Know your password in Web Browsers

We don't see our passwords as we type them in the password field in browser, because for security reasons, the password field in all browsers is masked with “asterisks” which won’t allow any third person to read the original typed password. There is actually technique for revealing the original passwords behind the asterisk symbol in password field.

Google Chrome:
Starting off with Google chrome, the easiest way to reveal the original passwords behind the asterisk is using inbuilt Inspect element feature in the browser.

1. You just need to right click on the password field in the browser where you will get an option "Inspect Element". 
2. After clicking on it, "Web Inspector" will open out and there you can see some code which is basically Html code and you just need to replace the "password" word with "text" word and it will reveal the words behind the asterisks.

You can use JavaScript which is quite quick and easy as compared to above method. Just open a site that allows users to login and after typing the password, just enter the following JavaScript code in the address bar.
Javascript: alert(document.getElementById('Passwd').value);
After entering the above code in the address bar, press enter and it will pop up a window with your password written on it.

Mozilla FireFox:
The google chrome browser technique is also applicable in Firefox.

1. Open a site that asks for login right click on the password field in the browser where you will get an option "Inspect Element". 
2. Click on it, "Web Inspector" will open out and there you can see some code which is basically Html code and you just need to replace the "password" word with "text" word and it will reveal the words behind the asterisks.

How to access your user account without password

Lost your login Password? Or forgot your windows login Password? Problem in accessing your user account? Don’t worry here is the solution. Most of the times computer users don’t remember their passwords or some times they may lost the book or paper where they registered their passwords.
In this case do the steps:
1. Start the computer and press ‘F8’ function key before booting the operating system.
2. Select ‘Safe Mode’ from the booting options
3. Now it opens your computer in ‘Safe mode’, in this mode all users’ accounts and Administrator account also shown on the computer screen.
4. Click on ‘Administrator’ user account. (Note: most of the time ‘Administrator’ account password will be blank, which is created by windows operating system while installing operating system)
5. Open ‘Control Panel’ -> ‘User Accounts’
6. Click on your user account and click on ‘Remove Password’
7. Now restart your computer and now you can open your user account without any login password. (Note: Create a new password and keep it in secured place)

You can also change a user's password at the command prompt, log on as an administrator and type:
1. Start the computer and press ‘F8’ function key before booting the operating system.
2. Select ‘MS-Dos prompt” from the booting options
3. Type the below command at command prompt

C:/>net user user_name * /domain
When you are prompted to type a password for the user, type the new password, not the existing password. After you type the new password, the system prompts you to retype the password to confirm. The password is now changed.

Alternatively, you can type the following command:
C:/>net user user_name new_password

When you do so, the password changes without prompting you again. This command also enables you to change passwords in a batch file.

Note: Non-administrators receive a "System error 5 has occurred. Access is denied" error message when they attempt to change the password.

Beware of Holiday Season Phishing Scams and Malware Campaigns

It is a ALERT for internet users to stay aware of seasonal greetings scams and cyber campaigns, which may include:

• electronic greeting cards that may contain malware
• requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
• screensavers or other forms of media that may contain malware
• credit card applications that may be phishing scams or identity theft attempts
• online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers
• shipping notifications that may be phishing scams or may contain malware

Internet users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

• Refer to the Shopping Safely Online Cyber Security.
• Do not follow unsolicited web links in email messages.
• Use caution when opening email attachments. 
• Maintain up-to-date antivirus software.
• Review the Federal Trade Commission's Charity Checklist.
• Verify charity authenticity through a trusted contact number. 
• Refer to the Recognizing and Avoiding Email Scams (pdf).
• Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security.
• Refer to the Holiday Traveling with Personal Internet-Enabled Devices Cyber Security.

For more details visit: https://www.us-cert.gov/ncas/current-activity/2013/11/19/Holiday-Season-Phishing-Scams-and-Malware-Campaigns 

Know your IP Address and Location

This is very simple to know your IP Address and place on internet.

Just follow the steps:
Open your browser and type www.whatismyipaddress.com and press ENTER key.
The browser opens the website, in that website it displays the following details:

1 Displays your IP Address
2 ISP name
3 Your internet connection type whether it is dialup or broadband
4 Services
5 Your City
6 Your Region
7 Your Country

Even it displays your desktop operating system version and browser type and its version.

Convert Website into PDF format

Convert Website into PDF format

You can convert a website into PDF format then download the PDF document (Website), read it or post it on internet or any where.

To convert a website into PDF format follow the steps:

1. Connect to internet.

2. Open your browser and type http://pdfmyurl.com, the browser opens pdfmyurl.com website.

3. Type your website name in the place given for, then press ENTER key.

4. After few seconds your website in PDF format is ready. Now download the PDF document to your computer.

Now website is available in PDF format, now you can read it, or post it on internet for your friends.

Create Files and Folders without name

Create Files and Folders without name

We can create Files and Folders without name, to do this follow the steps below

Select any file or folder. 

Right click with mouse on the file or folder then select rename or press F2 key and select rename.
Keep pressing Alt key and hold it, then type 0160 from numeric pad.

