Wednesday, February 6, 2013

How to disable UAC (User Account Control) windows 7

User Account Control (UAC) is a security feature of windows 7. Each will access files or applications windows vista system will display a warning UAC confirmation of this security feature. This feature can be turn off (disable) so you are not disturbed by the frequent windows asking "Do you want to allow the followinf program to install software on this computer" Do you want or allow the other .... that appear in the dialog box user account control them. Disabling UAC does not interfere with the performance of windows 7.


How to disable user account control in windows 7, can be done using the following procedure:
1. In the search box type in msconfig and then enter



2. Select the Tools tab
Select Change UAC Settings
Click the Launch


3. Slide the bar to Never notify slice

If successful then the User Account Control prompt box does not appear anymore when installing programs or running a particular application.

For Windows Vista users can refer to the guide here Disable UAC Windows Vista

Some other posts that discuss Windows system can be found here guide Windows 7

Tuesday, February 5, 2013

How to speed up windows 7 (improve the performance of windows 7)

Windows 7 is the latest product from microsoft windows. By default Windows 7 offers many features that are not needed by desktop computer users (individuals). If the features are not so important in disabling or off, it can further improve the performance of Windows 7. What we discuss here is not a hardware upgrade, but configuring the software windows.Karena if upgrading computer hardware costs, while on the other hand for those who can not afford the upgrade, it can improve the performance of the windows by slightly modifying the default configuration.

Here are some tips to speed up / improve the performance of windows 7


1. Disable / turn off unnecessary Windows services, such as:
Disable autoplay / autorun in Windows 7
How to Uninstall Tablet PC components in Windows 7
How to turn off (disable) the automatic updates in Windows 7
Speed ​​up menu display in start menu windows 7
Turn off (disable) telephony service in windows 7
Turn off (disable) the fax service in Windows 7
Turn off (disable) error reporting windows 7

2. Adding virtual memory windows

3. If the size of the hard drive, should the disk space into several pieces through the disk partition
4. Do a scandisk and defrag using disk defragmenter regularly. By doing scandisk and defrag regularly can help windows sector and cluster marking well and damaged the hard drive space, and windows can help sort and classify data stored on the hard drive as the system files, application files, and data files to better suit the needs of the system making it more accessible by windows.
5. Clean junk files windows, such as deleting temporary files, windows prefetch files, clean up the corrupted registry files (error), delete the thumbnail cache explorer,
6. Scanned for viruses and adware, malware and spyware on a regular basis and do not lupaupdate antivirus offline and online.
7. Install applications taste
etc.

Some other tips are discussed on how to use windows 7 can be found here tutorial windows 7

Monday, February 4, 2013

DOS attacks .htaccess and Solutions



If you have local access and are allowed to write. Htaccess itself, there are many interesting things that can be tried. . htaccess is the extension of the httpd.conf, the Apache configuration directory at each level.
Suppose mysite.com files placed on my site as the user's / home / my site / www.
Apache does not limit the size. Htaccess, so you can launch DOS to create the file. Htaccess great.


$cd /home/situsku/www$perl -e'print "# allow from all\n" x 200_000' > .htaccess
The above line will write a file size of about 3MB access. Try accessing situsku.com front page of the local network. If the response is slow, then we can continue the game. If not, then the server has been configured to ignore.htaccess.
We can multiply this effect by creating multiple levels of directories or directory loop. Apache also allowed. Htaccess form symlink, so that we can do like this:
$cd/home/situsku/www$mkdir www2$cd www2$ln -s ../.htaccess .htaccess
Access to www2 will be slower because Apache process first. Htaccess in www /, new to www2. And so on.

