Truth: if it is not encrypted, it is not secure.

Before creating a password you should know:

â‘´ NO password is uncrackable. The best you can do is making it difficult and non-trivial to determine your password.

What’s the worst password? The one you’ve forgotten.

Password recovery is the most difficult process, sometimes even is impossible.

⑵Whatever method you choose, it’s a good idea to change your password often.

The more important the password, the more often it should be changed.

Why? If someone is attempting a brute-force attack on your password, the hope is that you’re changing it to something they’ve already tried and found to be wrong.

⑶The longer the password, the harder it is to ‘guess.’

Note: many systems limit passwords to 8 characters.

Some clever people are foregoing brute-force hacks (e.g. dictionary attacks), in favor of ‘social engineering’ to obtain passwords.

If somebody calls or emails, requesting your password, it’s a dumb idea to give it to them.

Of course nobody would sticky-note a password to their monitor, or under a keyboard. A good password is one that’s hard to guess, yet easy to remember.

So here are the 6 steps to build a strong password related to you but look no relation.

It also used to avoid common password strategies that fail .

The strongest passwords look like a random string of characters to attackers. It will be perfect if it begins with a letter and mixes with capital letters and small letters and numbers and special characters.

Let’s try to make strong 6 characters password.

1. Think of something that you really want.

Example: “I want 1 million dollars.”

2. Turn your sentence into a password.

try character encoding scheme in this case: “iw1m$”.

3. Add complexity to your password or pass phrase Mix uppercase and lowercase letters and numbers.

Introduce intentional misspellings. For example, in the sentence above, you might substitute the letter i for  the word  “I”, so a password might be “Iw1m$”.

4. Substitute some special characters

Use symbols that look like letters, combine words, or replace letters with numbers to make the password complex. You see, 1=1.0. Using these strategies, you might end up with the password “Iw1.m$”

5. Test your new password with Password Checker

Password Checker evaluates your password’s strength as you type.

6. Keep your password a secret

Treat your passwords with as much care as the information that they protect.

Qualities of strong passwords

Password Length

Each character you add to your password increases the protection it provides.

8 or more characters are the minimum for a strong password;

14 characters or longer are ideal.

Password Complexity

The greater variety of characters that you have in your password, the harder it is to guess.

An ideal password combines both length and different types of symbols.

Use the entire keyboard. Easy to remember, hard to guess The easiest way to remember your passwords is to write them down. It is OK to write passwords down, but keep them secret so they remain secure and effective.

Note:

Avoid sequences or repeated characters

“12345678,” “222222,” “abcdefg,” or adjacent letters on your keyboard do not make secure passwords.

Avoid using only look-alike substitutions of numbers or symbols

Criminals will not be fooled by common look-alike replacements, such as to replace an ‘i’ with a ’1′ or an ‘a’ with ‘@’ as in “M1cr0$0ft” or “P@ssw0rd”.

Avoid your login name

don’t use any part of your name, birthday, social security number, or similar information for your loved ones. This type of information is one of the first things criminals will try, and they can find it easily online from social networking sites, online resumes, and other public sources of data.

Avoid dictionary words in ANY language

Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, profanity, and substitutions.

Avoid using only one password for all your accounts If your password is compromised on any one of the computers or online systems that use it, you should consider all of your other information protected by that password compromised as well. This post may be a little late.

If you need password recovery like windows password recovery, windows Password Reset 7.0 also supports windows 7 password reset.you should refer to How to Recover and Reset Password in windows 7/Vista/XP/2003/2K/NT for Free. .

© 2009, Guest Editor. All rights reserved. On republishing this post you must provide link to original post.

The first thing which you check if you forget login password. When we install Windows, it automatically creates an account “Administrator” and sets its password to blank. So if you have forget your user account password then try this:
Start system and when you see Windows Welcome screen / Login screen, press ctrl+alt+del keys twice and it’ll show Classic Login box. Now type “Administrator” (without quotes) in Username and leave Password field blank. Now press Enter and you should be able to log in Windows.
Now you can reset your account password from “Control Panel -> User Accounts”.
Same thing can be done using Safe Mode. In Safe Mode Windows will show this in-built Administrator account in Login screen.

If you sure that you had completely no idea what your password is, then keep trying these methods.

Method 1: Take a rest

Sometimes, human being is a little weird. You won’t get the thing that you urgently need. So have a coffee, take a snap or even come back after a few days, you may found that you suddenly ‘remember’ your Windows password.

Method 2: Reset password with RESET DISK if you made before.

