Hackers Don’t Waste Their Time on Macs

I have a lot of parents in my school who love Macs. Some of the reasons are ease of use–especially for younger users, graphics superiority, intuitiveness, widgets. Another is Macs don’t suffer from the malware and hacking that PCs do.

There’s a reason for the latter. Read on:

Macs’ low popularity keeps them safer from hacking and malware

Warning: Don’t shoot the messenger. I’m just reporting on findings. Last time I factually explained why I like PCs better than Macs (using my first amendment rights to freedom of speech), readers gave my post the lowest ranking ever of any article I’ve written. Wow. Don’t get on the wrong side of that Mac cult(ure).

Three Tips to Keep Your PC Safe

These are good reminders that you can’t just plug a new PC in and expect it to work as advertised. Before you go online to download updates, music, online programs (like Printkey, Jing, or other programs I can’t live without), install the alarm systems:

Keeping That New PC Clean and Pure

By RIVA RICHMOND

Published: September 2, 2009

School starts soon, and many people are getting spanking-new computers. Ah, the joy of a new and more powerful toy — and a clean slate.

Illustration by Randall Enos

A new PC, whether you know it or not, may well have freed you from many malicious programs that steal credit card numbers and other valuable information or otherwise obstruct your safe and private use of the Internet. Now is the time — while you’re getting everything set up just the way you like it — to take some steps to keep your new machine clean and free of malware. Here is what you need to do before you do anything else.

CHECK YOUR FIREWALL SETTINGS

Do this before you even connect your computer to the Internet. Firewalls prevent certain unwanted traffic from reaching your computer, including worms that spread through network connections. New laptops and desktops with Windows Vista (and, come Oct. 22, the next version of the operating system, Windows 7) and netbooks using Windows XP SP2 or higher have a firewall that is built in and turned on by default. You can make sure all is well by going to the Windows Security Center, clicking Start, then Control Panel, then Security Center and Windows Firewall.

Mac users can check and adjust their firewall settings by clicking on the Apple icon and going to System Preferences and clicking on Security and then Firewall. At a minimum, choose “allow only essential services.” A better option is to select “set access for specific services and applications” and play gatekeeper, allowing programs to connect as you need them, said Rich Mogull, founder of the security consultant firm Securosis.

UPDATE YOUR SOFTWARE

Even though you have a new machine, chances are that security fixes have been issued since the manufacturer loaded the software, so you will want to download those as soon as you get online.

Your new PC may prompt you to check for updates from Microsoft, but, if not, open Windows Update by clicking the Start button, then All Programs and then Windows Update. On the left pane, click “check for updates.” (For more information about Windows Security, see microsoft.com/protect.)

To help you keep Microsoft products up to date, Windows will prompt owners of new machines to sign up for automatic updates. You will see a screen asking if you want to “Help protect Windows automatically.” Choose the first option, “Use recommended settings,” so you get everything and don’t have to worry about it again.

Barring an urgent problem, updates come out on the second Tuesday of the month. To schedule exactly what time your updates are installed — say at 3 a.m., when you are asleep — open Windows Update and select Change Settings and make your choices. This is also a good time to turn on the Internet Explorer Phishing Filter, which can help keep you from turning over personal information to the wrong people.

For Mac users, your computer will automatically check for updates once a week. If you are a paranoid person, have it check more frequently by clicking Software Update in the System Preferences panel and then choose Daily.

ADD SECURITY SOFTWARE

Firewalls won’t help fend off viruses or Trojan horses that can come through e-mail messages, Web sites and pop-up ads. Given the frightening number of malicious programs that aim for Windows PCs, owners of these machines really need to use some security software. There are several free antivirus programs, like AVG 8.5 Free, Avast Antivirus and the forthcoming Microsoft Security Essentials, so even penniless students have no excuse to go without. Note that Vista comes with Windows Defender, which blocks spyware and pop-up ads, and that program can be downloaded free by Windows XP SP2 machines.

Since a lot of malicious programs now come through Web sites, you will also want to use one of the many free tools available to help you avoid malicious sites. Microsoft’s newest browser, Internet Explorer 8, will warn you if you try to visit sites it deems unsafe, deceptive or carriers of a common Web attack type called “cross-site scripting” attacks. Other browsers, including Chrome, Firefox and Safari, also warn users about potentially unsafe sites, using a blacklist kept by Google. There is also McAfee’s SiteAdvisor, a free add-on for the Internet Explorer and Firefox browsers (the latter works on both Windows and Mac), that shows site reputation information within search results pages, including warnings about potentially dangerous sites.