Apache prior to 1.2.5 do not check the file type. Htaccess. So it can be attacked by DOS as follows (the example below for. htpasswd):


AuthType Basic
AuthName DoS Attack
AuthUserFile /dev/zero
require valid-user
When trying to read the password file and look for colon delimiters username and password, Apache will get lost in the jungle zero forever, and spend the CPU and RAM.
1.2.5 Apache after checking this, but have not checked fifo or named pipe. We can make. Htaccess file as a named pipe:


$mknod.htaccess p
And when Apache tries to read file access, it will wait forever, because no one writes to the pipe we had. Enter the URL to the directory containing these pipes in your browser repeatedly, then the long Apache will run for each dependent reads .htaccess.
Various other configurations weakness can also be exploited through. Htaccess. For example, if AllowOverride FileInfo active and webserver has mod_status, the following berikan.htaccess to see the Apache status page:
<Files /server-status>
SetHandler server-status
</Files>
Status page is useful to know the level of your Apache busy, and can also be used by attackers to be more effective in doing its job.
Or, if Options FollowSymLinks life, you can view the source code of CGI / PHP another user. For example, users who want to spy is a victim. The following command entered by the user criminals.
$cd/home/penjahat/www$mkdir korban; cd korban$ln -s /home/korban/www www$echo -e " directoryindex none sethandler default-handler forcetype text/plain" > .htaccess
Access the directory / home / criminal / www / victim / www browser. Then you will see all the files belonging to the victim as a source www. You can steal a valuable program, database passwords, etc..
There are some other interesting combinations to play around with. Htaccess. Please search and find out for yourself.


solution 5

Number one, do you need .htaccess? If not, turn it off. AllowOverride None. All problems sorted out. Not only is the system more secure than the user, Apache will also increase performance. Continue to Method 6.
If you need to give access to make .htaccess for the user, then apply this patch: limit_htaccess.patch. Patches can restrict user misbehavior by introducing three new directive.
  • LimitAccessFileSize, to limit the maximum size. htaccess. Note that the default value is 8k. To turn off restrictions on size, give a value of 0.
  • LimitAccessFileType, to limit the types of files are allowed. For example, we only allow regular files and pipes, sockets, device, or even a symlink. Then add this line to your httpd.conf regular LimitAccessFileType.
  • LimitAccessFileToRoot, to oblige. htaccess owned by root. This means that Apache can still run. Htaccess, but the user is not allowed to make their own. You can create such a Web interface control panel, for example, that the user can make. Htaccess, but only certain commands only in limited quantities.
Give Options-FollowSymLinks directive also if you want to prevent people from being able to make a loop directory.
Selection commands that may be given. Htaccess through AllowOverride directive. For example, if you are using mod_perl, menghidupkanAllowOverride FileInfo is not recommended, because the user can make. Htaccess to run a Perl handler itself, which runs as an Apache user and have access to the webserver bowels.

Detection Port Scanner with portsentry


PortSentry is a software designed to detect port scanning & meresponds be activated if there is port scanning. Port scanning is the process of scanning a variety of application services that run on Internet servers. Port scanning is the very first step before an attack is done.
How to work with the port sentry did see a computer scan and will actively block the attacking machine that can not go in and make a deal with our server.
PortSentry can be downloaded for the http://www.psionic.com.
Some of the main features of PortSentry:
 Walking on TCP and UDP sockets to detect port scans into our system.
 Detects stealth scans, such as SYN / half-open, FIN, NULL, X-MAS.
 PortSentry will react in real-time (live) by blocking the IP address of the attacker. This is done by using ipchains / ipfwadm and insert into the file / etc / host.deny automatically by TCP Wrapper.

 PortSentry have a mechanism to remember the machine / host where ever connect to him. That way, only the machine / host who too often make the connections (for scanning) will be blocked.
 PortSentry will report all violations via syslog and indicate the name of the system, the time of the attack, the attacker machine's IP, TCP / UDP port where the attack carried out. If this is integrated with Logcheck the system administrator will receive the report via e-mail.
With the range of features on top of the system that we use seem like lost sight of the attackers. This is usually enough to make a wry guts attacker.

