HowTo: Crack a Windows 7 / XP or Vista Password With Ophcrack Live CD

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

There is also article and more screen shots at Lifehacker:
Extremely impressed at the ease and speed with which the Ophcrack Live CD cracked my Windows admin password when I tested it out last a few weeks ago, I thought it might be useful to throw together a quick guide detailing how to use this powerful little utility.

Crack a MS- Windows 7 / XP / Vista password with Ophcrack Live CD
Crack a MS- Windows 7 / XP / Vista password with Ophcrack Live CD

Whether you need to recover the lost password to a Windows account, you’re looking to ensure that your passwords are secure, or you’re a super l33t h4x0r, the Ophcrack Live CD is a pretty useful tool.

Top virus threats in 2007

McAfee Inc, a leading dedicated security technology company, on Wednesday announced its top ten predictions for security threats in 2007 from McAfee Avert Labs. According to McAfee Avert Labs data, with more than 217,000 various types of known threats and thousands more not yet identified, it is clear that malware is increasingly being released by professional and organised criminals.

Malware or malicious software is a software designed to infiltrate and damage a computer system without the owner’s consent. The expression is a general term to mean various forms hostile, intrusive, or annoying software or programme code.

Computers are an essential part of everyday life. As a result there is a huge potential for monetary gains by virus writers. With sophisticated techniques on the rise, it is becoming increasingly hard for the general user to identify or avoid malware infections.

In no particular order, McAfee Avert Labs’ top ten security threats for 2007 are:

1. Number of password-stealing Web sites will increase using fake sign-in pages for popular online services

2. Volume of spam, particularly bandwidth-eating image spam, will rise

3. Popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files

4. Mobile phone attacks will become more prevalent as mobile devices become smarter

5. Adware will go mainstream

6. Identity theft and data loss will continue to be a public issue

7. The use of bots will increase as a tool favoured by hackers

8. Parasitic malware, or viruses that modify existing files on a disk, will make a comeback

9. The number of rootkits on 32-bit platforms will increase

10. Vulnerabilities will continue to cause concern fueled by the underground market for vulnerabilities

Top 10 computer virus threats in 2007

Kaspersky Anti-Virus 6 is the best anti virus software out there

Few days back I wrote about top 3 free anti virus software.

Kaspersky Lab is a computer security company. It also provides the Kaspersky Anti-Virus 6 which win the CNET 2007 antivirus performance award. Kaspersky Anti-Virus engine also used by Microsoft, Juniper Networks and other third party companies.

From the article:

Despite a very competitive antivirus landscape, Kaspersky Anti-Virus 6, released earlier this year, still stands heads and shoulders above the latest Norton and McAfee products and thus deserves our Editors’ Choice for antivirus protection.

For the first time in nearly two years, we have an Editors’ Choice winner for antivirus protection. Of the products we’ve tested and reviewed thus far, we think Kaspersky Anti-Virus 6 offers the best value and performance. Norton AntiVirus 2007 improved some over last year, but McAfee VirusScan Plus 2007, despite adding a firewall, failed to move up.

Trial Download

=> Kaspersky Lab website.

How to develop more secure windows code – 8 simple rules

These are the 8 simple rules for developing more secure windows code.

This article discusses:
=> Using analysis tools and experts to review your code

=> Reducing risk using fuzzing and threat modeling

=> Keeping bad input out of your applications

=> Learning all you can about security concepts

How to develop more secure windows code - 8 simple rules


Habit #1: Take Responsibility
Habit #2: Never Trust Data
Habit #3: Model Threats against Your Code
Habit #4: Stay One Step Ahead
Habit #5: Fuzz!
Habit #6: Don’t Write Insecure Code
Habit #7: Recognize the Strategic Asymmetry
Habit #8: Use the Best Tools You Can

Read more at Microsoft MSDN web site…

How secure is Windows XP desktop system

Windows is the favourite target of malicious and criminal hackers

If every hour a burglar turned up at your house and rattled the locks on the doors and windows to see if he could get in, you might consider moving to a safer neighbourhood.

And while that may not be happening to your home, it probably is happening to any PC you connect to the net.

This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an ‘average’ home PC faces when connected to the internet.

=> 36 warnings that pop-up via Windows Messenger
=> 11 separate visits by Blaster worm
=> 3 separate attacks by Slammer worm
=> 1 attack aimed at Microsoft IIS Server
=> 2-3 “port scans” seeking weak spots in Windows software

Wow! That is too much for normal home user. This is why you need to switch to Linux desktop system. Sure, geeks or experienced IT pro can use Linux easily but what about new people.

Not everyone can run Linux (no matter how hard you try). The solution is simple:
=> Purchase firewall enabled broadband/wireless routers.
=> Install Windows XP firewall and antivirus.
=> Don’t visit or open unknown emails; if possible use web based email system.

Found via Slashdot

Security: Getting System Privileges on Windows XP

This is extremely dangerous Exploit.

Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. At the time I’m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt.

A quick fix

A way to prevent this from happening at all, would be to make the task scheduler service run under a unprivileged account. You can do this by opening the services control panel (Start > Run > services.msc), and right clicking “Task Scheduler” and going to the Log On tab. Change it to “This Account” and enter the account information you want it to use (has to be an existing account) then restart the service. This may break some programs that use the Task Scheduler and depend on it for SYSTEM access; you have been warned. Otherwise, simple disable the Task Scheduler service.

Read more

Security: Hack Mac OS X With Installer Packages

MacGeekery has a short but insightful piece with examples on how to use a malformed Installer package (.pkg) on Mac OS X to ‘insert user accounts with administrator rights and change root-owned system configuration or binary files without prompting the vast majority of Mac OS X users for a password of any kind.

From the article: By creating a malicious package and setting the authorization level to AdminAuthorization in the package, an attacker can modify root-owned files, execute commands as root, or install setuid-root programs without alerting the user that such actions are taking place. The problem is compounded when you consider that over 90% of Mac OSi X users run as the administrator user because it’s what the default user created by the system is.

(via Slashdot)

How to surf securely at public WiFi hotspots

The average user has no idea of the risks associated with public WiFi hotspots.

It’s possible to use your laptop safely in a coffee shop, but you have to take a bit of responsibility for that security. You’ll need to use your common sense, change a few habits, and perhaps install and use some new software.

Here are some very simple tips for them to keep their network access secure.

Read Scott Granneman tips

Blackberry data spy (stealing confidential data)

Blackberry one of the hottest gadget used by corporate. A booby-trapped game of noughts and crosses has been used to show how a Blackberry can be hijacked to steal confidential data

According to BBC news, “Created by a security researcher the game contains malicious code that turns the popular mobile e-mail device into a backdoor into corporate networks.”

That is why you should never-ever install any games or other fancy stuff such as screen savers. Only way to prevent such a nasty stuff is to educate yourself. :)