Daily Cup of Tech

I received a lot of response from the HowTo Hide Files in JPG post, I thought that I would present you with another way of hiding data. This method is a bit more specific in that it allows you to hide an Excel spreadsheet inside a Word document. The really cool thing about this little trick is that once you have your special Word document created, you do not need to have the program on the computer!

So, to start this off, here is a little video that I put together to show you how what this little trick does for us:

Trackback link - http://www.DailyCupOfTech.com/2007/08/01/more-hidden-files/trackback/

I’m sure many of you have considered donating your old computer to a school, church, or other non-profit organization. While I encourage you to do so (tax writeoff!), you need to be aware of the potential danger to your personal security if you do so.

Preparation ends at deleting personal files? Not so much…

Of course, the first thing that comes to mind when donating or trashing an old computer is “I’d better delete my files”. While this is obviously a splendid idea, make sure that you are making every effort to protect your privacy by understanding what ‘delete’ means.

In the Windows world, when you delete a file or folder from your computer, they are essentially “marked for deletion” - think of it as taking the label off of your videocassette (ah, memories…) with your favorite episode of say, ‘Falcon Crest‘, but not actually re-recording over it until ‘TJ Hooker’ is on later during the week.

When a file is marked for deletion, it tells the operating system that “this block is available if you have anything to write here”. However, your OS may have plenty of other blocks to write to before writing something in this newly available block (in keeping with our example, you have plenty of new blank tapes to record “The Hook” on, so you decide to use those first, instead of compromising video quality on a pre-used cassette). So in essence, your data is still there on your drive, ready to be restored at any time; a number of utilities exist, free and payware, with the ability to restore your deleted data quite easily, and by computer-novices.

Case in point:

I worked for a large corporation as a desktop support agent. One of my younger colleagues forgot to back up a computer before loading a new cloned image on the PC, essentially overwriting all the data from the previous configuration.

Or, so he thought.

In an act of desperation, I ran a Norton file recovery and undelete command on the drive, and was able to restore EVERY file from the previous configuration (probably saving my young friend his job!).

Things you can do to help yourself:

• Get the help of a techno-nerd friend to securely delete your data. Entice him/her with pizza and gift certificates to NewEgg.com if necessary.
• Use an encrypting container to house your sensitive data (for example, CryptArchiver Lite or CryptainerLE, There are many others).
• Delete your files using a secure erase program (see below)
• Defrag your hard drive often, especially after you uninstall a lot of software, or delete large amounts of data. This will overwrite the empty blocks quicker (if the amount of data surpasses the point on the drive where your deleted file was located). This is not a surefire method, but it will enhance your performance in addition to latently increasing the chances you are overwriting your ‘marked’ files.
• If you are trashing your computer and no longer need the hard disk, remove and smash it with a large hammer. Seems a bit barbaric, but it is extremely satisfying. If the hard drive is sizable enough, consider buying an external USB enclosure and using it as a backup drive.

Giving can be a wonderful thing; it gives you that warm-fuzzy feeling when you’ve done something nice…don’t let one second of that familiar “oh…no…” moment (you know what I’m talking about) ruin your “feel-goodiness.”

You’ve done something nice, enjoy the feeling!

Secure file erasure:

• Eraser
• Super Shredder

File/Folder/Disk wipe:

• SDelete (command-line)
• Paragon Disk Wiper

Recommended reading:

• TechSoup.org: Ten Tips for Donating a Computer
• Findlaw.com: Responsible e-Waste Removal

Trackback link - http://www.DailyCupOfTech.com/2007/05/17/donatedtrashed-a-computer-your-data-may-be-at-risk/trackback/

They go by a lot of different names: history erasers, track eliminators, privacy cleaners, Internet eradicators. But, whatever you call them, their purpose is to remove all evidence of your “Internet indiscretions”. The big questions are, how well do they work and do they still leave some tracks behind?

These programs, which we will refer to as history erasers, claim to remove any trace of where you have been on the Internet and what you have been accessing on the Internet. These programs are typically marketed, quite aggressively in many instances, to people who, either accidentally or purposefully, accessed something on the Internet that they should not have.

