Wednesday, October 13, 2010

DhiFix - Dhivehi Dictionary & Affix file creation for Hunspell

DhiFix is an open source application to simplify the creation and editing of Dhivehi dictionary and affix files for Hunspell. DhiFix uses the GTK+ run time and is created in C. The current version of DhiFix has the following features:
  • Add/Remove words from the dictionary.
  • Add/Remove affixed forms of words. This removes the affix flag for the word and not the actual affix.
  • Automatically create new affix rules if the word cannot be converted to suggested affixed form using existing affix rules.
  • Suggest new affixed forms of a word based on existing affix rules and the pattern observed at the beginning or end of the word.
DhiFix source and windows binaries are available from http://code.google.com/p/dhifix/

Monday, September 6, 2010

Unhiding files hidden by viruses and malware

A common and annoying trick (for most) used by malware is to hide files and folders and replace them with copies of the malware executable file with common windows folder or file icons. By the time one figures out their system has been infected half the stuff on the hard disks and USBs seems to have vanished and cleaning the malware does not seem to do anything for the "missing" files. Some clueless Windows users assume that the malware had deleted all their personal files while the more fortunate ones do find out that changing two settings in Folder Options is all that is needed to get Windows to show them their precious files. Those two settings are:
  • Show Hidden Files (enable this)
  • Hide protected operating system files (disable this)
    For some odd reason Windows thinks that any files marked as System and Hidden should be a protected operating system file.
So here's a simple way to let you unhide the files hidden by malware:
  • Download unhide.zip
    MD5: 3A1961622326EB09EDE9EAAE43C2A728
    SHA-1: 86F89724525753D3473504D989168668780E9554
  • Extract unhide.bat
  • Copy unhide.bat to the folder whose contents disappeared after the malware unfection
  • Double-click unhide.bat to run it and all your missing files and folders would automagically appear (unless the malware did actually delete it).
Those familiar with Command Prompt can just use the following command instead of downloading the batch file:
  • attrib /d /s -h -s

Thursday, July 8, 2010

Changing MAC Address in Windows 7 & Vista

The MAC Address of Network Devices in Windows 7 & Vista can be changed by making a simple change to the registry. A possible step-wise approach to accomplish this is presented below.
  • Open Windows Registry Editor.
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class from the tree view on the left hand side.
  • Open Command Prompt.
  • Type getmac in Command Prompt and press enter to get the MAC Address of Network Interfaces on your computer. You will see the MAC Addresses of all Network Interfaces you have on your computer including virtual ones.
  • Copy the GUID in Transport Name part of the device whose MAC Address you wish to change. The transport name is like \Device\Tcip_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} where the GUID is the part highlighted in yellow.
    Note: The transport name will not be displayed for network devices which are disabled. So if you have a wireless network device and have it switched off you then will not be able to see the transport name of the wireless network device.
  • Go back to the registry editor and press Ctrl+F to display the search window.
  • Paste the GUID you found into the text box in the search window.
  • Next untick both Keys and Values under LookAt and tick Data.
  • Click Find Next to search the registry.
  • The Registry Editor will automatically take you to a Key similar to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\XXXXXXXX-XXXX-XXXX-XXXXXXXX\00## and a String Value with the name NetCfgInstanceId would be highlighted on the right hand side. This String Value would contain your GUID.
    Note: You may have to search a couple of times before you are able to find this key.
  • Right click on an empty space on the right hand pane in the Registry Editor windows and select New -> String Value
  • Type NetworkAddress for the name of this new String Value.
  • Double Click the new String Value you just created i.e. NetworkAddress and enter the new MAC Address you want for the interface. The MAC address should be in hexadecimal without any hyphens and should be exactly 12 characters long. Example: 00AA22BB44CC
  • Close the Registry Editor and restart your network device for the change to take affect.
  • To restart you network device you can either restart your computer or disable and re-enable your network device (using the Control Panel -> Network and Sharing Center).
  • To check whether the MAC Address of the device has changed you can open Command Prompt and enter getmac.

Tuesday, May 25, 2010

Hacking or Phishing?


During the past few weeks, some Maldivian blogs got hacked according to the blog authors or those close to them. How did all these blogs get hacked? Is GMail security that low that any script kiddie could take over your blog? Or is there something else to it? Was the bloggers phished?

As far as I know GMail is pretty secure and there is no known way of hacking into someone's GMail account unless you know their password or secret question answers. Therefore, the only reasonable explanation for the recent "hacking" of several Maldivian blogs can only be attributed to phishing (this seems to be what is suggested by a recent article on the dhiislam website).

