Back up your copy-protected CDs
When I purchased my first CD-R drive (1X speed), the standard for burning CD-Rs was Easy CD Creator. Somewhere between the launch of Windows 2000 and the launch of Windows XP, Easy CD's market share started to give way to Nero's market share.
Today, Nero is my CD-burning software of choice. It's rock-solid, it's easy-to-use, and it works great for burning and backing up data and music CDs. But it can't handling copy-protected data CDs such as games.
Most new games released in the United States have some form of copy protection. If you stick a new game in your CD-ROM drive, put a blank in your CD-R, and click copy, you'll likely get errors and the copied disc won't work. The solution: Alcohol 120%.
Copy protection
There are several CD copy protection solutions, including SafeDisc, StarForce, and SecuRom. Most of these solutions work by duplicating errors. When it's created, a copy-protected data disc is burned with unique errors or physical flaws. Under normal usage these errors are ignored. But when you try to copy the disc, the CD-burning software tries to correct these errors. After receiving the first few errors, the burning software decides the disc is damaged and aborts the burn.
Alcohol 120% can duplicate these errors on new CD-Rs using a different backup method for each type of copy protection. Backing up your games is a two-step process:
You must identify the type of copy protection used on your games. But how? Use the Internet.
Fire up Alcohol 120% and select Copy Wizard.
Under Datatype choose the copy protection of your game.
Click Next and begin your burn.
Hard-drive backup
With Alcohol 120% you can also back up and run your games on your hard drive.
Choose the Image Making Wizard in Alcohol 120%.
Choose Datatype.
Select the copy protection of your game.
Click Backup. This will create a duplicate CD image on your hard drive.
Once you have the image on the hard drive, you can mount it as a virtual CD drive and run the game directly from your hard disk. Not only does this save you from swapping out CDs, but it also runs the game up to 200 times faster than a standard CD-ROM drive.
Learn more about Alcohol 120% and download a free trial copy.
Thursday, February 12, 2004
Hide From Hackers
You can't get hacked if your Windows XP PC can't be found
Remember this mantra: Hackers can't hack what they can't find. Watch today's show to find out how to put yourself under a hacker's radar.
Hackers often look for targets using ping sweeps with a tool such as NMap. When a computer responds to the ping sweep, it's identified and becomes a potential target.
Protect yourself by disallowing pinging, or ICMP requests. When a hacker sends a "are you alive" ping sweep, your computer acts like it's turned off. You're hiding your PC.
XP on the downlow
Easily disallow ICMP requests with Windows XP.
Open the XP Control Panel.
Open Network and Internet Connections.
Launch Network Connections.
Right-click the device you're using to connect to the Internet. Select Properties.
Select the Advanced Tab.
Turn on the Internet Connection Firewall. You'll see a Settings button in the lower right corner. Click it.
Choose the ICMP tab and uncheck all the marked boxes (if any are checked). Choose OK.
Select OK and exit out.
Have a friend fire up a free copy of NMap for Windows and try to ping sweep your machine.
Download NMap for Windows
Remember this mantra: Hackers can't hack what they can't find. Watch today's show to find out how to put yourself under a hacker's radar.
Hackers often look for targets using ping sweeps with a tool such as NMap. When a computer responds to the ping sweep, it's identified and becomes a potential target.
Protect yourself by disallowing pinging, or ICMP requests. When a hacker sends a "are you alive" ping sweep, your computer acts like it's turned off. You're hiding your PC.
XP on the downlow
Easily disallow ICMP requests with Windows XP.
Open the XP Control Panel.
Open Network and Internet Connections.
Launch Network Connections.
Right-click the device you're using to connect to the Internet. Select Properties.
Select the Advanced Tab.
Turn on the Internet Connection Firewall. You'll see a Settings button in the lower right corner. Click it.
Choose the ICMP tab and uncheck all the marked boxes (if any are checked). Choose OK.
Select OK and exit out.
Have a friend fire up a free copy of NMap for Windows and try to ping sweep your machine.
Download NMap for Windows
Spy on Your Neighbors
Dark Tipper teaches you how to be a first-class network snoop
Some of us can be a little too nosy for our own good. I, for one, really enjoy kicking back at my desk reading other people's email, Web, and instant messaging conversations (you should see some of the stuff that goes around TechTV!).
