not see what is going on behind the screen lock. Clearlock is a free Windows utility to lock Windows while you are away, using a transparent layer that allows you to see what is going on in the background with just a quick look without the need to unlock the computer, ClearLock has a nice 3D like GUI and there is no need to install it.

    ClearLock a transparent computer screen lock
    ClearLock a transparent computer screen lock

    After entering the wrong password three times there will be a five minutes delay before granting another attempt, the number of  invalid password entries are logged, you would be aware of them once you come back to your computer. If you forget your password while the screen is unlocked delete the .ini file inside the program folder to reset it, if the screen is locked you will have to reboot your computer.

    This screen locker is a low level protector designed to stop low skilled adversaries, like children, from accessing your computer while you are away, determined serious opponents could plug in a USB thumbdrive in your computer and use Windows autorun feature to run a malicious script to pull your RAM memory and your screenlock password with it or even image the whole hard disk without you knowing.

    Visit ClearLock homepage