Thursday, 11 January 2018

How to hide a folder on Windows

This rather old method (and not tested for Windows 8) is a fast and effective way to hide a folder under Windows.
You can then "protect" a file for reasons that are unique to you and here's how:
Windows uses unique global identifiers for each software component ( GUID for Global Unique Identifier ), also known as Class Id ( CLSID ). 
These series of numbers and letters are in the Windows registry.


hide folder windows

To access it just type regedit.exe in the search bar of the start menu under Windows 7 and Vista or click Start -> Run and write regedit.exe under Windows XP.
Then open the key HKEY_CLASSES_ROOTCLSID
There are for example the famous CLSID of the Trash (Recycle Bin): {} 645FF040-5081-101B-9F08-00AA002F954E .
hide folder windows


How to proceed ?

Windows interprets the names of folders containing CLSIDs, so you can transform a folder into a Recycle Bin by calling it:
<Name>. {645FF040-5081-101B-9F08-00AA002F954E}
<name> can be any authorized folder name. Do not forget the point and copy the CLSID well.
The folder is transformed into a Recycle Bin, and a double-click on it displays the contents of the Recycle Bin !
To go back:
Rename the folder to any name allowed for folders.
You can now hide files in the original folder and rename it with the CLSID and the average user will no longer be able to see the contents of your folder.
This trick is not infallible because a wise person can of course find the original file by renaming it. 
However, this is an effective technique in some cases when you have something to hide, without having to resort to specialized software for example.
(By the way, if you are interested in professionally encrypting folders and files, I recommend the excellent TrueCrypt ).

You can also hide the newly created folder by right-clicking it and checking the Hidden box It will not be visible at all if you have chosen not to display hidden folders and files:
Tools -> Folder Options -> View tab -> check Show hidden files and folders in XP
Organize -> Folder and Search Options -> View tab -> check Show hidden files and folders in Windows 7

List of the main CLSID

 CLSID MEANING
 {d20ea4e1-3957-11d2-a40b-0c5020524153} Administrative Tools
 {21ec2o2o-3aea-1o69-a2dd-08002b30309d} Control Panel
 {d20ea4e1-3957-11d2-a40b-0c5020524152} Fonts
 {00020d75-0000-0000-c000-000000000046} Inbox
 {20d04fe0-3aea-1069-a2d8-08002b30309d} Computer
 {450d8fba-ad25-11d0-98a8-0800361b1103} My Documents
 {208d2c60-3aea-1069-a2d7-08002b30309d} Networks
 {7007acc7-3202-11d1-aad2-00805fc1270e} Network Connections
 {2227a280-3aea-1069-a2de-08002b30309d} Printers
 {7be9d83c-a729-4d97-b5a7-1b7313c39e0a} Programs
 {645ff040-5081-101b-9f08-00aa002f954e} Recycle Bin
 {e211b736-43fd-11d1-9efb-0000f8757fcd} Scanners and cameras
 {d6277990-4c6a-11cf-8d87-00aa0060f5bf} Scheduled Tasks

Monday, 8 January 2018

How to secure your Facebook account

It is repeated so much, the user is often the fragile piece , it is often him responsible for his own piracy.
It is usually once hacked that he becomes aware of it and is sometimes wary at times unjustly of everything.
To make the most of millions of services on the Internet in a secure way, you need to acquire basic knowledge about hacking, ie computer security.
These are unfortunately not taught, so here is an article to help you see clearly.
We'll see how to secure your Facebook account by keeping a keen eye on your data.

Before posting anything

Although it's probably already too late and you have published a lot of personal information about yourself, know in the future that even if you delete or hide your content, it is always saved somewhere.
It's like when you talk to someone, you can always say that you lied, but the information was shared you can not "decide".
Also note that your email addresses and other photos can be saved by anyone with access to them.

What we do not tell you

Facebook uses "robots" that "read" and automatically analyze your private messages .
That's why you have the right to very targeted advertising.
And it's also by looking at advertisements at your friends that you can even guess what most of their private messages are about.
You can even guess the sites they are used to frequent because Facebook also uses tracking pixels . I quote :
We use tracking pixels to personalize your usage and analyze how people use products and services. For example, we can use tracking pixels to see if someone who has used a specific browser has posted an ad on Facebook and has also purchased a product from that advertiser.
So you thought you were already being spied on everywhere, but this is really pushed to the limit of privacy.
Besides you can test yourself, say hacking for example to your friends on Facebook and you will see corresponding ads the following week.

