PC CyberTekThe cyberspace visitor’s information center

If you follow this blog, you know that I did an article on the first stable release of Namp http://www.pccybertek.com/2010/01/nmap-5-20-released yesterday. Now that it has been out for a week, Fydor has already released another update, Namp 5.21 which is also a stable
release and not a beta. It’s mainly just a bug fix release. So I have updated the download section here with a link to the 5.21 release, which is on the right column about 3/4 of the way down the page. My download link is directly to the file on the insecure.org website or you can go to the Nmap download page yourself.

But I don’t want to just tell you about the update, I’d like to offer you some more since you took the time to stop by here. So here is a link to Iron Geek’s Baisc Nmap Tutorial video. And if already know the basics and would like to move on to some more advanced lesson, here is Iron Geek’s Nmap Video Tutorial 2: Port Scan Boogaloo Happy port knocking.

At one time I was going to make at least one free software recommendation a week. At some point I realized that in order to do this, sooner or later I would either run dry of suggestions, or make suggestions of products I really haven’t throughly tested. So I changed my mind and decided to only write about programs I have used for quite some time and really like. One of the first was Miro

Tonight’s pick is an all in one Instant Messenger, E-mail and Social Network client called Digsby. I’ve been running Digsby for around a year and it is really nice. I’ve set it up to connect to my AIM, MSM, Yahoo Chat, Facebook, Myspace, Twitter and all my various e-mail addresses. It sits nicely in my system tray and when I click on it, it pops up a sidebar on the left side of my screen that lists all the services I have it monitoring. If I click on the MSM bar it expands so I can see who is online and if I click on anyone who is online, I’m chatting with them just like I was running MSM. Instead of having to load all those different chat programs, I just run Digsby. Of course there are other programs like this, I use to run Trillian but it felt kinda clunky me and I haven’t tried the newer version of Trillian which now also supports Twitter and E-mail. However, I see Trillian still offers a pro version which isn’t free so it doesn’t totally fall into my “Free Software” category. Digsby also has several options for notification. Mine is configured so it pops up a little alert window. This is real handy for Twitter. I see the complete tweet and have options to retweet or reply to it. If I click on the notification window it will take me to that tweets page and I will already be logged in to Twitter. The same goes for any notification window, by clicking on it. If it’s one of my webmail accounts, I will be logged in and taken to that e-mail, or if it’s a pop mail account, it will launch whatever application you have chosen for your e-mail, such as Outlook.
Read the rest of this entry »

t’s been about a year since one of the best pen testing tools has seen an upgrade to the framework. Metasploit Framework 3.3 is now available. Not only does it support Linux, Windows, OS X, and many versions of BSD, but now it also supports Windows 7. And according to the website this release has 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. However one of the new features that I’m pleased about is you can now run a full console version in Windows using Cygwin which is how I like to run nmap when I’m on my Windows computers, and RXVT. To be honest, I haven’t fired up any of my Linux machines in a while. I just boot from a Linux Live CD most the time but I digress.
The Windows installer works on all versions of Windows from 2000 to Windows 7 and the Linux installer works on most versions of Linux released in the last five years.
I’d like to point out, this is not a toy. This is the bad boy of penetration testing tools. I love using this because I know that if I can’t get into the system I’m testing with it, I can feel pretty confident that system is pretty secure. I wouldn’t go so far as to say that I’m 100% secure because I’ve been doing this long enough to know there is no such thing. But if you can’t successfully attack one of your computers with this, then chances are neither can the script kiddies.

Yes, that’s right. The essential network scanner, nmap, has made it to version 5. If you are unfamiliar with nmap, it’s a must have tool for anyone who does anything with networks. It’s the greatest port scanner around. And you can get it for just about any OS. But nmap is much more than just a port scanner. It can be used for more than just seeing what ports are open. You can also use it for its OS detection, among other things, and you can even use it to find the conficker virus on remote computers. It’s available as a command line tool and for those who prefer a gui, it also comes with zenmap which is a graphical front end for it.

My thanks to Fydor and the nmap development team for constantly updating this awesome tool and never being satisfied with the status quo. Now let me quote insecure.org

July 16, 2009 — Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this.

Considering all the changes, we consider this the most important Nmap release since 1997, and we recommend that all current users upgrade.

You can find a list of the changes here and be sure to download it.

I’m afraid I have some bad news on my mission to install Web Tattoo and remove it and the Fast Browser Search redirector that takes over your web browser.. First I couldn’t find it on Facebook anymore. I don’t know if it was finally removed because of the problems it caused or maybe I’m just not searching correctly but it appears to be gone. So I did a google search for it and was able to find the website where it could be downloaded and installed. Unfortunately, I can’t get it to install into Internet Explorer 7. Every time I’ve tried to install it into IE7, I got an error and it just hangs or quits.

So it’s back the drawing board. Just writing this has given me a couple of ideas of why it won’t install this time. I haven’t given up but I’m afraid it’s already taking longer than I expected. So stay tuned and with any luck, the next update will be the solution.