If you want to learn more about phishing and how to protect yourself from phishing attacks please read my previous post on phishing attacks. You can also read more about phishing on howstuffworks.com

Sunday, May 23, 2010

Windows 7 & the freezing Windows Live Messenger

Symptoms:
  • Windows Live Messenger freezes randomly from a few seconds to a few minutes on a Windows 7 system. The problem occurs while you chat and gets worse when you try to select an emoticon or wink from the menu.
Cause:
  • Windows 7 has a service called WinHTTP Web Proxy Auto-Discovery Service  which gets called by Windows Live Messenger each time it wants an internet connection. This service fails to perform as expected under some circumstances.
Solution:
  • Windows Live Messenger uses Internet Explorer settings to determine the type of internet connection the user has.
  • Disabling Automatically detect settings under LAN Settings in Internet Explorer would prevent Windows Live Messenger from using the WinHTTP Web Proxy Auto-Discovery Service. To do this:
    • Open Internet Explorer.
    • Go to Tools => Internet Options.
    • Select Connections tab.
    • Click LAN Settings.
    • Uncheck Automatically detect settings.
    • Click OK.

Monday, May 17, 2010

Disable Automatic Virus Scanning in Firefox 3

By default, Firefox 3 runs anti-virus scans on downloaded files in Windows systems with anti-virus software installed. Depending on the type and size of the files downloaded Firefox can stop responding for a significant amount of time while the virus scan is being performed. Follow the steps below to disable automatic virus scanning in Firefox 3:
  • Type about:config in the Firefox location bar
  • Click the "I'll be careful, I promise!" button if the "This might void your warranty!" message is displayed.
  • Type browser.download.manager.scanWhenDone as the Filter. Alternatively you can just navigate to the setting browser.download.manager.scanWhenDone in the about:config page.
  • Change the value of browser.download.manager.scanWhenDone to false.
Note: Do not disable automatic virus scanning in Firefox if your anti-virus software does not support real-time protection.

Monday, May 10, 2010

Show close button on the last tab in Firefox 3.5+

In Firefox versions 3.5 and later the close button is not displayed on the last tab. If you try to close the last tab by pressing Ctrl+W then Firefox closes with the tab. Sometimes, this can be annoying, so here is a simple fix for the problem.
  • Open a new tab in Firefox and enter about:config as the URL.
  • Click "I'll be careful, I promise!" button to get to the config page.
  • Make the following changes in the config page:

    • browser.tabs.closeButtons = 1
    • browser.tabs.closeWindowWithLastTab = false
  • Close Firefox.
  • Goto folder %APPDATA%\Mozilla\Firefox\Profiles\xxxxxxxx.default\chrome

    •  %APPDATA% == C:\Documents and Settings\\Application Data\ folder in Windows XP
    • %APPDATA% == C:\Users\\AppData\Roaming\ folder in Windows Vista and 7
    • More details on where the Firefox Profiles folder is located in different Operating Systems can be found at http://support.mozilla.com/en-us/kb/Profiles
  • Open userChrome.css in a text editor such as Notepad++ or Windows Notepad.
  • Add the following code to userChrome.css

    /* Add tab-close-button to last tab*/
    .tabbrowser-tabs[closebuttons="alltabs"] > 
     .tabbrowser-tab > .tab-close-button {
      display: -moz-box !important;
     }
    .tabbrowser-tabs:not([closebuttons="noclose"]):not([closebuttons="closeatend"]) > 
     .tabbrowser-tab[selected="true"] > .tab-close-button {
      display: -moz-box !important;
     }
  • Save userChrome.css
  • Open Firefox and you should have a close button displayed on the last tab.

Friday, April 2, 2010

Windows 7 & Vista Canonical Folder Names

In Windows Vista Microsoft introduced a feature which allowed file system folders to be used as junction points. By appending a GUID (Globally Unique IDentifier) as an extension to a folder name that folder can act as a junction point to another folder or control panel item.

For example, appending {645FF040-5081-101B-9F08-00AA002F954E} as an extension to the folder "trash" (trash.{645FF040-5081-101B-9F08-00AA002F954E}) will change the folder "trash" to a junction point for the Recycle Bin.

A list of available GUIDs is available on MSDN. However, this list does not contain all the possible GUIDs available in Windows 7 & Vista. Also, not all of these GUIDs will work in Windows 7 & Vista. Some GUIDs may work in both, some may be specific to Vista or 7 and some may work depending on the hardware and software installed on the system.

The following batch file will create a folder called "Canonical". In this folder, it will then create sub-folders using the GUIDs available from MSDN plus some others found from the internet. These include the infamous "All Tasks" folder, Computer, Recycle Bin etc.

Canonical
MD5: 1DFC67F49E50DE23B500C095C43E2AB0
SHA1: F535E660FD130369CEBE46DB5C97410C912A2964

Thursday, March 18, 2010

Protecting yourself from Phishing attacks

What is Phishing?

Phishing (pronounced as fishing) refers to the act of trying to fool someone into disclosing sensitive personal information (such as username, password, credit card number) by posing as a legitimate entity known to the person.