Security through darkness

This term is often used to define the fact of hiding information that one does not want to show instead of deleting it.
Facebook offers the possibility to choose who sees your content, so take a good half hour to check your settings.
To do this click on the icon with the small padlock at the top right and then refine your parameters according to the available choices.
You can also find these options by clicking on the icon with the small gear then Privacy .
Generally, the setting you can leave Public is for people who can contact you unless you want to book your account only with your current friends.
The other settings depend on what you want to display to specific people , so set them as you see fit. Just know that you do not necessarily need to post everything to someone you do not know for example in real life .
In the confidentiality part always, I draw your attention on the part called "  Who can find me with a search?  "
Two settings are available, the first concerns the search for your information and the second the indexing of your profile by the search engines.
If you allow these settings, a user who knows your email address will be able to find your Facebook profile. In the second case, he will be able to find your profile via a search engine.

Secure your Facebook account with dedicated tools

I am not particularly fond of this option, but some applications allow you to secure your account / your privacy or that of your children.
Here is for example Secure.me .
To use it, simply log in with your Facebook account and authorize the application.
You will then have the choice to secure your account or that of your children:
facebook security


Securing your Facebook account effectively

Once you understand the information you post and post, you can also secure your account against hackers.
And if you had been hacked in the past, there is a good chance that the settings that will follow have not been applied.
Let's go to the security part of Facebook.
Enable Secure Browsing , this will prevent a user from recovering your password on the fly across the network using the https protocol.
Enable Notifications when logging in at least by email address to indicate any unusual successful login.
You can enable Connection Approvals if you want to prevent the connection from an unknown browser by first requesting a code that you will receive via SMS. The previous setting indicates an unusual connection but does not prevent it, whereas here it will enter the code received by SMS.
The Code Generator allows you to override SMS sending with codes for sign-in approvals. 
You can add Trusted Contacts if this includes someone in your family. Do not add anyone. In case of loss of your account, Facebook will go through this contact to regain access to your account.
The known devices are the devices where "you" you are connected. Facebook, for example, retains connection information to make navigation more enjoyable. Check that the devices belong to you and that you have connected well with them.
Last but not least, Active Sessions . You should check these sessions regularly for locations and devices that are allowed to connect. The level of security is lowered for these devices because Facebook imagine that they are yours. If that's the case, if it is not someone can currently be logged into your account. Attention by cons instead of connection often wrong. I am told, for example, that the place of my current session is Paris while I live at 500km.
In addition, if you are used to logging into your Facebook account using a smartphone in EDGE connection, 3G ... etc or through a hotspot, you will have IP addresses from different places This is because your 3G / 4G mobile connection becomes a normal Internet connection and that via the IP addresses of your ISPs.
So you have to know how to distinguish between an IP address from a hacker, or from your own ISP. And that's not easy, you can try sites like ip-adress.com to view details about IP addresses. 
Only all manufacturers do not communicate their IP ranges and it is therefore difficult to know if the IP address comes from a hacker at a given ISP or if it is only an IP address used by your mobile.

Conclusion

We've seen how to secure your Facebook account with basic settings that everyone should be aware of.
Unfortunately I still get too many calls for help when the damage is already done. So I hope this article will help many of you.
And finally, for the most skeptical, there are free services to secure his facebook account "automatically" by repeating what I talked about, and more.
Secure.me of avast! is a "real-time anti-virus" for your account.
And privacyfix allows you to set a ton of settings for even more site than Facebook, I recommend it.
You can also take the How to Protect Your Computer and Privacy course to get a whole bunch of techniques to stay protected effectively.
You can also take a look at my article How a hacker can hack a facebook account for further practice.

Saturday, 6 January 2018

Keyloggers, explanations and countermeasures

You probably already know what a keylogger, and the definitions are not lacking, that said this article will try to give further explanations, and up to date, concerning the keyloggers.

What is a keylogger?

It can be called "keylogger" in French and as its name suggests, it is a program that accurately records key sequences typed on the keyboard.
The keylogger is part of the spyware because it usually acts in the background as an invisible and silent process while gathering very sensitive data It can save the keys in a "log" file, send them to an e-mail address or to a remote server, via FTP for example.
90% of keyloggers or more target Windows systems even if keyloggers for other operating systems such as Linux exist. Notice to users of Mac and Linux, yes you're right on this point, you're less likely to catch one!
This is one of the best known ways to hack an account, hence their high popularity. Languages ​​using the Rapid Application Development (RAD) method have favored easy handling of such malicious programs.
Generally a keylogger can take a long time on a computer because it is undetectable by the user (invisible). But even if the antivirus does not detect the malicious program, we will detect it through this article !

Types of keyloggers

There are two types of keyloggers:
  • The software keylogger : The one we usually know, the spy program that will be discussed in this article.
  • The keylogger hardware : which is a small physical device purchasable for thirty euros on the net but which is not easy to use because it must be physically installed on a target computer (usually to connect between the keyboard and the pc , or to integrate directly into the keyboard).
We can also note that keyloggers for smartphones exist, they are part of software keyloggers.