UPDATE: Here is some info I found about removing fast browser search from Internet Explorer (IE) http://www.pccybertek.com/2009/10/remove-fast-browser-search-from-ie-7-ie8

I’m sure you have all seen this before. Your surfing along, when all of a sudden, you get a pop-up that alerts you that your computer is infected! YIKES! What to do!??! Ah, you can just download a “free” program that will fix it for you. I’d hope you already know, this is a scam. It’s one of two things. You can either download a legit program that will scan your computer, tell you how badly infected it is and you can purchase a full version of the program to remove all your “infections.” Just in case your not really infected, these programs will increase your infection count by adding your cookies to the list. Pretty good way to jack up the numbers, but I wouldn’t call cookies an infection. And I sure don’t have to buy any program to remove them. The other thing that could happen, and probably will is, you will download a program that will then install it’s own addware. Turns out they have a name for this stuff now, and that name is Scareware.

Turns out many people are still falling for this scam. I had to clean my parents computer up, from one of these. Try doing it over VNC, and you may have your patience tested like I did. Anyways, the old folks aren’t the only ones falling for this, and now their is a new variation. Spware Protect 2009, is the new breed of scareware. Not only does it con you by getting you to install it, it actually does damage to get you to “purchase” it for $49.99 and install a trojan downloader. Meanwhile it increases the pop ups telling you how infected your computer is. So you order the program with your credit card and guess what, you just gave them your credit card number, no hacking needed. A local electronics store, with the initials RS, got hit by it and from what I could get out of them, sounds like the whole corp has been infected through their network.

Since I first found out about this last week, I’ve found out that it’s now also being installed by the conficker virus. At first I was thinking, wouldn’t people be suspicious if there was a new piece of software, on their computer? I sure as hell would. Then I started thinking about it, in a corporate situation. Some poor schmuck, in accounting or where ever, could think it was installed by their IT Dept. So the keylogger installed would run until the computer crashed. The one good thing is, the domain that was selling Spyware Protect 2009 is gone. Keep an eye out for variations with new names and the same or slightly modified interface.

-Your friendly neighborhood PC Cybertek

With all the media hype about conficker, I thought you might like a good collection of trustworthy resources. Beware of websites that have recently registered as “conficker help.” In fact, just avoid them all together. There’s also reports of malicious software masquerading as detection and cleaning tools for Conficker-infected computers, as well as spam offering the same.

There’s no need to try and figure out what’s safe or real and what has more sinister plans in mind. The good folks at dshield.org have been keeping an updated list of third party information on conficker. Here you can find plenty of free conficker detection and removal tools, general information and the microsoft patch. That should help keep you updated, safe and informed.

I’ve also found out about one other real neat way of detecting it, but it’s for more advanced users, so I’m going to make a seperate post about it.

The most excellent packet sniffing tool, formerly known as etheral, now known as wireshark has recently been updated to ver 1.0.6 This is one of those programs that I find hard to write up. All I can say is, I love it. When I was first learning about network traffic, I tried out etheral. I loved being able to see that raw network traffic. I was amazed at the shear amount of traffic on my LAN. It also stirred my interest in what all these protocols were.

Soon I was using it to uncover malware and where they were phoneing home to. I also used it to get ip addresses of people on IRC when they DCC to me. And just recently I used it at work. Someone forgot their e-mail password and they needed it to get on their web mail. I just fired up wireshark and the launched Outlook. Then I just looked through the log and found to communication to the POP server, and there was the user name and password.  Set it up with a wifi card and you can capture some intresting packets.

Then there is Sharkfest, June 15th – 18th at Stanford University which I can only dream of going to.

Here is a  beginers video intro to wireshark

It was 20 years ago Tim Berners-Lee invented the World Wide Web. Not quite 20 years to the day, but close enough. In this Ted talk, Tim talks about what is the next step in the evolution of the World Wide Web.

Seeing how I’m now running Word Press, it only makes sense that I would tell you about Word Press TV. If you are running Word Press, or are just thinking about using it, you owe it to yourself to give this site a look.

Even though it’s only been up for maybe 2 months, there’s a lot of great content. There’s plenty of How-To videos, for beginners to advanced users. There’s videos about administration, set-up, widgets, publishing, media, plugins, themes, custom design, and more. There is also a section of videos from Word Camp.

I wanted to write about Word Press TV when it first went live, but I haven’t actully spent any amount of time on it, untill recently. Most of them are using vimeo to host their videos, so the quality is execlent. Theses aren’t some junky, pixalated Youtube videos. They are high quality and when I viewed them with HD turned on, the screen captures of in the how-to videos was perfect and crisp and easy to read the all the text in the videos.  Even when not in full screen or HD you can read them easily. If only everyone made instructional videos at this quality. Check out the example below.

Getting set up with the WP e-Commerce plugin: settings and configuration