Windows XP and further versions also provide another method to recover forgotten password by using “Reset Disk”. If you created a Password Reset Disk in past, you can use that disk to reset the password. To know more about it, please visit following links:

http://support.microsoft.com/kb/305478

Method 3: Reset password from another administrator account

If you cannot log on to Windows by using a particular user account, but you can log on to another account that has administrative credentials, follow these steps on how to do the trick:

1. Log on to Windows by using an administrator account that has a password that you remember. You may need to start WinXP in safe mode.

2. Click Start, and then click Run.

3. In the Open box, type “control userpasswords2″, and then click OK.

4. Click the user account that you forgot the password for, and then click Reset Password.

5. Type a new password in both the New password and the Confirm new password boxes, and then click OK.

Method 4: TRY command prompt about password reset trick

1. Log in with any valid account.

2. Bring up the command prompt.

Type: net user

You get a list of accounts

Type: net user Administrator *

Type: net user (any account on that list) *

3. It prompts for a password. Enter one, then enter it again when prompted to confirm.

Now, try to log on as ‘Administrator’ with your new password.

* Please note that this might not work on a LIMITED account

.

Method 5: Make third party recovery tool yourself

There are a lot of tools and utilities that can be downloaded and used to recover, reset, retrieve or reveal existing password. These windows password recovery utilities, free or paid, are usually a Linux boot disk or CD that able to comes with NT file system (NTFS) drivers and software that will read the registry and rewrite the password hashes, or can brute force crack the password for any user account including the Administrators. The advantage is that there is no fear of leaking your password to outsiders, while the process requires physical access to the console and a floppy or CD drive, depending on which tool you choose. And it’s not easy, although it always work!

Below is the most famous recovery tool I found:

Windows Password Recovery Tool 3.0 ( http://www.windowspasswordsrecovery.com ) – it is the most popular Windows password cracker . It is a very efficient implementation of windows any versions. It comes with a Graphical User Interface and runs on multiple platforms.
http://www.windowspasswordsrecovery.com/images/Howtowork/ChoseUser.jpg

Password Recovery Bundle ( http://www.recoverlostpassword.com/ ) –This is a utility to reset the password of any user that has a valid (local) account on your windows system. You do not need to know the old password to set a new one. It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD. It’ll detect and offer to unlock locked or disabled out user accounts. It is also an almost fully functional registry editor.
http://www.recoverlostpassword.com/images/product/windows_box.png

Windows Password Key 8.0 ( http://www.lostwindowspassword.com/ ) -It is considered as the best tool to reset local administrator and user passwords on any Windows system. It creates a password recovery CD/DVD, USB Flash Drive for home, business and enterprise. And most of all, it’s the most popular and safe solution for removing your Windows password until now.
http://www.lostwindowspassword.com/images/index/box.jpg
http://www.lostwindowspassword.com/images/howtowork/burn_cd_3.gif
http://www.lostwindowspassword.com/images/howtowork/choseuser.jpg

Method 6: Make a Wish!

If it doesn’t work above, I hope that you have some hacker friends.

© 2009, bombermanneo. All rights reserved. On republishing this post you must provide link to original post.

© 2009, Webmaster Blog. All rights reserved. On republishing this post you must provide link to original post.

On Tuesday, security vendor McAfee reported that it’s seen a huge spike in fake MP3 files spreading on peer-to-peer networks. Although the files have names that make them look like audio recordings, they’re really Trojan horse programs that try to install a shoddy media player and adware on your computer, said Craig Schmugar, a researcher with McAfee.

“Once you run it, there is no content. You’re taken to this site to install this player which you don’t really need,” he said.

Fake file names include: preview-t-3545425-changing times earth wind .mp3 and t-3545425-just got lucky.mp3. Schmugar listed more filenames, as well as details on the adware, in a Tuesday blog posting.

Users are first asked to OK an end-user license agreement before the Trojan installs two programs, Mirar and NetNucleus, on their PCs.

Ironically, while the Mirar software tells users that it doesn’t display popups, NetNucleus does deliver popup ads, so users who do not realize that they are installing two programs might feel tricked, Schmugar said. “You have a Window telling you that there are no popups and right behind it is a popup.”

Although McAfee has seen some nasty software disguising itself as media files in the past, it has never seen anything on this scale, Schmugar said. Over the past 24 hours, nearly a third of the McAfee customers who reported data back to the security company have detected these files, he said.

In the past few days McAfee has spotted the files on more than 360,000 users’ desktops.

Shit … What next ?

© 2009, Webmaster Blog. All rights reserved. On republishing this post you must provide link to original post.

Microsoft on Friday warned of a serious risk to people who use Safari on Windows XP or Vista, going so far as to suggest people “restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.”