Up until now, I've been using Ethereal or Iris for my network traffic analyzing . For the time being, I have a new favorite called NetworkActiv PIAFCTM. I'm not saying NetworkActiv is the shiznit, but I am saying it's free and does a pretty damn good job.
Don't break the law
Warning: Viewing network communications that aren't your own may be illegal in some states. Check with your local law enforcement or legal council before attempting to intercept or view any network traffic that's not yours.
Onto the instructions
Make sure you're running Windows 2000 or later.
Fire up NetworkActiv and choose file mode to take all the TCP/IP packets the application receives and reconstruct them in file form.
Kick back, let the app run, and in an hour's time you'll have (with a moderately busy network) hundreds of webpages and I.M. conversations that have been floating across your network.
How should you use it?
Besides spying on your friends (which you should not do without their permission), knowing what information is sent via plain text will help you determine what needs encryption. Is your new secure I.M. client working? Is your PGP email encrypting working correctly? The only way to truly know is to capture the information and view it to make sure.
Some of us can be a little too nosy for our own good. I, for one, really enjoy kicking back at my desk reading other people's email, Web, and instant messaging conversations (you should see some of the stuff that goes around TechTV!).
Up until now, I've been using Ethereal or Iris for my
Don't break the law
Warning: Viewing network communications that aren't your own may be illegal in some states. Check with your local law enforcement or legal council before attempting to intercept or view any network traffic that's not yours.
Onto the instructions
Make sure you're running Windows 2000 or later.
Fire up NetworkActiv and choose file mode to take all the TCP/IP packets the application receives and reconstruct them in file form.
Kick back, let the app run, and in an hour's time you'll have (with a moderately busy network) hundreds of webpages and I.M. conversations that have been floating across your network.
How should you use it?
Besides spying on your friends (which you should not do without their permission), knowing what information is sent via plain text will help you determine what needs encryption. Is your new secure I.M. client working? Is your PGP email encrypting working correctly? The only way to truly know is to capture the information and view it to make sure.
Wednesday, February 11, 2004
AirSnare
Boot leeches off your wireless network with this free download
If you're like me, you love your home wireless connection. I don't know how I'd live without my Linksys 802.11b wireless router.
That said, I don't want unwanted freeloaders on my network. I don't mind the occasional downloader; it's the bandwidth-sucking leech that bothers me. Well, friends, I have a great way to keep an eye on who's using your wireless connection, and it's a free program called AirSnare.
Monitor MAC addresses
AirSnare works by monitoring MAC addresses, which are unique addresses assigned to each device on your network. The program notifies you of any "unfriendly" devices in the area. AirSnare even tells you where the users are surfing and allows you to notify them that you're watching their network activity.
AirSnare is also a great monitor for wired networks. If someone were to sneak into your home or business and access the wired network with their own computer, AirSnare would notify you of the unrecognized MAC address.
I leave AirSnare operating on one of my old junker machines and attach a small pair of PC speakers to it. It notifies me with an audible alert when someone new connects.
AirSnare is completely free to download and use, though the author does have a PayPal donate button to help out the cause. Kick the developer a few bucks if you really like the program.
Download AirSnare now
If you're like me, you love your home wireless connection. I don't know how I'd live without my Linksys 802.11b wireless router.
That said, I don't want unwanted freeloaders on my network. I don't mind the occasional downloader; it's the bandwidth-sucking leech that bothers me. Well, friends, I have a great way to keep an eye on who's using your wireless connection, and it's a free program called AirSnare.
Monitor MAC addresses
AirSnare works by monitoring MAC addresses, which are unique addresses assigned to each device on your network. The program notifies you of any "unfriendly" devices in the area. AirSnare even tells you where the users are surfing and allows you to notify them that you're watching their network activity.
AirSnare is also a great monitor for wired networks. If someone were to sneak into your home or business and access the wired network with their own computer, AirSnare would notify you of the unrecognized MAC address.
I leave AirSnare operating on one of my old junker machines and attach a small pair of PC speakers to it. It notifies me with an audible alert when someone new connects.
