Thursday, July 12, 2012

Hard Drive Destruction: 100% Secure Method Of Removing Hard Disk Data

Confidential information stored in a hard drives are always a target of identity thieves because most people or organization knows nothing about data security. When organizations upgrade their computer, they often forget to do the security measures in making the files unrecoverable.

Normally formatting is a way to get rid of all the data in the HDD but this method doesn't make the files unrecoverable. It just makes room for free space, so your old files will be overwritten. This is where most business, companies, and organization fails. What they do is format the disk then they either send it to recycling centers or sell them to people.

Another mistake, which can compromise their data security is how people deals with broken disks. Did you know that malfunctioning disks still have files in them that can be recovered using straightforward techniques like using a file recovery CD or a more advance file recovery method like transferring a disk platter to another hard disk of the same make and model.

It is possible to wipe data in a disk. Wiping is a process wherein the erased file is overwritten several times, so the files will no longer be recovered. The wiping process is easy, but the result is unpredictable. Sometimes, no matter how many times a disk wiping is performed, a file recovery software will still be able to recover it.

A hard disk that contains personal information of customers can be recovered by thieves in which they can use to

That is why it is recommended to perform HDD destruction before throwing away hard disk drives. Before it is done, there are pointers to remember first:

List of files in HDD which will be prone to identity theft and data breach: social security number

    Financial records
    Personal information (complete name, birthday, address) credit card numbers
    Customer's database with a name, birthday, social security number, address, etc. medical records
    Tax records
    Trade secrets
    Strategic business plans

Verify if the hard disk is fully functional or not working. A fully functional hard disk can benefit from disk wiping method the best solution to make wiping unrecoverable is to do several passes. 7 pass is not enough, and 35 passes are a sure way to remove data. Make sure to perform a disk verification procedure to verify if all files are unrecoverable.

How To Securely Delete Files

Deleting a file through typical means, does not necessarily mean that you removed the file from your hard disk. With some tools or software, the file you just deleted can be easily recovered.

When you send a file to a recycle bin, the operating system only deletes a record of the files that you want to delete. Your actual files remain in memory of your hard disk.

What is at risk

These are some of the sensitive information:

    Personal information(name, address, birthday, etc).
    Social security number, tax records
    Bank account information, credit card information
    Customer's database
    Trade secrets
    Confidential documents

People interested in this sensitive information is either one of your family member that wants to steal credit card from you, your employees, or identity thieves. Financial loss could start from $4,000 up to $100 million depending on the kind of sensitive information stolen.

Repairs could take from $200 per individual and could last for more than a month depending on the kind of action done to repair the problem.

The concept of overwriting

The concept in making a file unrecoverable is to flip each magnetic domain as much as possible without writing the same pattern twice in a row. If the data is encoded directly, you can effortlessly choose the desired overwriting pattern of ones and zeros and then write it repeatedly. However, most disk use Run Length Limited (RLL) encoding so that the adjacent ones won't be overwritten.

To delete a hard disk permanently, you need to overwrite the disk many times in alternating patterns in order to expose it into a magnetic field that is oscillating fast enough so, it can do the flipping of the magnetic domain over a reasonable amount of time.

Discover the Importance of Data Recovery Software

Many long time computer users have lost personal files one way or another. The data could have been unimportant and easily replaced or it could have been quite valuable that caused some anxiety. The data loss might have been caused by file corruption due to software error or hardware malfunction.

To prevent such data loss, it is always advisable to save your files often while doing your work. If you are using an uninterruptible power supply, quickly save your work once a blackout occurs. If the software you are using has an option to always make backup copies, it is better to enable the feature before you start working. It is also highly recommended to periodically make backup copies of all your important files so that any lost data can be recovered even partially instead of repeating all your work from the very beginning.

But what do you do if your file becomes corrupted and that file contains valuable information? Is there a way to recover the file and its data? There is software to do just that and they are called data recovery software. When a file becomes corrupt, many times its header or table of content is the one section that is damaged. The data might still be there and it can be recovered. Data recovery software scans the file and attempts to recover the header and if successful, the file can be accessible again. If on the other hand, part of the data has been destroyed and the header is still intact, the data in the file can still be saved, albeit partially only. Even if not all of the data was restored, the resulting file is good enough to continue working with it instead of starting from scratch.