Use PortSentry itself is very easy, even for casual use virtually all the default installation does not need to change anything at all can be directly used.
That might need a little tune-up is portsentry configuration file, all located in / etc / default portsentry. To edit the configuration file you will need a root privilige. Some things you may need in the set are:

 file / etc / portsentry / portsentry.conf is the main configuration portsentry. Here are gradually set which ports that need to monitor, responds what should be done to a machine that does portscan, the mechanism of the machinery removes the routing table, the input to host.deny. The process of setting very easily just by opening / closing a hash mark (#) only.
 the file / etc / portsentry / portsentry.ignore.static enter all IP addresses on the LAN should always be ignored by portsentry. This means that the IP address to enter here, so as not to inadvertently blocked.
 In the file / etc / default / portsentry we can set the detection mode is done portsentry. The better detection mode is selected (advanced stealth TCP / UP scanning), usually PortSentry be more sensitive and more fussy because a little bit will block engines.

Here are the steps to portsentry port scanner detection using Ubuntu:
1. Run the following command to install on the PC Server
# Apt-get install portsentry
2. Edit the configuration file for blocking attacks with TCPWrapper:
# Vim / etc / portsentry / portsentry.conf

#Edit section HISTORY_FILE and BLOCKED_FILE be:
#
IGNORE_FILE=”/etc/portsentry/portsentry.ignore”
HISTORY_FILE="/var/lib/portsentry/portsentry.history"
BLOCKED_FILE="/var/lib/portsentry/portsentry.blocked"
#
# List of TCP and UDP ports are opened and checked by portsentry
# but this does not apply to advanced mode
TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12
346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,327
71,32772,32773,32774,31337,54321"
######################It is necessary to block TCP and UDP For
BLOCK_UDP=”1”
BLOCK_TCP=”1”
######################
#Blok fashioned routing table
KILL_ROUTE=”/sbin/route add –host $TARGET$ reject”
#Blok dari TCP Wrapper
###################### This command is to block ip in /etc/hosts.deny
KILL_HOSTS_DENY=”ALL: $TARGET$ : DENY”
######################
#EOF
3. Edit the file / etc / portsentry / portsentry.ignore.static, not content with that IP blocked,
eg:

# Format : /
# Example: Configuring Ip in Router initrd@vmlinuz.unixminix.com
# eth0 : 202.212.77.99/30
# eth1 : 192.168.1.1/24
#
# Then it becomes Hosts list:
#
# Exclude all local interface
192.168.50.1/32
192.168.50.10
192.168.50.30
127.0.0.1
#
# Exclude nameserver
202.9.85.3
#
# Note: if we do not include its value mask_length
# Then it is assumed to be worth 32 bits.
# So 192.168.1.1 with 192.168.1.1/32
4. File /etc/default/portsentry
TCP_MODE=”tcp”
UDP_MODE=”udp”
NB:
Options TCP_MODE and UDP_MODE:
tcp: portscan detection according TCP_PORT specified in portsentry.conf
atcp: advanced tcp / udp port
stcp: the addition of stealth scan detection

5. Insialisasi Daemon
# / etc / init.d / restart portsentry

6. If it is the road, run # tail-f / var / log / syslog, going out results such as the following:
January 25 08:35:27 localhost portsentry [2192]: adminalert: PortSentry is now active
and listening.

How To Overcome Backtrack Blank Screen when typing startx


When Backtrack 5 R3 release, many users are experiencing blank screen when typing startx. This can happen because some VGA on the computer has not been supported by Backtrack. Backtrack 5 R3 is based on Ubuntu 10.4 and Ubuntu version so far is still a problem with VGA Intel and Nvidia.

To overcome Blank Screen when typing startx, there are some steps that we can do:
Step One: Enter the Backtrack Live DVD
Step Two: Setting the BIOS to boot to CDROM
Step Three: At the boot selection menu press the tab key to edit the grub boot.
Under the menu will be seen writing as follows:

file=/cdrom/preseed/ubuntu.seed boot=casper initrd=/casper/initrd.gz text splash vga=791--
Step Four: remove text splash vga = 791 - and add the following code:
xforcevesa noapic noapci nosplash irqpoll --
so it becomes
file=/cdrom/preseed/ubuntu.seed boot=casper initrd=/casper/initrd.gz xforcevesa noapic noapci nosplash irqpoll -- 
and press enter