Note: Numeric Pad numbers on the right side of he keyboard are only keys to use. Don’t use numbers on the function keys.

After typing the number from numeric pad then press Enter key. Now your File or Folder is created without any name.

Tip: 0160 number is ASCII code for space.

Note: if you want to create more than one folder or files then repeat the 1 to 3 steps again. And press Enter key after finishing your job.

Problem: These nameless folders or files some times can not be deleted then restart your computer in “SAFE” mode and then delete those files or folders.

Protect your folder with password

How To Protect your folder with password

Well here is a way to do that. In this section I will show you how to make a password protected folder in Windows XP, Vista without using any additional software. Following is the step by step procedure to create a password protected folder.

1: Create a new folder (Right-click -> New -> Folder) and give it any name of your choice. For instance you name it as HME.

2: Now place all the important files, documents or any other folder in this folder that you want to password protect.

3: Now Right-click on this folder (HME) and select the option Send To -> Compressed (zipped) Folder.

4: Now a new compressed zipped folder gets created next to folder (HME) with the same name.

5: Double-click on this compressed zipped folder and you should see your original folder (HME) there.

6: Now go to the File menu and select the option Add a password. ie: File -> Add a password

You will get small pop up window here. You can set your desired password. Once the password is set, It will ask for the password every time it is opened. Thus you have now created the password protected folder.

Note: if you are using WinRAR software do the same but it creates .rar folder 

Find your stolen iPhone

Find My iPhone
The technology available at iCloud it's now possible to locate your device provided it still has access to some sort of data connection (cellular or Wi-Fi). This won't work if your device is not using the Find My Phone service, has run out of battery or was last seen in Airplane Mode, but it's certainly worth a shot.

Open iCloud.com, login with your Apple ID and the same password you use to authorize app purchases and click on Find My iPhone. iCloud will attempt to locate your device, if found you can take a note of whether it's moving, whether it's down the back of the sofa or indeed whether it appears somewhere entirely different to you last had it in which case, it's probably been stolen.

Using iCloud.com it's possible to initiate a remote wipe of the phone, which will cause the phone to reset itself to factory settings and preserve your data. To do this by logging in, clicking on Find My iPhone then selecting the device and enabling Lost Mode. Don't forget to leave a message and a phone number in the hope that whoever took it might actually return it.If your phone has been stolen but remains traceable, you may want to hand the information over to the police. There have been a few examples, law enforcement have used Apple's Find My iPhone location data to recover stolen devices, though be prepared that this may not be the case.

If your phone has been updated to iOS 7, you've got another safety net in place in the form of Activation Lock. Even after wiping the device, it will require your own personal Apple ID and password to be usable. Until these credentials are provided, the phone will refuse to work as intended. It's useless to the thief, and not even Apple will unlock it.

You can tell if your phone has been updated to iOS 7 first and foremost by the graphical style. Apple introduced a new, cleaner interface. You can see the difference at-a-glance in the screenshot above (iOS 7 is on the right). You can also head over to Settings > General > About and look at the number under Version.

CryptoLocker Ransomware Infections

Systems Affected
Microsoft Windows systems running Windows 8, Windows 7, Vista, and XP operating systems

Description
CryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. In addition, there have been reports that some victims saw the malware appear following after a previous infection from one of several botnets frequently leveraged in the cyber-criminal underground.

Impact
The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives. If one computer on a network becomes infected, mapped network drives could also become infected. CryptoLocker then connects to the attackers’ command and control (C2) server to deposit the asymmetric private encryption key out of the victim’s reach.

Victim files are encrypted using asymmetric encryption. Asymmetric encryption uses two different keys for encrypting and decrypting messages. Asymmetric encryption is a more secure form of encryption as only one party is aware of the private key, while both sides know the public key.

While victims are told they have three days to pay the attacker through a third-party payment method (MoneyPak, Bitcoin), some victims have claimed online that they paid the attackers and did not receive the promised decryption key.

Following preventative measures to protect computer networks from a CryptoLocker infection: 

• Do not follow unsolicited web links in email messages or submit any information to web pages in links 
• Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments for more information on safely handling email attachments 
• Maintain up-to-date anti-virus software 
• Perform regular backups of all systems to limit the impact of data and/or system loss 
• Apply changes to your Intrusion Detection/Prevention Systems and Firewalls to detect any known malicious activity 
• Secure open-share drives by only allowing connections from authorized users 
• Keep your operating system and software up-to-date with the latest patches 
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams 
• Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks 

Mitigation
Following possible mitigation steps that users and administrators can implement, if you believe your computer has been infected with CryptoLocker malware:

• Immediately disconnect the infected system from the wireless or wired network. This may prevent the malware from further encrypting any more files on the network 
• Users who are infected should change all passwords AFTER removing the malware from their system 
• Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware, or users can retrieve encrypted files by the following methods: 
• Restore from backup, 
• Restore from a shadow copy or 
• Perform a system restore.

Source from: https://www.us-cert.gov/ncas/alerts/TA13-309A

Malicious Software and Security

There are many types of malicious software, outside of your typical viruses, attack systems every day. The following sections outline other types of malicious software but understand that they are all considered types of viruses.