Good news is that according to Redmond there aren’t yet any known attacks against the flaw. Bad news is that if anyone does create such an attack, a crook could install any software he wished – such as ‘bot’ malware that allows for complete remote control – on a victim PC.

The threat targets two separate flaws, one in Safari and one in IE, and you’d have to first browse a malicious site with Safari. Doing so would download unwanted software onto your desktop, which could then be executed without your permission by triggering a separate flaw in IE (and you wouldn’t have to start IE to get hit). In its security advisory, Microsoft acknowledges the critical risk of ‘remote code execution,’ which is as bad as it gets.

Apple, on the other hand, says “we are not treating this as a security issue,” according to a quoted e-mail posted by stopbadware.org. Not a good move, if you ask me.

If you do use Safari, Microsoft says you can apply a workaround to protect yourself. Change the default download location (normally the desktop) in Safari with the following steps:

Launch Safari. Under the Edit menu select Preferences.

At the option where it states Save Downloaded Files to:, select a different location on the local drive.

Safari Flaw Worse Than First Thought, Microsoft Warns

Microsoft is warning that a previously disclosed flaw in Apple’s Safari browser could have dire consequences for Windows users.

The Safari bug, originally disclosed on May 15 by security researcher Nitesh Dhanjani, allows attackers to litter a victim’s desktop with executable files, an attack known as “carpet bombing.”

It turns out that if this flaw is exploited in combination with a second unpatched bug in Internet Explorer, attackers can run unauthorized software on a victim’s computer, according to Aviv Raff, a security researcher. Raff says he originally reported the IE flaw to Microsoft more than a year ago, and then told them about how it could be combined with the carpet bombing bug just over a week ago.

IDG News Service tested Raff’s demonstration attack code, which runs Windows Calculator on a victim’s system. For the attack to work, a victim must first visit a maliciously crafted Web page with the Safari browser, which in turn will trigger the carpet bombing attack and exploit the IE flaw.

Both the Safari and IE bugs “are moderate vulnerabilities that, combined, produce a critical flaw, which allows remote code execution,” Raff said in an instant message interview.

Microsoft is taking the issue seriously. It released a security advisory on the problem late Friday, a sign that it may be working on a patch for the IE flaw. The advisory says that the vulnerability has to do with the way Windows handles desktop executables and recommends that Windows users “restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.”

The attack reportedly affects all versions of Windows XP and Vista, Microsoft said.

Apple may not be rushing out to patch this bug, however. Dhanjani says that Apple has told him that it is not treating the Safari bug as a security issue, a response that has generated criticism from the security community. Last week, for example, the consumer advocacy group Stopbadaware.org urged Apple to reconsider this stance.

According to Raff, unless Apple patches the bug, more attacks like the one he found in IE are likely to pop up. “This is not the only issue that can be combined with the Safari vulnerability,” he said. “If Microsoft fixes this, Safari users will still be vulnerable.”

Apple didn’t immediately respond to a request for comment.

© 2009, Webmaster Blog. All rights reserved. On republishing this post you must provide link to original post.

Raymond Chen, a developer on the Windows Shell team at Microsoft has made public some internal data from 2007 containing the statistics extracted out of all Windows Explorer error reports. According to Microsoft, the number one killer of Windows explorer is malware.

“The XYZ virus (not its real name) and its variants together are responsible for the top six categories of Explorer crashes, and by an enormous margin,” Chen stated. “Seventh place, an actual bug, comes in at only 1/80th the rate of number six; if you group all the XYZ virus failures together, then the combined virus failures outnumber the most popular Explorer bug by a factor of nearly 600.”

Chen failed to explain what the “units” reference in the graphic represents. However, what is clear is the fact that a single piece of malicious code, along with two additional versions were responsible for causing 600 times more crashes than a bug in Windows Explorer. This is one case where Microsoft is not responsible for the user experience delivered by its operating system although some may argue that poor security is what led to the infections generating Windows Explorer crashes in the first place. However, the Redmond company is simply too easy a target, along with the Windows client, and the general tendency is to blame both for problems that are not directly connected with the quality of the operating system or with Microsoft.

“I remember reading a report that half of Explorer crashes can be directly attributable to malware. Seeing the top Explorer crash swamped by a single virus really drives that point home. The anti-malware team is very interested in this data, because when a new category of Windows crashes suddenly spikes in popularity, there’s a decent chance that a new virus is on the loose,” Chen added.

© 2009, Webmaster Blog. All rights reserved. On republishing this post you must provide link to original post.