This can be the teenager accessing adult content and is afraid her parents will discover what she has done. Or an employee who had an inappropriate pop-up appear on his computer screen while doing research for work. Maybe it is an online pedophile who is afraid that the police might somehow access his computer and discover evidence of his “hobby”. Or the concerned online bank customer worried about their password or credit card number that may be stored on their computer.

The truth is, these tools provide very limited protection against anyone who is looking for what you are doing on the Internet. They may stop someone who does not understand how the Internet or networks work but for someone who knows what they are doing, these provide very little in the way of “protection”. Following is a breakdown of what these tools can and can’t do for you.

Read the rest of the story…

Trackback link - http://www.DailyCupOfTech.com/2007/04/05/the-truth-about-history-erasers/trackback/

My favorite encryption tool, TrueCrypt has just released version 4.3. The primary purpose for this version is to support Vista.

From their website, here is a complete list of changes for this version:

New features:

• Full compatibility with 32-bit and 64-bit Windows Vista:
  • Support for User Account Control (UAC).
  • All .sys and .exe files of TrueCrypt are now digitally signed with the digital certificate of the TrueCrypt Foundation, which was issued by the certification authority GlobalSign.
  • When moving the mouse on a single-CPU computer while reading or writing data to a TrueCrypt volume, the mouse pointer stopped moving for a second every few seconds. This will no longer occur. (Windows Vista issue)
  • Other minor compatibility-related changes.
• TrueCrypt volume is automatically dismounted if its host device is inadvertently removed.Important: Before you physically remove a device (such as a USB flash drive) where a TrueCrypt volume resides, you should always dismount the volume in TrueCrypt first, and then perform the ‘Eject‘ operation (right-click the host device in the ‘Computer‘ or ‘My Computer‘ list) or use the ‘Safely Remove Hardware‘ function (built in Windows, accessible via the taskbar notification area).
• Support for devices and file systems that use a sector size other than 512 bytes (e.g., new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.)
• Support for devices with a GPT partition table (GUID partitions). (Windows Vista/2003/XP)
• After a partition is successfully encrypted, the drive letter assigned to it (if any) is automatically removed. (Windows)
• Volume name (label) is displayed in device/partition selector. (Windows)
• New hotkey: ‘Wipe Cache’. (Windows)
• New command line switch ‘/q background‘ for launching the TrueCrypt Background Task. (Windows)

Improvements:

• Portions of the TrueCrypt device driver redesigned.
• Maximum allowed size of FAT32 volumes increased to 2 TB (note that NTFS volumes can be larger than 2 TB).
• Traveller Disk Setup improved. (Windows)
• Volumes hosted on read-only media will always be mounted in read-only mode. (Windows)
• Improved support for big-endian platforms.
• Other minor improvements (Windows and Linux)

Bug fixes:

• The built-in FAT format facility now functions correctly on big-endian platforms.
• Improved handling of partitions and devices during volume creation. (Windows)
• Improved handling of low-memory conditions. (Windows)
• Fixed bug that rarely caused system errors when dismounting all volumes. (Windows)
• Tray icon is recreated when Windows Explorer is restarted (e.g. after a system crash).
• Other minor bug fixes. (Windows and Linux)

Security improvements:

• Improved security of set-euid mode of execution. Volume can be dismounted only by the user who mounted it or by an administrator (root). (Linux)

Miscellaneous:

• The option ‘Cache passwords and keyfiles in memory‘ in the password prompt dialog window no longer sets the default setting (to set the default setting, select Settings > Preferences and enable or disable the option ‘Cache passwords in driver memory‘). (Windows)

Removed features:

• It is no longer possible to create new volumes encrypted with 64-bit-block encryption algorithms (Blowfish, CAST-128, and Triple DES). 64-bit block ciphers are being phased out. It is still possible to mount such volumes using this version of TrueCrypt. However, it will not be possible to mount such volumes using TrueCrypt 5.0 and later versions (this applies also to volumes encrypted with AES-Blowfish and AES-Blowfish-Serpent, which have been in the process of being phased out since TrueCrypt 4.1). If you have such a volume, we recommend that you create a new TrueCrypt volume encrypted with a 128-bit-block encryption algorithm (e.g., AES, Serpent, Twofish, etc.) and that you move files from the old volume to the new one.