Trojan horses
Trojan horses virus are special designed and bundled in an exe file, when some one click on this exe file then it executes the virus program and takes control of the system. For example, NetBus is a very popular Trojan virus that ships as a file called patch.exe. A hacker e-mails the file called patch.exe and explains in the e-mail that this is a security patch you need to apply to make sure your system is secure. Unfortunately, patch.exe is the security hole! When you run patch.exe, it opens your system up to the hacker by opening a port so that the hacker can connect to the port at any time and control your system. Trojan viruses are normally loaded on your system by the hacker tricking you into running the program on the system. You can remove the Trojan with virus-protection software.

Worms
A worm is a self-replicating virus. By self-replicating, I mean that the worm doesn't need to be activated by the user opening the file. A worm is a virus that runs on a system and also tries to infect other systems on the network. The Nimda virus is an example of a worm virus. Worms are loaded on your system by connecting to your system from across the Internet. The worm is usually designed to infect the system by connecting through a specific piece of software.

Spyware and adware
Spyware is software that loads on your system and then monitors your Internet activity, while adware is software that creates pop-ups from time to time advertising a particular product or service. Both of these types of viruses infect your system when you surf the wrong Internet site. Spyware and adware have become a huge negative result of the Internet, so a number of products are available to eliminate spyware and adware.

The most popular products used to eliminate spyware and adware are:

• Spybot Search & Destroy
• Ad-Aware
• Microsoft’s Windows Defender

Fake Antivirus Software

How Fake antivirus function?
Fake antivirus is malicious software (malware) designed to steal information from unsuspecting users by mimicking legitimate security software. The malware makes numerous system modifications making it extremely difficult to terminate unauthorized activities and remove the program. It also causes realistic, interactive security warnings to be displayed to the computer user.

How can my computer become infected with fake antivirus?
Criminals distribute this type of malware using search engines, emails, social networking sites, internet advertisements and other malware. They leverage advanced social engineering methodologies and popular technologies to maximize number of infected computers.

How will I know if I am infected?
The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.

What can I do to protect myself?

• Be cautious when visiting web links or opening attachments from unknown senders.
• Keep software patched and updated.
• To purchase or renew software subscriptions, visit the vendor sites directly.
• Monitor your credit cards for unauthorized activity.
• Report Internet crime or fraud immediately to law enforce agencies.

Spam Mail Security

What is spam?
Spam is the electronic version of "junk mail." The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses valid messages from legitimate sources could fall into this category.

How to handle the spam mails?
There are some steps you can take to significantly reduce the amount of spam you receive:

1. Don't give your email address out arbitrarily: Email addresses have become so common that a space for them is often included on any form that asks for your address even comment cards at restaurants. It seems harmless; so many people write them in the space provided without realizing what could happen to that information. For example, companies often enter the addresses into a database so that they can keep track of their customers and the customers' preferences. Sometimes these lists are sold to or shared with other companies, and suddenly you will be receiving email that you didn't request for.
2. Check privacy policies in the site: Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information.
3. Don’t select default options: When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from lists those lists as well.
4. Use Spam filters: Many email programs offer filtering capabilities that allow you to block certain addresses or to only allow email from addresses on your contact list. Some ISPs offer spam "tagging" or filtering services, but legitimate messages misclassified as spam might be dropped before reaching your inbox. However, many ISPs that offer filtering services also provide options for tagging suspected spam messages so the end user can more easily identify them. This can be useful in conjunction with filtering capabilities provided by many email programs.
5. Report messages as spam: Most email clients offer an option to report a message as spam or junk mails. Reporting messages as spam or junk helps to train the mail filter so that the messages aren't delivered to your inbox. However, check your junk or spam folders occasionally to look for legitimate messages that were incorrectly classified as spam.
6. Don't click mouse on links in spam messages: Some spam relies on generators that try variations of email addresses at certain domains. If you click a link within an email message or reply to a certain address, you are just confirming that your email address is valid. Unwanted messages that offer an "unsubscribe" option are particularly tempting, but this is often just a method for collecting valid addresses that are then sent other spam.
7. Disable the automatic downloading of graphics in HTML mail: Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message when your mail client downloads the graphic from their web server, they know you've opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.
8. Consider opening an additional email account: Many domains offer free email accounts. If you frequently submit your email address, you may want to have a secondary email account to protect your primary email account from any spam that could be generated. You could also use this secondary account when posting to public mailing lists, social networking sites, blogs, and web forums. If the account start to fill up with spam, you can get rid of it and open a different one.
9. Use privacy settings on social networking sites: Social networking sites typically allow you to choose who has access to see your email address. Consider hiding your email account or changing the settings so that only a small group of people that you trust are able to see your address. Also, when you use applications on these sites, you may be granting permission for them to access your personal information. Be cautious about which applications you choose to use.
10. Don't spam other people: Be a responsible and maintain ethics while surfing the web. Some people consider email forwards a type of spam, so be selective with the messages you redistribute. Don't forward every message to everyone in your address book, and if someone asks that you not forward messages to them, respect their request.