There are few malicious programs that aim for Macs, so an antivirus program isn’t essential at this point. That said, some Mac experts think that the days of peace and security for Macs may be waning. There have a been a few Trojan horses recently, and some Web attacks don’t care which operating system you use. If you frequent file-sharing sites, or your employer requires it, buy a Mac antivirus program.

SORT OUT THE APPLICATIONS

New Windows PCs typically come loaded with all kinds of third-party programs, many of which you will never use.

“In a lot of cases, that’s extra software that might have vulnerabilities” that hackers could exploit, says Chad Dougherty, a vulnerability analyst at the CERT Program at the Carnegie Mellon Software Engineering Institute.

To avoid problems, eliminate the programs you don’t need by clicking the Start button and choosing Control Panel and then Programs to see a list of what is on your machine. Select unwanted programs and then hit the Uninstall button at the top of the program list.

Then sign up for automatic updates from the makers of any software you intend to keep — or that you later install yourself, for that matter. To help you make sure you have checked out everything, download Secunia PSI, a free tool that will help you make sure that all the programs on your PC get security patches.

Speaking of that, always be careful about which software you install from the Internet, whether you have a PC or a Mac. These programs can contain vulnerabilities, and pirated programs and random add-ons may be outright malicious.

The 25 Best High-Tech Pranks (16-25)

Ten more high-tech pranks to play on your fellow teachers who refuse to add technology to their class lesson plans. Show them how its done!

The 25 Best High-Tech Pranks

by JR Raphael

16. Bluetooth Blues

“The Office” popularized our next prank, and man, is it ever a winner. Grab your co-worker’s cell phone when they leave it sitting around and pair your Bluetooth headset up to it. Now you can take and make all their calls. Jim Halpert, you are one wise dude.

17. Customized Commotion

Know anyone with the kind of cell phone that displays a customizable message on the main screen? This next one’s for them. When you can, go into their phone’s settings and change the message to “NO SERVICE.” Guaranteed reaction upon their return.

18. Remote Control

Back to the computer for some more advanced antics. This one may be more suited for a close friend or significant other, as you’ll have to install something, and you could probably get fired for doing it at work. Set up a VNC (virtual network computing) server on their system. You can find free ones like TightVNC for Windows or OSXvnc for Macs. Once you get through the configuration, you can click, type, and do anything on their system from your own computer. Do some subtle things like occasional keypresses or program launches and see how perplexed they become. We don’t recommend keeping this up for long, though, or you may suffer serious consequences with their anger (and you may also witness some disturbing pornographic habits as an unintended side effect).

19. The Modern-Day Poltergeist

The less invasive alternative to that idea is a program called Office Poltergeist, and it’s now available as a simple Firefox extension. Once you get this baby installed, you can play annoying sounds, load new web pages, shake windows around, and send popup messages on someone else’s computer. It even has a feature to replace every instance of a word on a web page with another word of your choosing. We suggest swapping “internet” for “intercourse.”

20. Printing Power

If you’re network-savvy, jot this next one down. Do a little investigative work and figure out where your office’s network printer folder is located. Once you have that nugget of info, you’re golden. Navigate over to that path, select any printer, and click connect. You now have the power to print and send random paper messages to other areas of your office with no explanation.

21. Screen Scream

Our next prank comes courtesy of Microsoft, surprisingly enough. The programmers there released an office “Blue Screen of Death” simulator. Install the screensaver on an unsuspecting IT guy’s PC and see the feared symbol of system error pop up after a few minutes of inactivity.

22. Bad Vision

On the subject of screens, the Windows Control Panel provides our next opportunity for mischief. Go into the advanced settings and try shifting the brightness all the way down and the contrast all the way up if you really want to mess with a visionary’s vision.

23. Crazy Keys

Want to drive your friend crazy with his own keyboard? Visit the Regional and Language Settings under the Windows Control Panel for some fun. An arguably insane guy named August Dvorak created an alternate keyboard layout that — big surprise — never took off. But you can still access it and make normal typing impossible. Just go under the Languages tab, click Details, then Add, and you’ll find the option to completely remap the keyboard.

24. Rules of Pranking

Outlook Rules, as a general rule, can make for great pranks. Try setting up one on your co-worker’s computer so that any email from you causes a festive sound to be played, a hard copy to be printed, and a copy to be instantly forwarded back to them for extra emphasis. There are plenty more variations you can try once that combo gets old.

25. Hotkey Hell

Our final prank may be the most tortuous of all. A little program called AutoHotKey — quite the handy utility for legitimate purposes — lets you assign all sorts of macros to key combinations of your choosing. You don’t even have to install anything on anyone else’s computer, as you create the scripts on your own system and can then convert them to executable files that you simply run on another machine. With some very basic scripting, you can cause any string of text to be automatically replaced with something else, regardless of what program the person is in. You can also remap basic hotkeys like Ctrl-P to do anything you want — like open Outlook and send a message to you letting you know how awesome you are. Spend some time with this one and you’ll find enough pranks to keep your hijinks on high output.