One of the dreaded scenarios is where our hard drive gets corrupted and becomes inaccessible. The drive might still be functional, but for some reason Windows cannot access the data. This symptom points to a corrupted file system table. All data may still be intact, but the table used to access the files become corrupted. In order to recover the data, another drive of the same size or bigger must be connected to the computer. The data recover software is run and all recoverable data is copied to the new hard drive. This kind of recovery takes a long time especially if the hard drive size is large.

Tuesday, July 10, 2012

3 Free Software To Repair Corrupt AVI Files

AVI files obviously quite important and have many uses, but one really annoying thing about them is that whenever they get corrupt, they are very hard to repair. It is not uncommon that sometimes the video file is not completely copied from the CD, DVD or other sources; or sometimes the video freezes while you can hear the sound; and even you sometimes see pixels distorted image. The most irritating error is when the video simply cannot be played. Well now all these errors can be taken care of – thanks to all the great tools for this purpose out there. So today we have 3 Free Software To Repair Corrupt AVI Files. Check them out and pick the one that suits your needs the best.


DivFix++



DivFix++ is a great tool that allows fixing AVI videos. The good thing about this tool is that it also works very well with latest high definition video files in AVI format. But unfortunately this tool does support bigger, multi partitioned AVI files presently. Still on the whole, this is a really nice tool and deserves a try.

10 Awesome Hard Drive Backup Applications

Your computer has a lot of important data stored on it. You might not even imagine how much data you have in your computer – like photographs, videos, songs, documents, critical files, programs, movies, etc. Do you know that in a split second, you could lose all this data in case your hard drive crashes, or some virus infects it or you delete some folder by mistake. So the wise thing to do is to be always prepared for the worst, i.e. losing all your data. So you should always back up your important data regularly. Doing this manually can be really irksome, but thanks to all the backup apps out there you don't have to do it manually. Many backup software are available out there, but which ones are the best? Well today we have a list of10 Awesome Hard Drive Backup Applications. This list is in no particular order, so check them out and pick the one that suits your needs the best!

Norton Ghost



Norton Ghost is an automatic backup app that simply backs up your important data like your documents, photos, videos, music and other files. It takes regular snapshots of the hard drive so that you have a backup of everything there is on your hard drive. You can also set the option to take a backup whenever there is an increase in the data storage. You can backup your data to almost any media, including Blu-ray Disc®, CDR/RW and DVD+-R/RW drives, USB and FireWire® (IEEE 1394)  devices, network drives, and Iomega® Zip® and Jaz® drives. So restoring your data to its original form would be extremely easy in case of loss of data without even using a bootable CD. It is compatible with Windows XP, Windows Vista and Windows 7.

PowerShell (v3) - Enable-TSDuplicateToken

To be clear, this is not my code. I merely want to have it readily accessible in case I need it later. The original post came from Niklas Goude's post on the Scripting Guys blog,
Use PowerShell to Duplicate Process Tokens via P/Invoke
I added this to my dot sourced function directory so I can use it on an as needed basis to get an elevated shell. So, again, not my code, just a great function found here:
Enable-TSDuplicateToken
Works perfectly on Windows 7,
function Enable-TSDuplicateToken {
<#
  .SYNOPSIS
  Duplicates the Access token of lsass and sets it in the current process thrdad.

  .DESCRIPTION
  The Enable-TSDuplicateToken CmdLet duplicates the Access token of lsass and sets it in the current process thread.
  The CmdLet must be run with elevated permissions.

  .EXAMPLE
  Enable-TSDuplicateToken

  .LINK
  http://www.truesec.com

  .NOTES
  Goude 2012, TreuSec
#>
[CmdletBinding()]
param()