This is a must upgrade for all of you that are working with TrueCrypt.

Useful Links:

• TrueCrypt Website
• Downloads
• Screenshots
• Documentation

Trackback link - http://www.DailyCupOfTech.com/2007/03/21/truecrypt-with-vista-support-released/trackback/

A new version of Torpark, the portable anonymous web browsing tool, has been released.

If you are new to Torpark, it uses the Tor network to route your information through different systems so that it becomes more difficult to track where you are coming from. From the Tor website:

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

One thing of note. There appears to be some changes with Torpark coming with the company that is now formed which owns Torpark. They will be offering some premium services and even secure notebooks that appear to piggyback on the Tor network. I hope that the company finds success in this market because if they do not, there is a good chance that they will end up stopping all work and Torpark will either disappear or end up as an abandoned project.

Trackback link - http://www.DailyCupOfTech.com/2007/02/28/torpark-2002a-released/trackback/

News sites have been noting recently that Myspace and Xanga (and their ilk) have been a place for friends and social networks to grieve for those who have passed away - while this is notable and a very cool use of the technology, it was bound to happen.

If you have been online for a time, you have probably posted here or there in various forums, commented to blog entries, or even (if you are old enough) have posted on various UseNet groups and good old newsgroups (which I still love!)…

The point I am making is that the vestiges of our Internet personas will be, for all intents and purposes, immortal - - well, at least the information will be around far beyond our lifetimes. It is the closest we will be (as far as we know so far) to becoming eternal and be able to prove it to those that are still breathing and logging on to the ‘Net…

With that, I suggest you go Google yourself and see what the Internet has to say about you while you are still here.

There are several articles that talk about this and have great tips if you want to limit or do something about your sensitive information on the ‘Net:

• About.com - Google Yourself
• ZDNet - Why you should Google Yourself, and Often
• WindowsNetworking.com - Google Yourself To Identify Security Holes
• Google - and the list goes on…

I’m somewhat hesitant to admit that I do this quite often… Usually, my goal is to see if I can innocently catch up with someone. Is this a new form of stalking?

However, I did Google a person that I was entering into an auction transaction with. The auction was for a set of wheels and tires, and I discovered that this person was in a car accident recently, as stated by his local paper (I searched for the name of the person, and the city he was from). Of course, this brought up the question, was the set from the car? Would this affect the transaction?

If I did this with a person I was paying money to, it doesn’t take a stretch to realize that potential employers can do the same thing…be aware if you are job-hunting!

So, if you do find information on yourself that you don’t like - here is an interesting…work-around: A search tool that can create higher-scoring search results with more favorable information that you specify (you can read about it via this Wired article). Particularly useful for the shadier folks among us.

Now that I’ve fed your paranoia bug, go Google yourself!

Oh, I still went through with the wheels and tires - my car looks sharp!

Trackback link - http://www.DailyCupOfTech.com/2007/02/23/why-dont-you-just-go-google-yourself/trackback/

IT Security has written a very useful article entitled The Twenty Minute Guide to PC Security: 20 Tips to Secure your Box. This is a very good article that talks to pretty much everyone who has a home network or spends time on the Internet. If you do nothing else but take the advice in this article, you will be doing more to secure your computer and home network than the vast majority of users.Here are the areas that are covered in the article:

The Basics: Spotting and Eliminating Threats

1. Use a firewall
2. Install and update anti-virus software
3. Install and run anti-spyware software
4. Install additional basic threat counter-measures

Tweaking Settings and Making Usage Adjustments

1. Strengthen your web browser security
2. Install the latest OS service pack
3. Select secure software and update it regularly
4. Disable file sharing on your hard drives
5. Be cautious when downloading

Safely Emailing

1. Use a first-rate email client
2. Handle email attachments carefully
3. Do not click on email links haphazardly
4. Set up email filters

Protecting Your Password

1. Keep hackers guessing
2. Use a variety of different passwords
3. Password protect your computer login access

Wireless Protection

1. Protect your wireless network
2. Do not use a neighbor’s wi-fi connection

Physical Protection

1. Disguise your laptop
2. Use anti-theft solutions

We can all stand to improve our security knowledge. Take some time to read through this and think about your security setup.

