User Account Control (UAC) is a feature introduced in Windows Vista to improve the security of Windows by limiting applications to standard user privileges until an administrator authorizes an increase in privilege level. For instance, you’ll see a notification like this every time you run an EXE file.

While it could be an useful security feature for inexperienced users, there have been complaints that UAC notifications slow down various tasks, such as new software installation when the user sure that the installation file is 100% safe.

To disable UAC, first go to Control Panel\User Accounts, then click on “Turn User Account Control on/off”

Un-tick the check box and proceed by clicking OK

And finally, you’ll be asked to restart the computer, the usual way of how Windows works :-)

After that, you’ll be able to enjoy the level of freedom and convenience you had in Windows XP, of course you must still practice caution and prevent any malicious files from running on your system.

First off all, download the plugin from here and extract the content to your root of your UltraVNC folder (defaulted to “C:\Program Files\UltraVNC”). Note: extract to the root of the folder and not the plugin folder (that’s just a container).

Server Configuration
Now on your UltraVNC Server and you should see MSRC4Plugin in the DSM DSM plugin drop down box.

Check Use and hit the Config button.A MSRC4 Plugin Configuration window will pop up.

You will notice that there aren’t any encryption plugin keys present(naturally since we haven’t created any) so make your first key. Select the default 128 bit hit Gen Key.The configuration tool will close after generating the key and this key will be used from now on on every client computer to allow you to view your server running on that specific key-based encryption. You will notice a new file in your UltraVNC installation folder called rc4.key.

Important: Make sure you bring along this key file (rc4.key) along with your UltraVNC or the client will not be able to interact or see the server.

Client Configuration
Copy this rc4.key to your UltraVNC client’s root directory as with the steps in the Server. When you launch your UltraVNC client, check the box called “Use DSMPlugin” and enter your server’s IP address. Click on connect, enter your password.Done!

Part One
By now you should have VNC installed and you’d be able to connect via LAN. Make sure you register the VNC Server as a system service if you want it to run automatically on Windows start-up.

Now lets expand this control over the Internet. To control your PC over Internet you’ll have to;

1) Know your IP address. If you’re on a static IP then all’s well, if you’re given a dynamic IP by your ISP then you will need;
a) take note of your IP whenever you leave home.
b) register with any of the numerous free dynamic DNS services. What this service does is offer a service to keep a domain name linked to a changing IP address on those who are on dynamic IPs via a dynamic update client that runs on your local computer and updates the dynamic DNS service site. Logging into the site will give you your ip.

2) Permit traffic on the SSH port 22 on the server (the pc you want to control) and if you’re on a router you need to port forward the VNC traffic to your server in which VNC Server is listening. How this is done depends on which firewall and/or router you are using. eg. in Windows XP SP2′s Firewall, go to Start | Control Panel | Windows Firewall | Exceptions tab | Add port | port name SSH, port 22, TCP.

If you’re behind a router or your bridge-modem is in router mode, you’ll need to forward TCP port 22 to the server. This means that any traffic coming in through port 22 (the SSH port) will be passed through the router and directed to the server. Here’s a useful site detailing on how to port forward on popular routers.

This is what port forwarding looks like on my Linksys AM300 modem/router.

Part Two
Because access to a VNC Server allows access to your whole computer, security is of upmost important. VNC is inherently unsecure, thus the need to encrypt the traffic moving between both machines (client and server) as encryption in VNC is only used when the initial connection (when you login). Once connected, all VNC data is unencrypted, and a malicious user could snoop your VNC session with a number of scanning programs available that will scan a subnet looking for PCs listening on any ports which VNC uses.

The purpose of VNC + SSH is to remove this security risk. SSH, or the Secure Shell, allows secure (encrypted and authenticated) connections between any two machines running SSH. The wide variaty of connections supported by SSH include file transfer protocols, TCP/IP port forwarding, terminal sessions et cetera. SSH is capable of using a number of encryption algorithms like AES-256, TripleDES, and-so-forth (I think that’s enuff tech jargons to throw around). By tunnelling VNC over a SSH connection, you will be able to acces the host and have all traffic strongly encrypted.

Getting & Installing OpenSSH
There’s two ways to go about this. You can either get the standalone installation file of OpenSSH here or download Cygwin and grab the relevant OpenSSH packages. Cygwin is a powerful *nix API emulator which has many uses that can replace the usual cmd.exe of our windows. What this means is it allows *nix programs/binaries (or bin) to be run in Windows. Maybe a tutorial for this will be up next on the power of Cygwin.