$signature = @"
    [StructLayout(LayoutKind.Sequential, Pack = 1)]
     public struct TokPriv1Luid
     {
         public int Count;
         public long Luid;
         public int Attr;
     }

    public const int SE_PRIVILEGE_ENABLED = 0x00000002;
    public const int TOKEN_QUERY = 0x00000008;
    public const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
    public const UInt32 STANDARD_RIGHTS_REQUIRED = 0x000F0000;

    public const UInt32 STANDARD_RIGHTS_READ = 0x00020000;
    public const UInt32 TOKEN_ASSIGN_PRIMARY = 0x0001;
    public const UInt32 TOKEN_DUPLICATE = 0x0002;
    public const UInt32 TOKEN_IMPERSONATE = 0x0004;
    public const UInt32 TOKEN_QUERY_SOURCE = 0x0010;
    public const UInt32 TOKEN_ADJUST_GROUPS = 0x0040;
    public const UInt32 TOKEN_ADJUST_DEFAULT = 0x0080;
    public const UInt32 TOKEN_ADJUST_SESSIONID = 0x0100;
    public const UInt32 TOKEN_READ = (STANDARD_RIGHTS_READ | TOKEN_QUERY);
    public const UInt32 TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
      TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE |
      TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT |
      TOKEN_ADJUST_SESSIONID);

    public const string SE_TIME_ZONE_NAMETEXT = "SeTimeZonePrivilege";
    public const int ANYSIZE_ARRAY = 1;

    [StructLayout(LayoutKind.Sequential)]
    public struct LUID
    {
      public UInt32 LowPart;
      public UInt32 HighPart;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct LUID_AND_ATTRIBUTES {
       public LUID Luid;
       public UInt32 Attributes;
    }


    public struct TOKEN_PRIVILEGES {
      public UInt32 PrivilegeCount;
      [MarshalAs(UnmanagedType.ByValArray, SizeConst=ANYSIZE_ARRAY)]
      public LUID_AND_ATTRIBUTES [] Privileges;
    }

    [DllImport("advapi32.dll", SetLastError=true)]
     public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int
        SECURITY_IMPERSONATION_LEVEL, out IntPtr DuplicateTokenHandle);


    [DllImport("advapi32.dll", SetLastError=true)]
    [return: MarshalAs(UnmanagedType.Bool)]
    public static extern bool SetThreadToken(
      IntPtr PHThread,
      IntPtr Token
    );

    [DllImport("advapi32.dll", SetLastError=true)]
     [return: MarshalAs(UnmanagedType.Bool)]
      public static extern bool OpenProcessToken(IntPtr ProcessHandle, 
       UInt32 DesiredAccess, out IntPtr TokenHandle);

    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);

    [DllImport("kernel32.dll", ExactSpelling = true)]
    public static extern IntPtr GetCurrentProcess();

    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
     public static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
     ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
"@

  $currentPrincipal = New-Object Security.Principal.WindowsPrincipal( [Security.Principal.WindowsIdentity]::GetCurrent())
  if($currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) -ne $true) {
    Write-Warning "Run the Command as an Administrator"
    Break
  }

  Add-Type -MemberDefinition $signature -Name AdjPriv -Namespace AdjPriv
  $adjPriv = [AdjPriv.AdjPriv]
  [long]$luid = 0

  $tokPriv1Luid = New-Object AdjPriv.AdjPriv+TokPriv1Luid
  $tokPriv1Luid.Count = 1
  $tokPriv1Luid.Luid = $luid
  $tokPriv1Luid.Attr =[AdjPriv.AdjPriv]::SE_PRIVILEGE_ENABLED

  $retVal = $adjPriv::LookupPrivilegeValue($null, "SeDebugPrivilege", [ref]$tokPriv1Luid.Luid)

  [IntPtr]$htoken = [IntPtr]::Zero
  $retVal = $adjPriv::OpenProcessToken($adjPriv::GetCurrentProcess(), [AdjPriv.AdjPriv]::TOKEN_ALL_ACCESS, [ref]$htoken)
  
  
  $tokenPrivileges = New-Object AdjPriv.AdjPriv+TOKEN_PRIVILEGES
  $retVal = $adjPriv::AdjustTokenPrivileges($htoken, $false, [ref]$tokPriv1Luid, 12, [IntPtr]::Zero, [IntPtr]::Zero)

  if(-not($retVal)) {
    [System.Runtime.InteropServices.marshal]::GetLastWin32Error()
    Break
  }

  $process = (Get-Process -Name lsass)
  [IntPtr]$hlsasstoken = [IntPtr]::Zero
  $retVal = $adjPriv::OpenProcessToken($process.Handle, ([AdjPriv.AdjPriv]::TOKEN_IMPERSONATE -BOR [AdjPriv.AdjPriv]::TOKEN_DUPLICATE), [ref]$hlsasstoken)