Stages of Forensic Activity


Methodologically, there are at least 14 (fourteen) steps that need to be done in forensic activities, as follows:
1. Computer Crime Occurrence statement - a formal stage where interested parties to report the occurrence of a computer-based criminal activity;
2. Collection of Early Proof Directive or - a stage where forensic experts collect all the clues or evidence that can be used as an initial study of forensic material, both tangible and intangible;
3. Letter Publishing Judgment - a level which is suitable for regulation and legislation in place, the court gave official permission to the researcher or investigator to do aktiivitas associated with processing the crime scene, whether virtual or physical nature;
4. Implementation of Early Response Procedures - a stage where forensic experts conducted a series of procedural safeguards of the crime, whether physical or virtual, so sterile and polluted / contaminated, so it can be considered legitimate in the quest items of evidence;
5. Freezing of Evidence on Area Crime - is the stage where all the evidence was taken, seized and / or frozen through certain formal techniques;
6. The transfer of evidence to the Forensic Laboratory - a stage where do the transfer of evidence from the crime scene to the laboratory where analysis and forensics;
7. Making Copies "2 Bit Stream" on Exhibit - a stage which made ​​the process of duplication of evidence into a form identical copies;
8. Development of "MD5 Checksum" Exhibit - a step to ensure there is no contamination or change in the condition of the existing evidence;
9. Preparation possession Chain of Evidence - a decisive step transfer of responsibility and ownership of the original evidence or duplication from one region to another authority;
10. Original Evidence Storage Safe Place - an original evidence storage stage (original) in a safe place and in accordance with certain technical to keep the same strict authenticity;
11. Copies of Evidence Analysis - a stage where melakuka forensic analysis of the details of the goods to a copy of the collected evidence to obtain conclusions associated with the ins and outs of the crime;
12. Making Forensic report - a phase in which forensic experts concluded the details of things that happened around aktivititas crime forensic analysis based on existing facts;
13. Submission Results Analysis Report - is the stage where the official results of computer forensics confidential documents submitted to the authorities, and
14. Participation in Litigation - is the stage where a forensic expert witness in court related to the crime that happened.

about IT Forensic


IT Forensics, also called Digital Forensics. Science is still very new in Indonesia so that an expert or a professional in the field of Digital Forensics is still very small. Therefore we as lay people still do not know exactly, what exactly is IT Forensics or Digital Forensics is. To see this let us learn together. Digital forensics is derived from the disciplines of information technology (information technology / IT) in computer science, especially science that addresses the IT security of digital evidence findings after an event occurs.
The word itself is generally forensic means to bring to justice. Digital forensics or computer forensics is sometimes called the science of analyzing digital evidence that can be justified in court. Computer forensics activity itself is a process of identifying, maintaining, analyzing, and using digital evidence under applicable law.
The experts also gave their definition of IT Forensics in each are as follows:

§ According Noblett, the role is to take, maintain, restore, and presenting data that has been processed electronically and stored on computer media.

§ According to Robin Judd, which is simply the application of computer investigation and analysis techniques to determine the legal evidence that may be.

§ According to Ruby Alamsyah (one forensic expert IT Indonesia), sometimes called digital forensics or computer forensics is the science of analyzing digital evidence that can be justified in court. Digital evidences including mobile phones, notebooks, servers, any technology tool that has the storage media and can be analyzed.

The goal of IT Forensics is to secure and analyze digital evidence by way of describing the current state of a digital artifact. The term digital artifact can include a computer system, storage media (hard disk, flash disk, CD-ROM), an electronic document (eg an email or image), or even a series of packets moving over a computer network. Digital evidence is obtained in the form of information / digital format. This digital evidence can be evidence of real and abstract (must be treated before it becomes a real proof). Some examples of digital evidence include: · E-mail · Spreadsheet software source code file · File · form · Video · Audio image · Web browser bookmarks, cookies · Deleted files · Windows registry · Chat logs
There are four key elements that must be considered forensic digital evidence in regard to information technology, are as follows:
1. Identification of the digital evidence (Identification / Collecting Digital Evidence). It is the earliest stage in information technology. At this stage is to identify where the evidence is located, where the evidence is stored, and how they are kept to facilitate the investigation.

