Windows 7 & Vista Canonical Folder Names

In Windows Vista Microsoft introduced a feature which allowed file system folders to be used as junction points. By appending a GUID (Globally Unique IDentifier) as an extension to a folder name that folder can act as a junction point to another folder or control panel item.

For example, appending {645FF040-5081-101B-9F08-00AA002F954E} as an extension to the folder "trash" (trash.{645FF040-5081-101B-9F08-00AA002F954E}) will change the folder "trash" to a junction point for the Recycle Bin.

A list of available GUIDs is available on MSDN. However, this list does not contain all the possible GUIDs available in Windows 7 & Vista. Also, not all of these GUIDs will work in Windows 7 & Vista. Some GUIDs may work in both, some may be specific to Vista or 7 and some may work depending on the hardware and software installed on the system.

The following batch file will create a folder called "Canonical". In this folder, it will then create sub-folders using the GUIDs available from MSDN plus some others found from the internet. These include the infamous "All Tasks" folder, Computer, Recycle Bin etc.

Canonical
MD5: 1DFC67F49E50DE23B500C095C43E2AB0
SHA1: F535E660FD130369CEBE46DB5C97410C912A2964

Protecting yourself from Phishing attacks

What is Phishing?

Phishing (pronounced as fishing) refers to the act of trying to fool someone into disclosing sensitive personal information (such as username, password, credit card number) by posing as a legitimate entity known to the person.

How it works?

There are several ways in which phishing attacks are carried out. Here are some sample scenarios.

Scenario 1

• victim is sent an email claiming to be be from their email provider (gmail, hotmail, yahoo etc)
• the email header is sometimes spoofed so that it appears to be coming from the email provider
• victim is told that the email provider has had some technical difficulties (such as data loss)
• victim is asked to reply to the email with username, password or other sensitive information (such as secret answer)

Scenario 2:

• victim is sent an email claiming to be from their bank or financial institution
• victim is told to update their personal details (or do something similar which encourages the victim to click the link provided)
• victim is provided with a link to do the update (or whatever)
• the link usually takes the form "http://bankname.something.com" in order to fool the victim
• the link takes the victim to a page that is similar to the login page of their bank
• once victim enters their username and password they are stored and the victim is presented with an error page or redirected to the correct website (i.e. the victim's bank's website)

Scenario 3:

• victim receives an instant message on their messenger client or through facebook (or social network)
• the message contains a link
• the message is worded such that the victim is tempted to click the link
• when the victim clicks the link they are taken to a site which looks similar to the login page of their email provider (hotmail, gmail, yahoo etc.) or facebook (or social network)
• when the victim supplies their username and password they are given an error message or redirected to the site they thought they were visiting

How to protect yourself from Phishing attacks?

There are several tools targeted at protecting internet users from Phishing attacks. However, the best way to protect oneself would be to be aware of how phishing attacks are conducted instead of solely relying on security tools for protection. Here are some key things to remember:

• Your email provider, bank, financial institution or any other respectable entity will NEVER ask you for your username or password via email
• ALWAYS check the address of the website in your address bar before you type your username and password to login (http://facebook.com is not the same as http://facebook.evilsite.com)
  The important thing to note here is what appears before the dot com (or dot whatever). That is the domain name. If the domain name (in this case evilsite) is different from the site you think you were visiting (i.e. facebook) then you are being scammed (or phished in this case).

Useful Firefox Addons

Here are two of the most useful addons for Firefox.

1. AdBlock Plus
   This addon helps you get rid of those annoying advertisements and banners on most websites. Using this addon can also help reduce the time taken for most web pages to be displayed since advertisements and banners would no longer be downloaded.
   
2.  NoScript
   This addon improves the security of Firefox by preventing the automatic execution of javascript for non-trusted sites, protection against clickjacking, xss attacks and more. This addon might be a bit annoying for first time users since most websites might appear broken without javascript. However, the security offered by this addon is worth the initial learning curve.

Change Windows password using Command Prompt

In Windows XP, Vista and 7 the net user command can be used to change the password of users, assign random passwords to users or change the password of the current user without knowing the users current password.

Assign a new password to local user guest. 

• Open Command Prompt
• In Command Prompt type net user guest password where password is the password you wish to assign the user with.
• If you want to assign a new password to another user replace guest in the above command with the name of the respective user. 

Assign a random password of length 14 to local user guest 

• Open Command Prompt
• In Command Prompt type net user guest /random:14
• Replacing 14 with the length of the password you require will generate a password of the required length.
• The shortest password you can generate is 0 characters long and the longest is 256 characters.

Note: Administrative privilege would be required to change the passwords of users other than the user under which the net user command is executed.

• Typing cmd.exe in the start menu search box in Vista & 7 and pressing Ctrl+Shift+Enter will launch Command Prompt with administrative privileges.
• Alternatively, you can right-click the Command Prompt entry in the start menu and select Run As Administrator

Reducing risk of Autorun viruses

One of the most common and rather annoying way in which malware (viruses, trojans, worms) spreads is via the Autorun feature of most Windows Operating Systems. These viruses silently copy themselves to removable USB storage devices once the devices are plugged into an infected system. The Autorun feature of Windows OSs causes the malware to be launched automatically when the infected USB device is plugged into another computer (or when the user clicks on the drive icon on My Computer). Most of the time these malwares would be stopped by anti-virus software.

However, since the Autorun feature is seldom used (do not confuse Autoplay with Autorun) disabling Windows from parsing the Autorun.inf in the first place is the best way to reduce infection via Autorun viruses. To disable Autorun in windows:

• Open Regedit (Windows+R, then type "Regedit" and click ok)
• Navigate to the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping
• Right-click and create new key Autorun.inf
• Set the default value of the created key to @SYS:DoesNotExist

Alternatively you can download the following file and import into the Windows Registry.

• Disable Autorun
• Double click the file.
• Click "Yes" on the message box displayed (but make sure you read it first)