Dangers of Sharing Folders on the Network

Here's something I want to share with all of you. If I am not wrong, about 4-5 years ago, I've got a friend telling me how much fun he had by scanning the whole college network for shared folders. He was able to discover so many important files and also did many bad things by deleting important files from My Documents and also destroying Windows by deleting Windows system files. I was totally against that because who knows that the poor guy/girl spent many weeks to complete an assignment and was about to hand over to the lecturer but found out that it's GONE!
For people who don't know nuts about repairing own laptops, they'd have to fork out extra money just to get their Windows fixed or reinstalled. My friend could have been the good guy in placing a note in the shared folder to warn them about the danger of sharing but he had an evil sick and twisted mind instead.
So I am here to warn you about the danger of sharing folders on the network and I am going to show you how easy it is to scan the whole network, or even the whole Internet for shared folders.If you didn't know, sharing a folder on the Network is VERY easy. Just right click any folder or even your drive, select "Sharing and Security" and all it takes to share is by checking the "Share this folder on the network" checkbox. That leaves the folder open for everyone to access. Checking another box "Allow network users to change my files" lets anyone on the network to create and delete files in the shared folder.
Most common mistake that a lot of people make after sharing the folder to the network is forgotten to unshare it. Unchecking the checkboxes will unshare the folder. If you want to know what folders are being shared by you, use Computer Management to show you all your shared folders. Go to Control Panel -> Administrative Tools -> Computer Management and expand System Tools -> Shared Folders -> Shares.

The ADMIN$, C$, and IPC$ is shared by default. You do not need to worry about that.
Here are a few steps you can take to protect yourself from intruders in getting in your shared folders.1. Unshare the shared folder after you're done sharing the file to another person.2. Use a money dollar sign $ at the end of the Share name to hide shared folders from being displayed publicly.

3. Use NetShareMonitor to notify you when someone is accessing your shared folders.4. Use a "router" instead of direct connect to the Internet as it gives you a layer of protection against intruders. Works only at Home.5. Do not use Simple File Sharing. Go to Control Panel -> Folder Options -> click the View tab, and uncheck "Use simple file sharing".

6. Finally, a decent firewall can protect you from intruder.
Now I'll show you how easy and fast it is for an intruder to scan for open shared folders in network or Internet. There are many types of security scanners but I am going to use a simple, small and fast tool called "Angry IP Scanner" to scan hundreds and thousands of computers for shared folders.
I downloaded the latest Angry IP Scanner and also the Windows Shares plugin. I ran a test scan on a range of IP addresses and found a few victims that has some folders being shared.

I simply use the Windows method of access another computer \\IP or \\HOSTNAME. In this case, I enter \\218.208.224.16 in Windows RUN and hit the OK button.

Within seconds, a window box appears displaying the shared folders. I can now access the victim shared My Documents folder and "maybe" even have the rights to change, add or delete files.

See how easy it is for an intruder to access your shared folders? Stop being a victim and start protecting yourself.

[ Download Angry IP Scanner ]

NERVE TECHNOLOGIES

Identify Loaded SVCHOST.EXE in Windows Task List

Many times I've been asked what is svchost or svchost.exe that's loaded in Windows?
Svchost as the name implies stands for "Service Host". Many of components of the Windows operating system are implemented as what are called "services", a fancy name for programs that run in the background and aren't necessarily associated with whomever is logged into the machine. A fair number of those services are implemented in DLLs rather than in stand-alone executables. Since DLL can't run on its own, svchost is the one that loads the DLL.
Problem with svchost.exe nowadays is the common disguise used by malware to hide its presence from the user. As you can see from the image below, the svchost.exe doesn't show up much information in Windows Task Manager. You wouldn't even know if it is loading a legitimate DLL or not...

Here's how to identify what's really running as Svchost.exe on Windows XP Professional.In command prompt, type the command below and hit enter.

"tasklist /svc /fi "imagename eq svchost.exe"

The service name is displayed on the right side of the tasklist result.

To do a final match up of the somewhat cryptic service name to something more meaningful, you'll need to go to the service browser in Windows. An easy way to get there when running XP is to right click on "My Computer", and select "Manage". This opens the "Computer Management" application. On the left side you'll see a variety of locations, but in this case, you'll need the last one, "Services and Applications". Expand that (use the +), and click on the first item, "Services".