After downloading Cygwin, hit the Set-up exe file. Cygwin is actually an installation and update utility that retrieves the bin packages from the Internet. As you can guess, the package we’re interested in is called OpenSSH and can be found in the Net category. After Installation is complete you need to add Cygwin environmental variables to your server to add the OpenSSH service and point to the bin file. Do this by right clicking on My Computer | Selecting Properties | going to the Advanced tab and hitting the | Environment Variables button and;

1. Add the variable CYGWIN and ntsec tty by using the Add button.

2. Add C:\cygwin\bin (or whatever your installation directory is, for me it was C:\Program Files\Cygwin\bin) to the at the end of the existing line of the PATH environment variable by using the Edit button. (Warn: Don’t remove the existing lines, just append this line to the end of the line or you’ll screw your paths)

3. Configure OpenSSH on Cygwin by typing ssh-host-config at the prompt with the following answers;


“Privilege Separation?” Yes
“Create local user SSHd?” Yes
“Install SSHd as a service?” Yes
“CYGWIN = ” enter ntsec


4. We can now start the SSH daemon (thats service to you Windows folks) by either typing net start sshd within Cygwin, typing cygrunsrv.exe -S sshd or simply rebooting the machine. You can check if SSH is runningby by typing netstat -a in the command prompt and look for the line with ssh. To stop the SSH service type net stop sshd

Connecting to VNC thru SSH
Adjust the VNC server settings.

1. Select allow loopback connections on the VNC server.

2. Create a local forwarded tunnel using the command ssh -p 5900 admin @60.49.120.110 -L 5900:127.0.0.1:5900 command to forward port 5900 (the default VNC port if you haven’t changed it to another, if so replace this with your specified value instead) on the client where the public IP of your router is 60.49.120.110. The loopback interface address (that’s 127.0.0.1 to you) must be used.

Connect to the VNC server over the SSH tunnel
To complete the procedure, start the VNC viewer on the and point to the server at 127.0.0.1:0:5900. At this point, the connection is forwarded from the client machine to the VNC server over SSH and you should receive the VNC authentication prompt. All network traffic is transparently encrypted by the SSH tunnel.

Troubleshooting Checklist
Since this involves multiple setups and an unususally long guide, here is a brief troubleshooting checklist should you run into problems.

1) If you can SSH from the server to the server (SSH locally) = SSH server is functioning.
2) If you can SSH from a computer over LAN to the SSH server = IP and LAN connection is functioning.
3) If you can SSH from a computer over WAN (i.e. on the other side of the NAT router) to your SSH server, then you know that the router’s port-forwarding is working.

The same rules apply to VNC.

Securing UltraVNC is much easier but that’s for another article. :)

This would be a good setup for those who are working with sensitive data and don’t want to wait for a zero-fill reformat to destroy those sensitive data files. Save a batch file on your desktop right next to your recycling bin, so you can now just drag and drop sensitive files onto the batch file icon to shred them digitally. Use the normal Recycle Bin for file you don’t wanna shred. For those with paws instead of hands I advise caution.

Download, extract and save SDelete.exe to your c:\windows\system32

Open a new notepad and key in the following…

@echo off
echo . --- W A R N I N G ---
echo .
echo .the file(s)/folders(s) will be shredded! Are you sure?
echo .
echo . use CTRL-C to abort or...
echo .
pause
sdelete -p 4 -s %1
pause

and save it as a *.bat file on your desktop. As mentioned earlier, you can now just drag and drop sensitive files onto the batch file icon to shred them digitally.

Please note that shredding digital files, like it’s real world equivalent isn’t a 100% process. As in the real world where people can use a sellotape to paste back the shredded strings and reconstruction the original documents, completely removing traces of the file in all operating systems is similarly unlikely. In NTFS, it is extremely likely that copies of the target file will be made elsewhere in the volume. Also, if there is anything in the I/O stack performing write coalescing, then the file you’re trying to securely erase may only be overwritten on the physical disk once and not x number of times as suppose to be done by the shredding application.

Therefore, I’m here to write some common security tips to increase the safety of your online transactions and reduce the risk of your online account being hacked:

• Avoid phishing - Always trust only yourself. It’s not too hard to type the address of online banking site on the address bar. Please DO NOT access online banking site via the link in your email or some untrusted sources. Phishing is meant to be avoided at all cost.
• Equipt with security tools – Install at least an Antivirus, Anti-spyware and Firewall into your machine to protect your PC from the invasion of malware/virus/attack.
• Update regularly - Keep your antivirus and anti-spyware updated with the latest definitions, and do not ignore Windows Security update. You would think you’re probably not affected by the update, but it’s better to be safe than sorry.
• Password tips - While it’s OKAY to use your birthdate or your favourite artist name as your password in some discussion forums, a strong password is definitely needed if the site/application is critical:
• DO NOT use the same password in ALL your online accounts. If you do and one of your accounts got hacked, hacker will be able to access all your other accounts.
• Try to avoid using dictionary words like “prettygirl”, “imagination” etc or any other stuff that’s easy to guess (like your birth date, your car plate number)
• Password is case sensitive, choosing passwords that are composed by different case will add more strength to the security (for example, LeEtLe_KiD).
• DO NOT disclose your password to anyone, even if the person claimed he/she is working for the bank or is the site admin.
• If you’ve too many passwords to remember, use a reliable password safe like KeePass.
• Common Sense - practice your common sense. Sometimes it’s difficult to tell what goes wrong with the site, but once you think something is wrong, quit it and seek for experts consultation. Other than that, please do often read some online articles concerning electronic security to improve your awareness regarding this matter.