AirSnare is completely free to download and use, though the author does have a PayPal donate button to help out the cause. Kick the developer a few bucks if you really like the program.
Download AirSnare now
NeWT
Use Nessus Windows Technology to scan your system for vulnerabilities
I run Windows, therefore I must patch -- and patch on a regular basis. That's not to say you don't have to patch **nix, but as we all know, Windows requires what seems like nightly security updates.
I try to stay up-to-date with patches and security updates, but sometimes certain applications and services expose my machine to unknown security holes. That's why I also run a vulnerability scanner to ensure I didn't miss anything. On tonight's "Screen Savers" I show you how to do the same thing for free.
A vulnerability scanner performs a series of tests to look for the latest holes and system exploits. Once finished, the scanner reports its results to the end user.
I've tried several vulnerability scanning applications, and so far I like Nessus the best. It's free (big plus), it's open-source, and it has provided me with pretty decent results. Unfortunately, for the average guy Nessus can be a bit tricky to set up, and it only runs on Unix-based operating systems.
You can understand why I was stoked to look at a port of Nessus to the Windows platform. NeWT (short for Nessus Windows Technology) was a breeze to set up and configure, and it provided me with all the vulnerability scanning found in its Unix brother. It's easy to update and an all-around good product that will only get better with time.
NeWT has a 30-day trial and is available from Tenable Network Security.
Download NeWT now
I run Windows, therefore I must patch -- and patch on a regular basis. That's not to say you don't have to patch **nix, but as we all know, Windows requires what seems like nightly security updates.
I try to stay up-to-date with patches and security updates, but sometimes certain applications and services expose my machine to unknown security holes. That's why I also run a vulnerability scanner to ensure I didn't miss anything. On tonight's "Screen Savers" I show you how to do the same thing for free.
A vulnerability scanner performs a series of tests to look for the latest holes and system exploits. Once finished, the scanner reports its results to the end user.
I've tried several vulnerability scanning applications, and so far I like Nessus the best. It's free (big plus), it's open-source, and it has provided me with pretty decent results. Unfortunately, for the average guy Nessus can be a bit tricky to set up, and it only runs on Unix-based operating systems.
You can understand why I was stoked to look at a port of Nessus to the Windows platform. NeWT (short for Nessus Windows Technology) was a breeze to set up and configure, and it provided me with all the vulnerability scanning found in its Unix brother. It's easy to update and an all-around good product that will only get better with time.
NeWT has a 30-day trial and is available from Tenable Network Security.
Download NeWT now
Iris Packet Sniffing
Intercept and read private information travelling through the Internet
Some of you may find today's Dark Tip a bit scary. It's scary because it shows you how insecure your information is on the Net. Give me a laptop, a network card, and software called Iris and I can show you almost every email, instant message, and webpage requested across a network.
Scary, huh? I don't know what's scarier, that your private information is floating around out there or that it's extremely easy to look at it.
Hop around the block
When you do anything on the Internet, your computer sends out little digital packets of information. These packets travel from your network card though many wires, eventually reaching your gateway. From there they're relayed through hops to reach their destination server.
Packet sniffing captures those packets of information on their way to your local machine. Many software packages capture packets, but only a few decode the packets into useful information.
Capture and decode
Iris isn't just a packet-capturing program. It's also a decoder, turning what appears to be useless garbage (raw packet info) into viewable websites, email messages, and instant messenger conversations.
Iris makes it easy to capture and decode packets on a network, but that's not all it can do. Iris has features for statistics, reports, filtering options, and scheduling. Iris is geared toward the corporate network administrator, not the home end user. At $995 it's no bargain, but you can download and use it for free for 15 days. You can learn a grip (a lot) in 15 days.
Download Iris trial version
Secure yourself
I bet you're still a little freaked out that someone could be intercepting your information and reading your most private thoughts. Here are a few tips to secure your information:
Use encrypted instant messaging. Trillian Pro offers encryption, and it's compatible with AIM, MSN, ICQ, Yahoo!, and IRC. It costs $25.