A wiry young man with his head shaved and wearing a tank top points a handgun straight at the camera in a disturbing YouTube video. The man wears what appears to be a wedding ring, and he gazes vacantly away from the viewer.

Though it’s an odd image for an advertisement, this video isn’t promoting your average company. It’s from a not-so-underground Albanian hacker group that’s out to make a name for themselves in the thriving world of malware and computer crime. Besides the shot of the gunman, the video showcases images of a computer screen, a table loaded with foreign currency, and plenty of links to the group’s Web site.

Malware is big business, and groups like the Albanian hackers are trying to cash in, using the latest Web 2.0 tools: social networking profiles, blogs, and other publicly available media and Web pages. The digital desperados are moving more and more into wide-scale advertising and brand building on public sites and networks to grow their underground trade.
Not Illegal

But wait a minute–how can people get away with selling programs for breaking into your PC or stealing your identity? Simple: Selling malware is not directly illegal in the United States (or nearly anywhere else). Only using it is illegal.

As the malware underground grows, “it’s moving away from technology towards business,” says Zulfikar Ramzan, senior principal researcher with Symantec Security Response. While virus vendors are still quick to jump on the latest security vulnerability or technical trick, “the real innovations are more business and marketing,” he explains.

On the face of it, public ads appear to violate the number-one rule of any illegal activity: Don’t make yourself known. And it’s true, says Ramzan, that “the more sophisticated guys are more quiet.” But since the writers and sellers of Trojan horses and other malicious apps have no real fear of legal repercussions, they have no compelling reason to be shy.

Don Jackson, a senior research­er with managed security services provider SecureWorks, says the Albanian advertisers are a team of hackers who break into computers and networks. “They want to be used for criminal purposes,” he says. So they advertise.

Another video ad, this one from a Turkish group, hypes a program used to break into PCs. The group’s name and logo (a stylized alien face with the Turkish crescent-and-star emblem on its forehead) play front-and-center in the program’s graphical interface, and the video’s speaker walks the viewer through a 5-minute-plus tutorial on using the program. More than 17,000 people have watched it.

Beyond YouTube:

YouTube is a popular venue for ads from malware makers, with videos for supposedly undetectable Trojan horses, “packers” that compress and obfuscate malware payloads, and even password stealers for breaking into Steam online game accounts. (Asked about the trend, a spokesperson says that YouTube doesn’t control site content, but that it will investigate if viewers report videos as inappropriate.)

Advertisements from Internet bad guys don’t stop with YouTube. According to Jackson, many online thugs maintain profiles on social networking sites and blogs to keep in touch with their business partners and customers. Many bot­net controllers, who sell time on their networks of bot-infected PCs to spammers and other crooks, keep blogs on the livejournal.com site, Jackson says.

The crooks who use these profiles and blogs may not give themselves away with direct references to nefarious malware activities. But the sites provide a more distributed, harder-to-track way of keeping in touch than using one particular underground site. They may also offer a platform for spouting fascist ideology, as Jackson refers to one Russian underground figure known as ‘lovinGOD,’ or some other pseudo-philosophy that ties one or more of these groups together.

And the pages advertise the bad guy’s contact info–an ICQ handle, say, or some other way to get in touch about buying or selling malware.

The profiles offer “the capability of hiding in plain sight,” says Tom Bowers, senior security evangelist with antivirus-maker Kaspersky Lab. Thankfully, they’re not entirely hidden. Bowers says he works with law enforcement professionals, who try to track the bad guys through social networks. But the crooks are watching the cops, too.

The researchers at the SpywareGuide Greynets Blog recently discovered that malware pushers, pedophiles, and other criminals on MySpace were using a trick to track their trackers. A few lines of Javascript code inserted on a profile meant that if you happened across that page, “you [were] automatically subscribed to that person’s video channel.” Meaning the profile owner got “a record of every single Myspace user that has visited [his] profile page.” (MySpace says it’s working on closing this hole.)
Limits of the Law

All these public ads and profiles can help law enforcement glean useful data for investigations. But since selling malware isn’t illegal, they’re unlikely to lead directly to prosecutions.

Of course, using malware is clearly illegal. And a Department of Justice spokesperson says it could charge a virus vendor with aiding and abetting, or conspiracy to commit a crime, if it busted someone else who used that purchased malware to infect a PC. But the prosecutors would have to prove the seller intended for the code to be used in criminal dealings, instead of, say, security research, which makes it a fair bit harder. The spokesperson said she couldn’t find any instances of actual prosecutions of this type in her initial search of cases.

And that’s just in the United States. In many parts of the world, bringing known phishers and malware lawbreakers to justice isn’t exactly a priority.