Now comes the tricky part. You'll need to guess to try to match the human readable name of the service with Windows name of the service. For example, one of the named services in the list on my computer was PID 1404, Dnscache. I looked through the lists of names and the most likely service was "DNS Client". I double clicked on the entry which shows the properties for that service:

The "Service Name" exactly matches what I was looking for: Dnscache. Now I know that PID 1404 is the Dnscache service.
What you want to see there is that the executable that is being run is "svchost.exe". In this case, PID 1404 is the DNS Client service. If you're not using Windows XP Professional, you might not have the "tasklist.exe" to display the task list. You can download tasklist.exe from here.
If you find it too troublesome, of course there's an easier way. Use Process Explorer by Sysinternals. Just move your mouse over on top of the svchost.exe and a balloon message will tell you the service name.

Download Process Explorer

Hide mp3. Audio in Gif. Pictures

I just found an article by Tom Scott on hiding music in your pictures. How cool is that? It's really cool! You can send special messages in recorded audio that no one would even guess to your friend in picture format.
It's like combining 2 files to become 1 and when you run the combined file, it will by default display the picture. To listen to the audio that is embedded into the picture file, you'll need to manually load the combined file into Winamp.
Here's the test I did.

1. Combine audio (.mp3) with picture (.gif)
I use the command "copy picture.gif /b + audio.mp3 /b combined.gif" in DOS prompt.

I look in my C:\ drive and now I have a new file "combined.gif"
I run the combined.gif file and it display the same picture as picture.gif.
I run Winamp and manually load the combined.gif, I am able to play the audio.mp3 sound. I tried to load combined.gif file into Windows Media Player and I can only see the picture.gif. No sound at all. Looks like Winamp can support this feature but not Windows Media Player.

2. Combine audio (.wav) with picture (.gif)
I use the same picture.gif but now I am combining the picture file with a .wav sound file. Wav is another type of sound format.
Used the same command "copy picture.gif /b + audio.wav /b combined.gif" in DOS prompt. I ran combined.gif and it is able to display the picture.gif picture file. Tried to load it into Winamp, doesn't play this time. Loaded the combined.gif into Windows Media Player, it also only display the picture but no sound.
Looks like only .mp3 sound format is supported.

3. Combine audio (.mp3) with picture (.jpg)
Since only mp3 works, we'll try combining mp3 with another type of picture format with is JPG.
Used the same command "copy picture.jpg /b + audio.mp3 /b combined.jpg" in DOS prompt. Ran the combined.jpg and it displayed the picture.jpg. Then I tried loading the combined.jpg into Winamp, and it played the music. Again, loaded combined.jpg into Windows Media Player, I can only see the picture but no music.

From the test above, I believe that hiding audio inside picture can only work when you embed MP3 audio into picture file. I also believe that other picture format such as TIFF, PNG or Bitmap will work.
Tom Scott explains that the GIF format allows for an "application extension block" - an arbitrary section for applications that isn't checked by the GIF parser. Meanwhile, Winamp and other MP3 players ignore all data in the file that isn't marked as an MP3 block. The result: the picture viewer ignores the music, and the MP3 player ignores the picture.
Eventhough he only mentioned GIF, but I tested on JPG and it works as well.

If you're on a Linux box, you can do it by using the command "cat picture.gif sound.mp3 > combined.gif"

Don't know anything about Dos prompt and the copy /b command? Here's an easier way to do it but with limitation. Thomas Scott has created an online tool where you can easily upload your picture and audio into his website and it will automatically combine it for you. The limitation of using his free picture with audio combine service is the GIF file size is limited to 40KB and MP3 80KB in size.

[ Thomas Scott MP3gif website ]

How terrorist hide Text in Images

Nearly a year ago I posted an article on how to hide MP3 audio inside GIF picture on my other blog. It's a very cool trick but I believe that terrorist must have used this method to convey messages across the world. I just found out that it is possible to hide TEXT messages in any images file. It can be encrypted and the text can't be viewed easily. Hiding text in images is called Steganography is NOT something new. There are freewares that is capable of doing this and the release date is year 2005. Looks like I am a little outdated to know this technique! Continue reading if you're interested to know how to hide text messages in images.
If you search in Google on "Hide Messages in Images", you'll find a lot of program that can do this. Some are shareware and some are freeware. I've tested a few freewares and only 1 of it works fine in hiding messages inside images.ImageHide is the one that gives me no problem in hiding text messages inside any image file.





Surprisingly ImageHide last update was on 04-July-2005 and it still works! You're able to load .cut, .pcd, .pic, .cel, .pbm, pgm, .ppm, .pdd, .psd, .bw, .rgb, .rgba, .sgi, .rla, .rpf, .scr, .pcc, .pcx, .eps, .fax, .tif, .tiff, .ivb, .tga, .vda, .vst, .win, .dib, .rle, .jpeg, .jpe, .jpg, .jfif, .emf, .wmf, .ico, .bmp, .png. I bet you don't even know half of the extension! Although you can load many types of image files, but you can only save it in .BMP or .PNG after you've entered the text.
It's very easy to hide text messages in images by using ImageHide. First, load any image you want. At the bottom of ImageHide, you can type your secret text. Once you've done that, click on "Write Data button" to insert the text message into your image. Finally, click on Save Image button to save your image in either BMP or PNG format.
To read the hidden text message, click the Load Image button. If there is text embedded into that image, it'll show the ImageHide version you've used to embed the text message, whether it's encrypted or not and also the data size.