How it works?

There are several ways in which phishing attacks are carried out. Here are some sample scenarios.

Scenario 1

  • victim is sent an email claiming to be be from their email provider (gmail, hotmail, yahoo etc)
  • the email header is sometimes spoofed so that it appears to be coming from the email provider
  • victim is told that the email provider has had some technical difficulties (such as data loss)
  • victim is asked to reply to the email with username, password or other sensitive information (such as secret answer)

Scenario 2:

  • victim is sent an email claiming to be from their bank or financial institution
  • victim is told to update their personal details (or do something similar which encourages the victim to click the link provided)
  • victim is provided with a link to do the update (or whatever)
  • the link usually takes the form "http://bankname.something.com" in order to fool the victim
  • the link takes the victim to a page that is similar to the login page of their bank
  • once victim enters their username and password they are stored and the victim is presented with an error page or redirected to the correct website (i.e. the victim's bank's website)

Scenario 3:

  • victim receives an instant message on their messenger client or through facebook (or social network)
  • the message contains a link
  • the message is worded such that the victim is tempted to click the link
  • when the victim clicks the link they are taken to a site which looks similar to the login page of their email provider (hotmail, gmail, yahoo etc.) or facebook (or social network)
  • when the victim supplies their username and password they are given an error message or redirected to the site they thought they were visiting

How to protect yourself from Phishing attacks?

There are several tools targeted at protecting internet users from Phishing attacks. However, the best way to protect oneself would be to be aware of how phishing attacks are conducted instead of solely relying on security tools for protection. Here are some key things to remember:
  • Your email provider, bank, financial institution or any other respectable entity will NEVER ask you for your username or password via email
  • ALWAYS check the address of the website in your address bar before you type your username and password to login (http://facebook.com is not the same as http://facebook.evilsite.com)
    The important thing to note here is what appears before the dot com (or dot whatever). That is the domain name. If the domain name (in this case evilsite) is different from the site you think you were visiting (i.e. facebook) then you are being scammed (or phished in this case).

Tuesday, February 23, 2010

Useful Firefox Addons

Here are two of the most useful addons for Firefox.

  1. AdBlock Plus
    This addon helps you get rid of those annoying advertisements and banners on most websites. Using this addon can also help reduce the time taken for most web pages to be displayed since advertisements and banners would no longer be downloaded.
  2.  NoScript
    This addon improves the security of Firefox by preventing the automatic execution of javascript for non-trusted sites, protection against clickjacking, xss attacks and more. This addon might be a bit annoying for first time users since most websites might appear broken without javascript. However, the security offered by this addon is worth the initial learning curve.

Sunday, February 14, 2010

Change Windows password using Command Prompt

In Windows XP, Vista and 7 the net user command can be used to change the password of users, assign random passwords to users or change the password of the current user without knowing the users current password.

Assign a new password to local user guest. 
  • Open Command Prompt
  • In Command Prompt type net user guest password where password is the password you wish to assign the user with.
  • If you want to assign a new password to another user replace guest in the above command with the name of the respective user. 
Assign a random password of length 14 to local user guest 
  • Open Command Prompt
  • In Command Prompt type net user guest /random:14
  • Replacing 14 with the length of the password you require will generate a password of the required length.
  • The shortest password you can generate is 0 characters long and the longest is 256 characters.

Note: Administrative privilege would be required to change the passwords of users other than the user under which the net user command is executed.
  • Typing cmd.exe in the start menu search box in Vista & 7 and pressing Ctrl+Shift+Enter will launch Command Prompt with administrative privileges.
  • Alternatively, you can right-click the Command Prompt entry in the start menu and select Run As Administrator

Sunday, January 31, 2010

Reducing risk of Autorun viruses

One of the most common and rather annoying way in which malware (viruses, trojans, worms) spreads is via the Autorun feature of most Windows Operating Systems. These viruses silently copy themselves to removable USB storage devices once the devices are plugged into an infected system. The Autorun feature of Windows OSs causes the malware to be launched automatically when the infected USB device is plugged into another computer (or when the user clicks on the drive icon on My Computer). Most of the time these malwares would be stopped by anti-virus software.

However, since the Autorun feature is seldom used (do not confuse Autoplay with Autorun) disabling Windows from parsing the Autorun.inf in the first place is the best way to reduce infection via Autorun viruses. To disable Autorun in windows:
  • Open Regedit (Windows+R, then type "Regedit" and click ok)
  • Navigate to the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping
  • Right-click and create new key Autorun.inf
  • Set the default value of the created key to @SYS:DoesNotExist
Alternatively you can download the following file and import into the Windows Registry.
  • Disable Autorun
  • Double click the file.
  • Click "Yes" on the message box displayed (but make sure you read it first)