How exactly do they work?

We will focus on the details of keyloggers running Windows , although the principle remains the same for all.
The keylogger once executed will generally begin to ensure that it can be restarted automatically each time the system is booted . This is a first indication of his presence.
Then, it will perform its functions at each launch . It uses Windows APIs to retrieve keyboard events.
It will insert a recovery function into the Windows Key Event Chain Suddenly when a key is typed, Windows retrieves the message, initializes a structure containing the code of the key pressed and sends it to all functions that "listen" to events on the keyboard.
This is not a threat as it is because many applications need to recover keyboard events for a totally legitimate interest like setting up keyboard shortcuts. This poses a problem of detection for antivirus.
Then a timer (counter) is triggered at regular intervals for example to send an e-mail containing the recorded data. A second detection track is offered to us: It uses the network.
The message is sent to other functions that listen to keyboard events so as not to block the string.
He continually repeats these steps until the system is shut down and will start again tomorrow seamlessly .

What exactly do they recover?

The keylogger as it is understood only retrieves the keystrokes typed on the keyboard. But the keylogger of days has become much more formidable.
We even distinguish the keylogger monitoring software that can recover a lot of data, whether audio, textual or visual.
For example, a monitoring software can take screenshots, retrieve the contents of the clipboard dynamically, retrieve the Skype conversations (and MSN at the time) received AND sent, retrieve or disable websites regardless of the browser, execute or delete other programs ... etc. It's scary, is not it?
keylogger

These "professional" programs are however often paying and relatively expensive, they are also a lot less silent than a classic keylogger. The fact that they are created by specialized companies fortunately does not offer them to the general public. In addition, these programs generally signal to the user that he will be monitored. And a user who is aware and accepts that a keylogger or monitoring software is used on his computer makes legal action , and only in this case .

Limitations and countermeasures

The keyloggers seem very formidable, but all is not rosy for them either, and fortunately.
There are many languages, so many different characters and some require key combinations like AltGr + e for "€".
The functions of Windows to correctly handle these multiple combinations are a little old and become really difficult to use for a programmer wishing to record everything perfectly .
From there we have two possibilities, the keylogger only records the main keys of the keyboard (hence the good practices ). Either the characters can be initialized in an array by fiddling a bit to have something drinkable.
Thus, you can even crash a keylogger without realizing it, by typing for example a combination that it does not manage.

Very effective tip to type your credit card number or password safely:

Keyloggers record keystrokes typed in order . If your number is 1234 and you write 34 then click at the beginning and type 12 , you will get 1234 but the keylogger will record 3412 .
There are also anti keyloggers that "encrypt" the keys before the keylogger has access. These programs are unfortunately heavy and little used. Among these we can note the famous Keyscrambler .
Finally, my usual recommendations also apply to keyloggers: Be careful when you launch a suspicious program. Look regularly at programs started at system startup.
Regarding the network activity, I recommend the excellent TcpView which displays what happens to detect a possible message sent every x minutes and deduce a potentially suspicious program.

Monday, 1 January 2018

Get hacked when visiting a site? - Java Drive By Download

This is a question we ask ourselves sometimes, and the answer takes two different forms .
Either we are paranoid and in this case when a pop-up window appears it is believed on words even if it is however false and gross (advertising).
Either we "  know each other  " and we know that a site is a page returned by a server that appears correctly thanks to the browser, which is theoretically secure to avoid access to local resources, for example. And so no risk unless this browser contains a flaw .
Well, it's almost true, but not quite. ðŸ˜‰
Because yes, it is possible to get hacked by visiting a site, flawless in the browser . But if a site contains a particular and vulnerable plugin.
This is for example the famous Java plugin And the farm in question, which has no French equivalent, is called the Java Drive By Download that can be translated into exploitation conducted via Java.
This exploit, still unknown a few years ago, has now become very popular in the Black Hat environment, although this has resulted in massive security patches.
Of course, the Drive By Download does not only concern Java even if we will talk about it for example.

How does Java Drive By Download work?

It is possible to write Java applets to make a site more dynamic, to present an animation or more generally a game.
Only, the Java framework also allows you to download resources and run them directly. You see what I mean.
So just click on "  Run  " to directly run a malicious program on your own PC ...
java drive by download


How to protect yourself?

There is no secret, we must remain attentive and vigilant . The pre-run message tells you in the image above that the applet has a security risk .
Therefore run applets from trusted sites or in general that indicate a recognized publisher.
To be sure, run these plugins only in case of extreme necessity.
Also make all the updates that we offer.
In general, always think twice before clicking anywhere. Here, we can see it, we can be hacker by visiting a site, with a possible simple click on a "applet" java trapped.
Finally, be aware that anti-virus detect better and better these types of threats and will not hesitate to alert you. But being sensitized (e) will not hurt.