Feel free to comment on my list (constructive criticisms are welcome) or add in something here as I’ve missed some important stuff. Thanks for reading!

Original article here.

Ok…I’m not sure if he actually did that in the TV series, but I’m certain he has picked a couple of locks before. That is what I am about to try doing.

Why?

I am the proud owner of a typical locker room combination lock, of which I have totally forgotten the combinations to.

It just so happens that Core77 recently published a post on how to ‘break’ the combinations to one of these locks. How convenient. =)

So wish me luck as I try to break my own lock. (Disclaimer: this is MY lock!)

To make things simple for you, I have embedded the video from Core77′s post onto this post as well. Take a look at it:

The Hole – video powered by Metacafe

Because of the following reasons, I can’t have the same universal login/password for all my online accounts:-

• Difference in policies, for example, Citibank Malaysia has a very unique requirement that login/password cannot have more than two consecutive characters or numbers

• Security reason – if one of my password information is stolen, the thief will be able to access all my webmails, banking site etc…now that’s serious

It is indeed a pain in the ass to remember each and every of them, if I’ve such a good memory, I would utilize it somewhere else :) I had been looking for a good password manager but most of them are not really what I need (for example, Firefox password manager is too simple for me), until I found KeePass (listen, it’s KeePass, not KeepAss)

KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish) (paragraph quoted from KeePass main site).

There are plenty more for you to try out and I’m not going to explain each of them. Experience it instead!

Link: http://keepass.sourceforge.net/

Below are some of the screenshots I’ve captured from this open-source baby:

Figure 1: Connecting to Tor Networks

Well then you if you fall into the aforementioned category then Torpark is the browser for you. Based on a mod version of Firefox, Torpark was created by a Group calling itself Hacktivismo (the reincarnation of the renowned Texas-ased hacker organization called Cult Of the Dead Cow)and is touted to protect your privacy from governments intelligence service and data theives. Torpark uses its own network (Tor network) of net routers and encryption to anonymise the traffic and also regularly changes the net address that someone appears to be browsing from. It’s also stand alone installess but weighs in at 9.3Mb.

Figure 2: Security menu from the right click mouse button.

Figure 3: Torpark in action

download from here.

1. Download TrueCrypt, install and launch.

2. Select “Create Volume” which will launch a walkthrough wizard. Choose “Create a Standard TrueCrypt Volume” and select Next. Hit the “Select File” (it really should be called “Create File” actually) button and navigate to a location to create your virtual encrypted drive file – which is really a file that acts like an encrypted folder. Type a name for it. I’ve created it in “C:\Documents and Settings\xxx\My Documents\stuff.ben”. try to pick a non-important filename (naming it private or encrypted will only make people more curious). your file can have any or no extension (i made mine *.ben). Hit Next.

3. Choose an encryption algorithm from the dropdown box. Next. Choose the size of the virtual encrypted drive file. You have to comit to a size (realize that it’s non-growable and regardless of how many files you throw inside, it will always show that size.Next.

4. Choose a password. If you don’t choose a badass 20-in-length alphanumeric password, TrueCrypt will complain, but you can choose to accept your wussy password as well :P.

5. Format the virtual encrypted drive file. (Don’t worry, you’re not formatting your hard drive but preparing the virtual encrypted drive file.) This is where the coolness factor comes in, TrueCrypt gathers random information from your system like the location of your mouse pointer to incorporate into the encryption algorithm. Done. Exit or create another…

6. Now you’ve got a virtual encrypted drive file, you need to mount it to use it. Choose “Select File” and navigate to the location in which you created it. Select an available drive letter from the list and then hit the “Mount” button, and enter the password.

7. The virtual encrypted drive will be mounted. Go to My Computer and listed alongside all the other drives on your computer, there will be a new one listed corresponding to the drive letter you selected. Drag and drop all your sensitive data to this drive and work from it as if you would any other disk.
8. Once you’re finished working with the data, in TrueCrypt, select the mounted drive and hit “Dismount”. The drive will no longer be available and it’s now totally encrypted.

How to use it on your external hard disk & USB thumbdrive.
TrueCrypt does need not be installed to work. Just dump truecrypt.exe, truecrypt.sys, and your virtual encrypted drive onto a tumbdrive or external hard disk. On the move, just stick it in any computer, launch truecrypt.exe, and browse to your virtual encrypted volume.

How to use it on a CD.
The cool part about using a CD is you can use the autorun function to launch truecrypt.exe whenever you pop it into a CD-ROM drive (unless autorun has been disabled on the machine). To create an autorun file, open a notepad and insert these lines:

[autorun]
OPEN=truecrypt.exe

and save it as Autorun.inf.

Burn truecrypt.exe, truecrypt.sys, your virtual encrypted drive and the Autorun.inf file to your CD root. The uncool part? it’s read only (naturally being a CD-ROM).