© 2009, Webmaster Blog. All rights reserved. On republishing this post you must provide link to original post.

Its Really Simple, Just follow these Steps ..

• Insert your XP cd.
• Browse to the I386 folder
• Find and open unattended.txt
• Scroll down to see the cd-key

Enjoy !!

© 2009, Webmaster Blog. All rights reserved. On republishing this post you must provide link to original post.

When you open C drive or other drives by double click it’ll pop up Open With windows and ask you to choose the program to open that drive.?Or errors such as

1. Access Denied
2. VBScript error with error code of 800A041F
3. Drive opens in new windows

Solution-I

Open control panel (classic view)/folder options. Scroll down advanced settings window and uncheck the “use simple file sharing”.Apply and right click on the volumes in question, select properties and click on “security” tab.(You need to set permissions on those volumes in the administrator rights.)

Microsoft KB 308419

There you’ll see detailed sharing permissions/restrictions for all relevant accounts on that particular drive/file/folder. (Taking that you have administrative permissions) click on “Administrators ([computer name]\Administrators)” (first one from the top) and check allow on “full control” and click “apply”.

If you see your account name on the list, either remove it or allow full control. If you are only user on that PC I suggest removing it from the list, for you are administrator and comply with “administrators” permissions.

After setting the permission, click on the “advanced” button. In the first tab select “Administrators ([computer name]\Administrators)” (same as before) and check the “Replace permissions entries on all child objects with entries shown here that apply to child objects” and apply

Solution-II

Normally when a virus infects a windows system which causes a drive opening problem, it automatically creates a file named autorun.inf in the root directory of each drive.

This autorun.inf file is a read only ,hidden and a system file and the folder option is also disabled by the virus. This is deliberately done by the virus in order to protect itself. autorun.inf initiates all the activities that the virus performs when you try to open any drive.

Follow the set of commands below to show and delete the autorun.inf

1. Log in as Administrator or user with administrator rights.
2. Turn Off system restore.
3. Start–>> Right Click My Computer–>> Properties–>> System Restore Tab–>>Turn off System Restore on all drives–>> Apply–>> Ok.
4. Launch Task Manager by pressing alt+ctrl+del
5. click on processes tab.
6. Find wscript.exe, If it is running end this process..
7. End EXPLORER.EXE process from Task Manager
8. Open Start>>Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps.
9. Type cd\
10. Type attrib -r -h -s autorun.inf
11. Type del c:\autorun.* /f /s /q /adel d:\autorun.* /f /s /q /a

    del e:\autorun.* /f /s /q /a

12. Now type d: and press enter for d: drive partition. Now repeat steps 3 and 4. Similarly repeat step 5 for all your hard disk partition
13. Start>Run>Type ’regedit”. Navigate to the following registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    Find this key: userint.exe .make sure its value is Userinit”=”C:\WINDOWS\system32\userinit.exe,If, It is not, than changed value to this value.

14. Restart your system .

© 2009, Webmaster Blog. All rights reserved. On republishing this post you must provide link to original post.

Even though the initiative was rolled out in 49 countries, Microsoft’s director of intellectual property in Australia told the Sydney Morning Herald newspaper that the Redmond-based software giant would not be able to solve the problem fully ever.

“Are we able to solve absolutely every problem? No… there are some people who will always not want to pay for something and there are always people who will want to exploit,” she said in an interview to the Australian newspaper.

The program, launched in 49 countries spanning six continents, aims to combat the trade of pirated and counterfeit software.

The initiative includes intellectual property awareness campaigns, engagements with partner businesses, educational forums, local law enforcement training, and legal actions against alleged software counterfeiters and pirates.

“Software piracy and counterfeiting is a sophisticated global trade and Microsoft is committed to working with industry partners in India and around the world to stay a step ahead of this criminal industry,” said Vipul Sant, director – original software initiative, Microsoft India.

For the India chapter, the company has tied up with the Kolkata-based Computer Association of Eastern India (COMPASS) and the Guwahati-based North East Computer Traders Association (NECTA) to educate members on the pitfalls and risks of piracy.

“Sustained industry efforts have helped reduce software piracy in India by four percentage points in as many years and we are committed to continuing on this path and working closely with the government, law enforcement agencies and our customer and partner communities to protect legitimate businesses from this illegal trade,” Sant added.

As part of its enforcement measures, Microsoft has taken 15 civil enforcement actions against resellers indulging in hard-disk loading case, involving Microsoft Windows and Office.

© 2009, Webmaster Blog. All rights reserved. On republishing this post you must provide link to original post.