Of course you can access another PC remotely using A.A.S., TeamViewer, VNC, Desktop Share and Live Mesh and more...but here is yet another cool solution for PC and MAC, all for free. Mikogo is an easy-to-use screen sharing tool for Windows and MAC and it's free! Instantly show your computer screen to anyone online. You can show anything you want - in true color quality - to up to 10 people at the same time! Use Mikogo for:

• Online real time Meetings
• Product Demos
• Online Presentations
• Remote Support
• Webinars

{ Continue Reading }

The screen above is showing you two windows users. You can have as many as you want. Many users do not bother about creating more then one accounts. While installing windows XP, user is asked about administrator password. Some users provide password and some not. In case you have not given administrator password and created another windows user. Suppose you forgot user's password then you can always Ctrl+alt+Del twice at Logon screen to switch between Log On Mode which will bring prompt asking you user's name and password. Write administrator in user input box and press enter. You are in. That is ok.

I am discussing here the worst case. Consider the following scenario:

- You gave administrator password during installation.
- You did not created another user other then administrator after windows XP installation.
- And then you forgot your password.
- Now you have Log on screen asking you the the user's password or administrator password which you have forgotten. Now what?

What to do (You might not want to do the installation again or secure some files etc.)

There are number of ways to cope this problem. i.e.

• Use bootable CD to log into Windows as another user
• Use Active Password Changer - www.password-changer.com
• I recommed you another way relating to SAM files.
  There is a location in Windows Xp as
  C:\WINDOWS\system32\config
  There are two files
  1- SAM.txt
  and
  2- SAM
  These files contain user information.
  Delete these and password will be removed for all accounts.
  Now you are not in Windows.
  You have encountered a screen asking you password.
  And you need to go to the path
  C:\WINDOWS\system32\config
  to remove SAM files.
  Use another PC.
  Connect your hard disk with locked account in that, run that other PC with connected 2nd hard disk and browse its C drive for that location and delete SAM files.
  Unplug your hard disk.
  Connect it to your PC.
  Boot the PC.
  Password will be blank.

XSS or Cross Site Scripting
Remote Code Execution
SQL Injections

These are names of same procedure.

Cross Site Scripting

Cross-site scripting (XSS) is a type of web security vulnerability typically found in web applications which allow code injection by hackers into the web pages by finding back doors and insecure and carelessly handled code. When they are done, they can execute code at your website and get your database and website private information.

Preventing XSS Attacks

Some people call it bad code which is said to be cause of vulnerability. There are ways to secure code to prevent such attacks.

• Validate each input used in every form of your website
• Filter special characters from inputs e.g. % , < , > etc
• Encode special characters where needed e.g. & into

  &

  etc.

SQL Injections

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of a web application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

Types of SQL injections

• Incorrectly filtered escape characters
• Incorrect type handling

Incorrectly filtered escape characters

In this type of SQL injection user input data is not filtered for escape characters.

For Example:

"SELECT * FROM users WHERE name = 'userName';"

If userName entered by user is = 'a'

"SELECT * FROM users WHERE name = 'a'"

Which will bypass user authentication method.

Incorrect type handling

This form of SQL injection occurs when a user supplied field is not strongly typed or is not checked for type constraints.

Writing Secure PHP Code

• Use Magic Qoutes. By using magic quotes you provide extra security to form input by adding backslashes to user input.

  * A backslash becomes \
  * A quote ' becomes '
  * A double-quote " becomes "

  To get original data input written by user you use stripslashes. A very good example is here and here.

• Change extension of web pages from php to html in apache by mod rewrite
• Use clean function as below

  <?php
  function clean($string) 
  { 
  $string = stripslashes($string);
  $string = htmlentities($string);
  $string = strip_tags($string);
  return $string;
  }
  ?>

• You can serve php code in html file
  http://bugs.php.net/bug.php?id=27580

More Security Measures

• Never use scripts from unreliable source.
• Always use only updated open source softwares and whenever a security upgrade is available or updated version is available, update your software immediately.
• Never and ever use or set Register Globals ON in php ini settings.
• Validate all inputs in any form at local side and sever side.
• Use web site vulnerability scanner softwares to ensure that website has no backdoors or security holes.
• Use reCAPTCHA for website forms.
• Always backup your web application at regular period.
• Check file and folder permissions (CHMOD) at your web server via ftp. Files must not be executable or writeable.
• Make folders forbidden which have no index file.
• Use Mod Rewrite
• Use redirection wisely
• Create custom error pages

Finally remain updated about security issues, bugs or vulnerability information about PHP by following website.

http://phpsec.org/

Is your website secure? XSS attacks (Cross Site Scripting) provides hackers access to your website content and database. If web applications are not secure, then your entire database of sensitive information is at serious risk.

Hackers are on the lookout for Cross Site Scripting (XSS) vulnerabilities in YOUR web applications. Shopping carts, forms, login pages, dynamic content are easy targets. Beat them to it and scan your web applications with Acunetix Web Vulnerability Scanner:

• Acunetix WVS automatically checks your web applications for XSS, SQL Injection & other vulnerabilities
• Firewalls, SSL and locked-down servers are futile against web application hacking
• Acunetix checks your web applications for coding errors that result in Cross Site Scripting vulnerabilities
• Acunetix also checks for other vulnerabilities in popular web applications such as Joomla, PHPbb, Wordpress etc.
• Acunetix identifies files with XSS vulnerabilities allowing you to fix them BEFORE the hacker finds them!

Audit your web site security with Acunetix Web Vulnerability Scanner. The best part about this software: Its free version is also available.