2. Storage of digital evidence (Preserving Digital Evidence). Form, content, meaning of digital evidence should be kept in a sterile place. In order to make absolutely sure there are no changes, it is vital to note. Because of slight changes only in digital evidence, will change the results of the investigation as well. Digital Evidence naturally temporary (volatile), so that its presence would be very careful if not easily damaged, lost, altered, crashed.
3. The analysis of digital evidence (Analizing Digital Evidence). Evidence once saved, need to be reprocessed before it is given to the needy. In this process the required scheme will be flexible according to the cases at hand. Evidence that has been obtained should diexplore back some points related to criminal investigations, among others: a. Who had done. b. What has been done (Ex. use any software) c. The results of the process of what is produced. d. Time did. Any evidence found, should then dilist evidence what are the potential that can be documented.
4. Digital evidence presentation (Presentation of Digital Evidence). Conclusions will be obtained when all the stages had been passed, regardless of the size of objectivity acquired, or obtained the standard of truth, at least the ingredients here then that would be a "capital" for the court. Digital process where digital evidence will dipersidangkan, tested authentication and correlated with the cases. At this stage is important, because this is where the processes that have been done before will be parsed and proven truth to the judge to disclose the data and information events.
To further facilitate understanding the working mechanism of the following is an expert in digital forensics. There are several stages, the main thing is after receiving the digital evidence should be done acquiring process, imaging or cloning is copying the common language with precision the exact same 1-to-1. For example, there is a hard disc we want cloned to a hard disc B, the hard disc is exactly the same 1:1 as hard disc contents even in the hard disc A A are hidden or deleted (delete). All came to a hard disc B. Of these clones then perform a digital forensic analysis. The analysis can not be performed from the original digital evidence for fear of changing evidence. If the work made ​​a mistake on your hard disk cloning, then it could be another repeat of the original. So no need to do an analysis of the original evidence. Second, analyze the content of the data, especially the already deleted, hidden, encrypted, and internet history a person who can not be seen by the public. For example, what are the sites that have seen a terrorist, anywhere emailing, and others. It could be to find a very important document as evidence in court. So it is very important now digital forensics.

Things That done after install BackTrack 5


Here I will give some tips to do after installing backtrack 5, backtrack 5 by default does not provide office suite, multimedia, etc. Codec.

First thing to do is to update / upgrade, type the following command in the terminal.
  • apt-get update
  • apt-get upgrade
install update-manager, its location will be in System => administration => update manager.
  • apt-get install update-manager

install ubuntu software center, just by typing the following command, ubuntu software center and synaptic already automatically installed directly
  • apt-get install software-center
location is in the Applications => ubuntu software center

Synaptic Package Manager lokasinya berada di Applications=>System=>Administration=>Synaptic Packages Manager

install codec music and video player
  •  apt-get install ubuntu-restricted-extras
music player => GNOME
  1. Audacious
    • apt-get install audacious
  2. Rhythmbox
    • add-apt-repository ppa:webupd8team/rhythmbox && sudo apt-get update
    • apt-get install rhythmbox 
music player = KDE
  1. Amarok
    • apt-get install amarok
video player
  1. VLC
    • apt-get install vlc
  2. Mplayer
    • apt-get install gnome-mplayer

LibreOffice 

  • add-apt-repository ppa:libreoffice/ppa
  • apt-get update
  • apt-get install libreoffice
  • GNOME
  • apt-get install libreoffice-gnome
  • KDE 
  • apt-get install libreoffice-kde
 Ubuntu Tweak

GIMP (image editor)

  • apt-get install gimp
inkscape
  • apt-get install inkscape
geany (compiler programming)
  • apt-get install geany
record desktop activity
  • apt-get install gtk-recordmydesktop
 applikasi webcam
  • apt-get install cheese
may be usefull