The image file size is much smaller if you hide text message instead of hide mp3. If a normal image with small scale has big file size, it can be suspicious. I tried inserting a text "This is a Hidden Message - Raymond.CC" into a PNG image file, surprisingly the file size is 2kb smaller than the original image file.
Hiding text messages in images is NOT only for terrorist use. If you're a graphic designer and someone used your images without your permission, you can sue them by having this very good proof. The person who ripped your images will have nothing to say if the image he has on his computer or website has hidden text that you placed.

You can download this amazing tool from the link below

http://www.dancemammal.com/downloads/ImageHide.zip

Good Luck!

Extend Software Trial Period!

A lot of software and applications are released as a shareware, also known as demoware (demo) or trialware (trial version), where users can download the trial version shareware from the Internet or get the apps from distributed magazine cover-disks, and use it for a stipulated period of time (trial period), free or charge without any payment. The plan is sort of “try before you buy”, where if users satisfy with the software after trying it, they should buy the program by paying a license fee to the developer. After passing the trial expiry date and time (expiry of trial period), the software will either stop working, or continue working with limited or restricted features, or displays a reminder message about expired trial demo license.So what if you want to extend the duration of the trial period of the demo apps to fully evaluate it? Or you have installed the demo software or shareware, but suddenly busy with works or something else, and when finally free, the trial valid date has passed? Or you may be decided that the shareware is not worth to pay? The solution or workaround is to extend or reset the trial apps expiry date and time, or its trial period, so that users can continue to using the trial shareware without crack or hack.
How to extend or reset the trial period of shareware, trial-ware, demo-ware or trial software?
Method 1
Reinstall the program. This is the easiest method, but highly likely that it won’t work mostly on current modern software, as the expiry check algorithm getting sophisticated by keeping the expiry information on started using date and days allowed for try use plus days left in the trial in the registry or in a randomly named file.
Method 2
Adjusting the clock (date and time) of your computer system before starting installation of trial software to future data, or adjusting the clock to past date after expired trial period. Again, this method most likely won’t work.
Method 3
Use a application installation monitoring software or uninstaller software such as Norton Cleansweep, Your Uninstaller! 2006 and Advanced Uninstaller PRO 2006 to keep track and monitor every changes to the system during installation, and then uninstall and revert the shareware completely to remove all traces of trial expiry data.
Method 4
Backup the registry before installation of software, and restore the registry after trial period passed. Only works on those shareware that store protection information in registry, and you will lose some important registry changes by Windows or other applications. Alternatively, use Regmon to monitor registry activity in real-time to identify possible candidates for trial expiry reg keys, and then delete those keys.
Method 5
Reinstall windows, and you can be sure that you can use all trial demo shareware again, as all dummy registry entries and dummy files that store trial information are wiped off.
Method 6
Find a crack, with the help of cracks search engine such as Astalavista. But this is not extending the trial period of software.
Method 7
Search with various search engines such as Google and Yahoo! for application-specific known workarounds.
Method 8
If you use any of the following software, then Trial-Reset can helps you to extend the trial period of the software. Trial-Reset is an registry cleaning tool (it claims it’s not a crack) that removes the keys generated by commercial and freeware protector of trial period, and hence makes the software as if just freshly installed. It actually automates the process of cleaning up the registry key related to trial expiry mentioned above. The software and its protected that Trial-Reset (version 3.0 RC3) supports and able to strips are as below.
ACProtectActiveMarkArmadilloASProtectDBPEEncryptPEEnigmaExeCryptorExeShieldICE LicenseNoCopyObsidiumOneWayOrienPCGuardProtectionPlusProtectSharewareSafeSerialSDProtectorSheriffSGLicenseShareGuardSoftLocxSoftSentrySoftWrapSTProtectorSVKPThinstallVBOLockVBoxVisualProtectXheo LicensingXProtectorZipWorx
To use Trial-Reset, just select which software protector that you want to scan for existance on the right hand side of the window. If the registry of the protector is found, make sure you you review the key to ensure that it’s the correct key that stores trial information. Then you can opt to backup the key, remove the key, add the key to protect list and other options.

Trial-Reset 3.0 RC3 can be downloaded here (Trial-Reset30RC2.rar). Future update can be found here.