Download Link
http://www.acunetix.com/cross-site-scripting/scanner.htm

website scanner

Web hosting has been always a tricky question for webmasters. Sometimes you get satisfied with current hosting provider but its all a matter of time. I have experienced a loss recently. Mistakes might be mine also but some hosts do not cooperate enough to secure you but they leave you in critical time. I will not name the host. But I will reveal a critical situation I have been in. My Web hosting account was hacked. Web host suspended away my account and recommended me to move host.

Possible Reasons Involved

• I was busy and away from my web account
• I was using old versions of WordPress software
• I was not aware of critical threat about website vulnerabilities
• Too much reliance on host
• Uploading of different open source software at my web host for checking purpose
• Uploading of unsecured forms

Consequences

My hosting provider scanned my website and suspended my account. They informed me that there are some malicious scripts at my website. I checked these and deleted which I could find. Soon enough there were more found and support from host told me to move host.

What I had To Do

They suspended my account. My seven websites Including blogs also went down (These were at same web account). I had just Control Panel and ftp access. I downloaded data and databases. Setup blogs at local host. Exported my posts. Got shifted to new host. Transferred domain names. Uploaded new WordPress software. Imported posts. Took long time.

What Web Host Could Had Done

• They could told me all vulnerabilities and locations of scripts to me so that I could get rid of those
• They could advise me to download all data and after cleaning upload it
• They could themselves remove all vulnerabilities as I gave them permission to do so because they are supposed to be more technical in this

After This What I Could Conclude

• Web host will suspend your account and can delete it anytime whenever they will feel that you are in trouble and they will tell you to move host, doesn't matter you tell them that you are not quiting and will try to fight back against threats
• Always upgrade new version of software
• Get a website scanner and scan website for cross site scripting threat and other vulnerabilities
• Well manage your .htaccess and robots.txt file
• Take care about directories and file permissions
• Do not upload unnecessary open source CMS or scripts for checking unless you know about it fully
• Get a Unix based web hosting
• Do not put all websites in one webhosting account (If you have enough budget then I will recommend you to take separate web hosting account for each domain and website)

My Recommendation

• Get DreamHost Web hosting (Unix Based) Dreamhost Control Panel Demo
• Get Website vulnerability scanner Acunetix Cross Site Scripting Scanner Free Version
• Get latest version of WordPress Download Latest Version

Know More About WordPress Vulnerability

Old wordpress version can get your blog banned from google
Wordpress SQL injection vulnerability
Wordpress upgrade importance
Wordpress Vulnerabilities list, Blog watch
Wordpress Exploit Scanner Plugin
How to know that your blog is vulnerable or being hacked

Change the PC resources in the way you like it. Thats what 'Resource Hacker' is all about. If you like to play tricks with your PC and like to tweak it a bit then 'Resource hacker' is a good choice out there and it is absolutely free and easy to use.

Resource Hacker is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.

Viewing Resources: Cursor, Icon, Bitmap, GIF, AVI, and JPG resource images can be viewed. WAV and MIDI audio resources can be played. Menus, Dialogs, MessageTables, StringTables, Accelerators, Delphi Forms, and VersionInfo resources can be viewed as decompiled resource scripts. Menus and Dialogs can also be viewed as they would appear in a running application.

Saving Resources: Resources can be saved as image files (*.ico, *.bmp etc), as script files (*.rc), as binary resource files (*.res), or as untyped binary files (*.bin).

Modifying Resources: Resources can be modified by replacing the resource with a resource located in another file (*.ico, *.bmp, *.res etc) or by using the internal resource script compiler (for menus, dialogs etc). Dialog controls can also be visually moved and/or resized by clicking and dragging the respective dialog controls prior to recompiling with the internal compiler.

Adding Resources: Resources can be added to an application by copying them from external resource files (*.res).

Deleting Resources: Most compilers add resources into applications which are never used by the application. Removing unused resources can reduce an application's size.

Download Resource Hacker

This is suppposed to change your dynamic IP Address.

Open notepad and type 

ipconfig /flushdns
ipconfig /refresh
ipconfig /renew
ipconfig /all>newip.txt
end 

then save as (select all file types) --- ip.bat

this is now a batch file rather than a txt file. Simply hit run on the file and watch the progress.

If you want to print out the results then add this line into the same file befoe "END"

ipconfig /all>filename. txt

A report will be saved in the same directory as your batch file, detailing your new ip and a bit more...

While you're enjoying your latte and a bagel, some hacker might be accessing your passwords, credit card numbers, sensitive company data and much more. And standard antivirus software won't protect you. That's why AnchorFree is pleased to offer Hotspot Shield. This free security software keeps your Internet connection secure at public hotspots, home or work.

100% Security Through a VPN

Hotspot Shield creates a virtual private network (VPN) between your laptop and the wireless router. This impenetrable tunnel prevents snoopers and hackers from viewing your email, instant messages, credit card information or anything else you send over a wireless network. Which means you remain anonymous and protect your privacy.

Hotspot Shield security software is free to download, employs the latest VPN technology, and is easy to install and use. So go ahead - Get behind the Shield.

Hotspot Shield runs on:

• Windows Vista
• Windows XP
• Windows 2000
• Mac OS X (10.5 Leopard)
• Mac OS X (10.4 Tiger)

Here is how it does something with your online presence. I am in Pakistan but You can see my location and IP which are different then origional in image below. 

Download Hotspot Shield

Have you ever experienced that after you installed windows and set your user name and giving it a password someone managed to log into the computer.

Well here is a precaution to avoid that. While installing windows always give password to administrator account. While installation it asks for administrator password and many guys ignore it and when installation is done they set a windows user and start doing work.

Still there is an administrator account with blank password.

And if someone just press Ctrl+Alt+Del twice at welcoem screen it asks for default administrator account access and there he can enter with blank password and change your user password or access your files as an administrator.

Always set default account (administrator) password.