Encrypt your email. Leo recommends Pretty Good Privacy (PGP). It's free, but the email recipient needs to use your public key to decrypt the email. Hushmail is a free, Web-based, encrypted email service.
Encrypt your email attachments. PGP offers file encryption. Stay tuned. I do an in-depth segment on file encryption on an upcoming show.
Some of you may find today's Dark Tip a bit scary. It's scary because it shows you how insecure your information is on the Net. Give me a laptop, a network card, and software called Iris and I can show you almost every email, instant message, and webpage requested across a network.
Scary, huh? I don't know what's scarier, that your private information is floating around out there or that it's extremely easy to look at it.
Hop around the block
When you do anything on the Internet, your computer sends out little digital packets of information. These packets travel from your network card though many wires, eventually reaching your gateway. From there they're relayed through hops to reach their destination server.
Packet sniffing captures those packets of information on their way to your local machine. Many software packages capture packets, but only a few decode the packets into useful information.
Capture and decode
Iris isn't just a packet-capturing program. It's also a decoder, turning what appears to be useless garbage (raw packet info) into viewable websites, email messages, and instant messenger conversations.
Iris makes it easy to capture and decode packets on a network, but that's not all it can do. Iris has features for statistics, reports, filtering options, and scheduling. Iris is geared toward the corporate network administrator, not the home end user. At $995 it's no bargain, but you can download and use it for free for 15 days. You can learn a grip (a lot) in 15 days.
Download Iris trial version
Secure yourself
I bet you're still a little freaked out that someone could be intercepting your information and reading your most private thoughts. Here are a few tips to secure your information:
Use encrypted instant messaging. Trillian Pro offers encryption, and it's compatible with AIM, MSN, ICQ, Yahoo!, and IRC. It costs $25.
Encrypt your email. Leo recommends Pretty Good Privacy (PGP). It's free, but the email recipient needs to use your public key to decrypt the email. Hushmail is a free, Web-based, encrypted email service.
Encrypt your email attachments. PGP offers file encryption. Stay tuned. I do an in-depth segment on file encryption on an upcoming show.
PHLAK
Learn all about Linux security with this CD-bootable distribution
The Professional Hackers Linux Assault Kit. The name says it all. This Knoppix STD-like distro is loaded with cool features and makes a great CD bootable to learn Linux. On today's show I give you a tour of PHLAK and show you how to use it.
Here's what makes PHLAK different from other Linux distros.
It's modular, and it lets users create their own miniature modules with personalized software settings.
PHLAK has a security document system that lets users read about the included tools and other security-related material.
There's no bloat. PHLAK includes the necessary packages of a standard Linux distribution without being redundant.
PHLAK uses a lightweight graphical user interface to get the best performance out of the live CD. Other live-CD distributions use Gnome or KDE, which run sluggish on bootable CDs.
It comes with a compiler so you can compile your own software packages.
I've spent a couple days playing with PHLAK and I love it. Best of all, it's Linux and completely free (but the makers happily accept donations).
Download PHLAK
The Professional Hackers Linux Assault Kit. The name says it all. This Knoppix STD-like distro is loaded with cool features and makes a great CD bootable to learn Linux. On today's show I give you a tour of PHLAK and show you how to use it.
Here's what makes PHLAK different from other Linux distros.
It's modular, and it lets users create their own miniature modules with personalized software settings.
PHLAK has a security document system that lets users read about the included tools and other security-related material.
There's no bloat. PHLAK includes the necessary packages of a standard Linux distribution without being redundant.
PHLAK uses a lightweight graphical user interface to get the best performance out of the live CD. Other live-CD distributions use Gnome or KDE, which run sluggish on bootable CDs.
It comes with a compiler so you can compile your own software packages.
I've spent a couple days playing with PHLAK and I love it. Best of all, it's Linux and completely free (but the makers happily accept donations).
Download PHLAK
MenuetOS
Download a fast and free operating system that fits on a floppy
I've shown you Knoppix STD and PHLAK, both great bootable operating systems, but neither is small enough to fit on a floppy. In my quest to bring you the ultimate arsenal of cool tools to keep in your backpack, I present you MenuetOS.