Trackback link - http://www.DailyCupOfTech.com/2007/02/22/secure-your-compute-in-20-minutes/trackback/

While I was working my way through the Internet today, I ran across an article on MSN called Thwart the Three Biggest Internet Threats of 2007. (Mirror page in case Microsoft gets embarrassed and takes it down.) I immediately thought, “This should be good! I wonder what type of spin Microsoft will put on this?”

Imagine my surprise when the #1 threat listed is Internet Explorer! In fact, the article goes on and recommends that you install another web browser, in this case Opera, as your default web browser:

…the best way to reduce your PC’s vulnerability to ActiveX exploits is to download and install another browser, and set it as your default browser. Mozilla’s Firefox is the most popular IE alternative. Unfortunately, Firefox’s growing popularity has enticed malware authors to exploit its own flaws. While no software is perfectly secure, many experts (including me) think the Opera browser is safer than either IE or Firefox.

It appears that MSN is publishing stories from PC World and not really checking the content very well!

This information is opposite what is on the Microsoft Internet Explorer website:

Internet Explorer 7 provides security through a robust new architecture, security features that help defend against malicious software (also known as malware), and new ways to better protect against the theft of personal data from fraudulent websites, a practice known as phishing.

This seems to indicate that someone isn’t really paying attention to what is happening from a management perspective at Microsoft. This reminds me of the Windows 98 BSOD:

What do you think? Did someone at Microsoft drop the ball? Will heads roll? Or do they even care? Let me know in the comments.

Related:

• Security Week Windup
• Free Internet Security Suite
• Sniff…Sniff…That New Office Suite Smell!
• What’s That Slurping Noise?
• Microsoft Invading Your Privacy?

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.DailyCupOfTech.com/2007/02/12/microsoft-says-ie-biggest-internet-threat-get-opera/trackback/

 

ITsecurity website has an excellent article called Small Business Primer on Network Security Threats. It talks about the importance of security, even for businesses with a couple of computers. It talks to several important security areas including:

• Viruses and Worms
• Trojan Horses
• Spam
• Phishing
• Packet Sniffers
• Maliciously-Coded Websites
• Password Attacks
• Hardware Loss and Residual Data Fragments
• Shared Computers
• Zombie Computers and Botnets

I have covered security topics in the past but every time I read a new article about security, I learn something more. And this is coming from a guy who is already paranoid.

This is a good read well worth your time.

Trackback link - http://www.DailyCupOfTech.com/2007/02/10/small-business-primer-on-network-security-threats/trackback/

Today is Safer Internet Day! It’s purpose is to bring attention to some of the risks that youth are faced with daily on the Internet.

I have compiled a list of things that you can do today to mark Safer Internet Day:

• Install/update antivirus on your computer
• Install a firewall on your computer
• Lock down your home wireless network
• Surf the Internet with your kids
• Talk to your kids about the risks on the Internet
• Sign up for an Internet safety course
• Organize an Internet awareness event at your church, club, etc.
• Install antispyware on your computer
• Install an Internet monitor on your computer
• Sign an Internet Use Contract with your children
• Move your home computer to a common room
• Look through your computer’s Internet cache for suspicious behavior
• Ask your kids to explain how something works on the Internet
• Research Internet risks on the Internet
• Create a pseudonym to use on the Internet
• Make your phone number unlisted
• Report a spammer or Internet fraud to your Internet provider
• Install antispam software
• Get administrative access to your kids’ computers
• Learn the mean of the following terms:
  • Phishing
  • Social Network
  • CyberBullying
  • War Driving
  • IM’ing
  • Pod Slurping
  • Social Engineering

Trackback link - http://www.DailyCupOfTech.com/2007/02/06/20-ways-to-mark-safer-internet-day-2007/trackback/