So there you have it: the 25 best high-tech pranks. Use them well and use them wisely — and don’t come to us if anyone inflicts physical harm upon you as a result.

How to Protect Your Computer–for Free

Great list from my fellow-blogger, WhatsonmyPC.

FREE Online Virus and Malware Scanners

Listed are FREE online virus and malware scanners that can be used to compliment the scanner(s) already installed on your PC.  Some only scan individual files that you upload to the scanner; while others are full blown scanners that will scan your entire computer.  Keep in mind these are not substitutes for the virus or malware scanner on your PC that have the ability to perform real-time detection.  My favorite on the list is Trend Micro’s Housecall.

The 25 Best High-Tech Pranks (1-15)

These are great. JR Raphael–you are clever.

The 25 Best High-Tech Pranks

by JR Raphael

Everyone loves a good laugh, and in the age of electronics, high-tech hijinks are just waiting to be pulled off. So snuggle up to your screen and get ready to unleash all sorts of shenanigans as we present the 25 best high-tech pranks known to man. Our apologies in advance to your friends and co-workers.

1. The Restart Remap

We start with one sure to throw off even the most advanced Windows user. Setup is simple and you need only a few seconds alone on someone’s computer. When you get a chance, sneak over and right-click your pal’s icon to Internet Explorer or some other commonly used program. Edit the properties and change the target to: “%windir%\system32\shutdown.exe -r -t 00″ Now, every time your buddy tries to run IE, his machine will mysteriously restart — and your laughter will instantly result.

2. Startup Folder Fun

While we’re on the topic of system startups, the Windows Startup folder is a fantastic place for fun. Create a text file with an amusing message and throw it in there so your cubicle mate will get a daily greeting — or, if you really want to get evil, add in the restart shortcut from above (not recommended unless you just want to get your ass kicked).

3. Disappearing Desktop

A classic computer prank never goes out of style. The desktop image trick has been around for a bit, but rest assured: There are plenty of unsuspecting victims still to be found. Just head over to an unattended computer, minimize all the windows, and hit the Print Screen key. Paste the captured image into any graphic editing program — even Microsoft Paint will do — then save the file and set it as the desktop background. Then, all you have to do is hide the actual icons on the desktop — put them in a folder somewhere — and your victim will try endlessly to click the nonexistent icons, which are actually just part of the background image. For another variation, leave one program open when you capture the screen and watch as the person tries to click on it, type in it, and close it to no avail.

4. Auto-Insult

There are few things funnier than forcing a friend to insult himself — and Microsoft has made it easy to do just that. Take a moment to edit the Autocorrect feature in your colleague’s Word or Outlook (it’s in the Tools menu in both programs). Add a new entry to replace their name with “douche,” and watch how much more interesting all their emails and documents will suddenly become. A little creativity can take this one in plenty of different and equally entertaining directions.

5. Serious Business

While you’re in the Word or Outlook settings, another good place to tamper is the dictionary. Replace a few correct words with common misspellings just for giggles. Just be sure to let this one play out and get resolved before your co-worker sends any official memos to the entire corporation.

6. Annoying Audio

A small investment will have a big payoff with the ThinkGeek Annoy-a-Tron. This little $10 gadget can brighten even the dreariest of offices. It looks like a computer part, but when you flip the switch, this fella sends out annoying beeps and buzzes at random intervals. You can toggle between different grating sounds, too. The thing is magnetic, so you just slap it on the back of someone’s computer and watch them try to figure out where that awful noise is coming from (hint: they never will).

7. Phantom of the Office

Taking the Annoy-a-Tron up a notch, the Phantom Keystroker actually plugs into a USB port and then makes random key presses or mouse movements every few minutes. You can control the frequency and the kind of emissions. For $25, this may be worth every penny — especially if you can write it off as a business expense.

8. Manual Control

If your budget doesn’t have a tab for “pranking gadgets,” you can always go the manual route and utilize the USB port to attach a second mouse to a neighboring tower. This works especially well with a person across from you, if you can get under your desk and access the back of their computer. Plug in, wiggle away, and watch them squirm. Added points if you have a wireless mouse.

9. The Speaker Swap

Since you’re already under the desk, try out another switcheroo: the speaker swap. Just plug their speakers into your computer. Now start playing something like a low-frequency heartbeat sound on loop and see how long they try to stop the nuisance on their computer. For a more powerful variation, don’t switch the actual wires, but instead just swap out one of your speakers — preferably the one without the volume control — with theirs. Now they’ll still hear their own system sounds from the remaining speaker, and as an added bonus, they’ll have no way to control the volume of your annoying antics.