I'm impressed with this tiny, 100-percent free, open-source OS written in assembly. You programming buffs know that assembly, pretty much the mother of all languages, can work blistering fast when used correctly.
MenuetOS includes the tools you'll need to modify and compile the kernel and applications. Plus, it has a good-looking graphical user interface, and you can skin your application windows.
Visit MenuetOS.org to download MenuetOS and get its full list of features.
I've shown you Knoppix STD and PHLAK, both great bootable operating systems, but neither is small enough to fit on a floppy. In my quest to bring you the ultimate arsenal of cool tools to keep in your backpack, I present you MenuetOS.
I'm impressed with this tiny, 100-percent free, open-source OS written in assembly. You programming buffs know that assembly, pretty much the mother of all languages, can work blistering fast when used correctly.
MenuetOS includes the tools you'll need to modify and compile the kernel and applications. Plus, it has a good-looking graphical user interface, and you can skin your application windows.
Visit MenuetOS.org to download MenuetOS and get its full list of features.
Tuesday, February 10, 2004
Knoppix/Nessus Vulnerability Scanner
A free tool lets you scan the Internet for security holes
On today's show I'll show you Nessus, a free, open-source vulnerability scanner that runs on Linux. Nessus scans a target IP address for holes, back doors, and various exploits.
When Nessus finishes a scan, it creates a formatted HTML report on the target IP. The report lists the target's weaknesses for you to hack or repair.
Not for newbies
Nessus is my favorite vulnerability scanner, but Linux newbies may find Nessus difficult to configure and get running. To make things easier, you need Knoppix, a free distribution of Linux that comes with Nessus preinstalled. All you have to do is burn the Knoppix image to a CD and then boot from the CD.
Need your help
The demand for Knoppix STD has been tremendous. The Knoppix STD site needs your help. If you can host a mirror, send an email to the Knoppix STD site administrator.
Steps to run Nessus
Download Knoppix STD (600MB download)
You want the Security Tools Distribution of Knoppix. Download the ISO file and save it to your Desktop. If you can't get the download from the link above, try these mirror sites.
ftp://ftp.mihosan.com/knoppix-std-0.1b.iso
ftp://ftp.wiresec.net/knoppix/knoppix-std-0.1b.iso
ftp://drevil.seas.wustl.edu/knoppix-std-0.1b.iso
ftp://ftp.epix.net/pub/knoppix/knoppix-std-0.1b.iso
Burn Knoppix
Fire up Nero and choose Burn Image from the File menu. Select the ISO image and click Burn. (Make sure the "finalize CD" box is checked.)
Boot from the Knoppix CD
Put the CD in and watch it boot. If it doesn't boot, make sure your BIOS is configured to boot from the CD. At the Linux prompt, hit Enter on your keyboard.
Start Nessus
Remember, Nessus is already installed in Knoppix. Run Nessus from the launch menu and enter the following:
Username: knoppix
Password: knoppix
Start scanning ...:)
On today's show I'll show you Nessus, a free, open-source vulnerability scanner that runs on Linux. Nessus scans a target IP address for holes, back doors, and various exploits.
When Nessus finishes a scan, it creates a formatted HTML report on the target IP. The report lists the target's weaknesses for you to hack or repair.
Not for newbies
Nessus is my favorite vulnerability scanner, but Linux newbies may find Nessus difficult to configure and get running. To make things easier, you need Knoppix, a free distribution of Linux that comes with Nessus preinstalled. All you have to do is burn the Knoppix image to a CD and then boot from the CD.
Need your help
The demand for Knoppix STD has been tremendous. The Knoppix STD site needs your help. If you can host a mirror, send an email to the Knoppix STD site administrator.
Steps to run Nessus
Download Knoppix STD (600MB download)
You want the Security Tools Distribution of Knoppix. Download the ISO file and save it to your Desktop. If you can't get the download from the link above, try these mirror sites.
ftp://ftp.mihosan.com/knoppix-std-0.1b.iso
ftp://ftp.wiresec.net/knoppix/knoppix-std-0.1b.iso
ftp://drevil.seas.wustl.edu/knoppix-std-0.1b.iso
ftp://ftp.epix.net/pub/knoppix/knoppix-std-0.1b.iso
Burn Knoppix
Fire up Nero and choose Burn Image from the File menu. Select the ISO image and click Burn. (Make sure the "finalize CD" box is checked.)