10. The Wrath of Rotation

A simple but quick and always amusing prank is putting the screen rotation hotkeys to uses Microsoft never intended. Just run by a co-worker’s desk, reach over and hit Ctrl-Alt-up or down to rotate their monitor orientation. If you have some alone time, you can one-up it by also going into the Control Panel and setting their mouse to left-handed. They’ll spend 10 minutes with their head tilted sideways trying to figure out what the hell is going on.

11. Mousing Around

The laser mouse may have ended the era of mouse-ball stealing, but it opened up another option. Stick a few layered pieces of transparent tape on the bottom side of your friend’s mouse to really mess with its functionability. Or, for bonus points, tape a small Post-It note that says “Why won’t my mouse work?” over the laser.

12. A Pointer Pointer

Another great mouse prank awaits you in the Control Panel. Under the “Mouse” settings’ “Pointer” tab, change the default mouse pointer to the hourglass. Suddenly, the system is always busy working! What’s going on?!

13. Mousing Around

Spend some more time in the “Mouse” settings and you’ll find more fun to be had. Try switching out a pal’s primary and secondary button functions for full confusion, or move the pointer speed to either extreme fast or extreme slow to give them some extreme frustration.

14. Phone Fun

Let’s shift to the phone for a bit. First, a service that never gets old: PrankDial.com. Just surf over and enter a friend’s phone number. You can pick from a bunch of different voices and styles, then enter any message you want, and it’ll call them and say it aloud. You can pull three of these pranks every day at no charge, which ought to leave you plenty of obnoxious options.

15. Telephone Twist

Two other sites bring a different twist to telephone troubles. TeleSpoof.com and SpoofCard.com let you call anyone and have whatever number you want show up in CallerID. See how confused your girlfriend gets when you call her cell phone…from her cell phone. Each service only lets you make three calls per phone number before they make you pay, but that’s enough to give you ample amusement. Oh, and it’s still legal, though that might change — so get on this while you can.

Why Do People Hack?

While financial gain is certainly a big driver for web hacking, ideological reasons cannot be ignored. Internet organizations, especially hosting providers, suffer more often from the former and government from the latter.  Financial organizations might be both, and these attacks are either more frequent or disclosed more often.

Crackers (bad hackers) continue to use the same basic attack schemes–exploiting  application vulnerabilities–and they’re becoming more proficient with automation, which makes their attacks more widespread.

Here are some statistics from the Web Hacking 2008 Incidents Database.

Why do people hack? Not the reasons you might think:

How do they get access to your computer:

Who is most opften attacked:

Obama and Cookies: What’s the Story

I meant Computer cookies

Have you been following the hoopla about White House sending out unsolicited emails? I don’t know how concerned I am about that. It’s a complicated issue (the type that in a past more innocent time, I might have entrusted to my elected officials), and right now, I’m thinking about the new school year rather than conspiracy theories, so I haven’t spent a lot of time on that.

Then, this comes up. You know about cookies. In computer language, they are small text files placed on your computer by a website. They contain a unique ID tag that links you back to the site you visited. When you revisit, you are recognized by that cookie.

There are different kinds of cookies that allow different access to your computer, and that’s where my concern rises that the Obama People are  going too far. Read on…

Obama’s cookies may not go down so easy | Adventures in IT – InfoWorld

Posted using ShareThis

How to Crack your (Lost) Windows Password

For all you out there who have forgotten your password (I see a slew of hands), read this. I know I’m a tech teacher and supposed to be able to rattle of the solution to every problem in the geekosphere, but my buddy, John P., walks you through it–complete with video. What else did you expect. He’s a Marine.

How to Hack Passwords

Here’s the guy who knows. Read this article. It’s important! I’ve summarized some of its critical parts:

How I’d Hack Your Weak Passwords

If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list.

1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth – yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

So, how would one use this process to actually breach your personal security? Simple. Follow my logic:

• You probably use the same password for lots of stuff right?
• Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
• However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
• So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
• Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
• But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)

…

Here are some password tips:

1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
7. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.

You Know You’re a Geek if You Know What ‘Defcon’ is

I know and it’s almost here.

Five Little Known Ways to Hack a Computer

This is amazing. My sister Worddreams blogger (she covers science) posted it, but it has as much to do with technology as science.  In short, here’s how sophisticated criminals are now hacking our computers:

• decode the unique sound of each keyboard key
• capture reflections of the screen from a reflective surface behind the monitor (i.e., eye glasses, even eyeballs)
• take a movie of the typing hands and find out what keys are typed
• capture the data as it goes to the printer (who would think to encrypt that)
• tap into the webcam

Scary, but true. If you want the whole story, read this according to Scientific American.