Boot from the Knoppix CD
Put the CD in and watch it boot. If it doesn't boot, make sure your BIOS is configured to boot from the CD. At the Linux prompt, hit Enter on your keyboard.
Start Nessus
Remember, Nessus is already installed in Knoppix. Run Nessus from the launch menu and enter the following:
Username: knoppix
Password: knoppix
Start scanning ...:)
Sunday, February 01, 2004
Wardriving Tools
BSD - Airtools -- http://www.dachb0den.com/projects/bsd-airtools.html
NetStumbler -- http://www.netstumbler.com/
Kismet -- http://www.kismetwireless.net/
Fake AP -- http://www.blackalchemy.to/Projects/fakeap/fake-ap.html
Wellenreiter -- http://www.remote-exploit.org/
AirSnort -- http://airsnort.shmoo.com/
WaveStumbler -- http://www.cqure.net/tools08.html
Wireless Scanner --
http://www.iss.net/products_services/enter...er_wireless.php
Airosniff -- http://www.wildpackets.com/products/airopeek
AiroPeek -- http://www.wildpackets.com/products/airopeek
StumbVerter -- http://www.sonar-security.com/
AP Scanner -- http://homepage.mac.com/typexi/Personal1.html
Sniffer Wireless -- http://www.sniffer.com/products/wireless/default.asp?A=5
WEPcrack -- http://wepcrack.sourceforge.net/
Prism2 -- http://hostap.epitest.fi/
Mini Stumbler -- http://www.netstumbler.org/download.php?op=getit&lid=21
SSIDsniff -- http://www.bastard.net/~kos/wifi/
MacStumbler -- http://homepage.mac.com/macstumbler/
WaveMon -- http://www.jm-music.de/projects.html
PrismStumbler -- http://prismstumbler.sourceforge.net/
AirTraf -- http://airtraf.sourceforge.net/
MogNet -- http://chocobospore.org/mognet/
AirMagnet -- http://www.airmagnet.com/products.htm
Isomair -- http://www.isomair.com/products.html
Air-Jack -- http://802.11ninja.net/
AirDefense -- http://www.airdefense.net/products/index.shtm
WiFiScanner -- http://sourceforge.net/projects/wifiscanner/
NetStumbler -- http://www.netstumbler.com/
Kismet -- http://www.kismetwireless.net/
Fake AP -- http://www.blackalchemy.to/Projects/fakeap/fake-ap.html
Wellenreiter -- http://www.remote-exploit.org/
AirSnort -- http://airsnort.shmoo.com/
WaveStumbler -- http://www.cqure.net/tools08.html
Wireless Scanner --
http://www.iss.net/products_services/enter...er_wireless.php
Airosniff -- http://www.wildpackets.com/products/airopeek
AiroPeek -- http://www.wildpackets.com/products/airopeek
StumbVerter -- http://www.sonar-security.com/
AP Scanner -- http://homepage.mac.com/typexi/Personal1.html
Sniffer Wireless -- http://www.sniffer.com/products/wireless/default.asp?A=5
WEPcrack -- http://wepcrack.sourceforge.net/
Prism2 -- http://hostap.epitest.fi/
Mini Stumbler -- http://www.netstumbler.org/download.php?op=getit&lid=21
SSIDsniff -- http://www.bastard.net/~kos/wifi/
MacStumbler -- http://homepage.mac.com/macstumbler/
WaveMon -- http://www.jm-music.de/projects.html
PrismStumbler -- http://prismstumbler.sourceforge.net/
AirTraf -- http://airtraf.sourceforge.net/
MogNet -- http://chocobospore.org/mognet/
AirMagnet -- http://www.airmagnet.com/products.htm
Isomair -- http://www.isomair.com/products.html
Air-Jack -- http://802.11ninja.net/
AirDefense -- http://www.airdefense.net/products/index.shtm
WiFiScanner -- http://sourceforge.net/projects/wifiscanner/
Subscribe to:
Posts (Atom)