  [IntPtr]$dulicateTokenHandle = [IntPtr]::Zero
  $retVal = $adjPriv::DuplicateToken($hlsasstoken, 2, [ref]$dulicateTokenHandle)

  $retval = $adjPriv::SetThreadToken([IntPtr]::Zero, $dulicateTokenHandle)
  if(-not($retVal)) {
    [System.Runtime.InteropServices.marshal]::GetLastWin32Error()
  }
}

Monday, July 9, 2012

PowerShell (v3) : Test Memory Architecture

Three simple functions I saw the basis of a few ways back. Nothing special. Just good for reference. To test if a system is x86, run this:
function Isx86
{
      switch([IntPtr]::Size)
      {
            4
            {
                  $true
            }
            8
            {
                  $false
            }
      }
}
To test if a system is x64, use this approach:
function Isx64
{<.o:p>
      switch([IntPtr]::Size)
      {
        $26nbsp;   4
            {
                  $false
            }
            8
            {
                  $true
            }
      }
}
Another way to approach it:
function Get-ProcessorBitWidth
{
      switch([IntPtr]::Size)
      {
            2
            {
                  return '16'
            }
            4
            {
                  return '32'
            }
            8
            {
                  return '64'
            }
      }
}
Much more complex tricks can be done, but, these are good to know about.

Sunday, July 8, 2012

PowerShell (v3) - Get Exported Objects from New WebServiceProxy

An old work project forced me to revisit the New-WebServiceProxy cmdlet. After talking to Trevor Sullivan (@pcgeek86) a bit I threw a post on Twitter and then the PowerShell Technet forums. My goal? Try to figure out what objects (classes) are exposed by my newly instantiated WebService proxy. After hacking at a bit, I came up with this (wrong) approach, but, it still showcases some fun usage of -replace and regex with the pipe (|) to allow multiple options to be matched/replaced.
$webservice = New-WebServiceProxy -Uri 'https://www.super.com/secret/classes.asmx' -Namespace WillsWorld -Class IGotClass
This imports the classes exposed by the .asmx page, and, allows you to call from the current session. My initial take faildd to take advantage of the -Namespace and -Class parameters, so, I was fighting ugly, dynamic type names on top of everything. Hint: use these options.

Once I have this loaded I figured I could parse the method signatures, and, extract the objects names. The following command got me a good bit along the way, but, again, still was lacking:
$webservice |
gm -membertype method |
select definition |
% {
      ($_ -replace "@|{|}|Definition=",'') -split ' |\(|\)'
} |
where {$_ -match 'WillsWorld'} |
select -Unique |
sort
Chris Duck, fellow DFW-ite, gave me this alternative which is more to the point and accurate:
 $webservice.GetType().Assembly.GetExportedTypes()
I had played with the Assembly object, but, didn't know about the .GetExportedTypes() method. Thanks to these gentleman, I can now look at a new WebService proxy and know exactly what objects/classes I can use in addition to my methods, properties and events identified by Get-Member.

Saturday, July 7, 2012

PowerShell (v3) - Find Duplicate lines in File

On occasion I need to track down duplicate entries in a file. Without going through a bunch of mechanics, I found this approach useful, and, most importantly, easy. First, we will create a dummy array and store the contents in a temp file:
# Create temp file with dummy data including duplicate lines
1,2,3,4,1,2,3,1,2,1 |
Out-File -FilePath ($tempfile = [IO.Path]::GetTempFileName) -Encoding ASCII -Append
Next, we get the data into an array. Interestingly, Get-Content does this for you without any extra work:
# Get file contents into an array
$filecontents = Get-Content -Path $tempfile
Once we have an array, which is verifiable by using this command:
$filecontents.GetType()

IsPublic IsSerial Name                                     BaseType                                                                     
-------- -------- ----                                     --------                                                                      
True     True     Object[]                                 System.Array
we can use the Group-Object (or group alias) with a Where-Object (or where alias) cmdlet pattern to find collections (or groupings) with more than 1 entry. In essence, this is a set of lines (or array entries) where more than 1 entry exists per group:
# Find duplicates
$filecontents |
Group |
Where {$_.count -gt 1}
When this gets run, it shows results:
Count Name                      Group                                                                                                   
----- ----                      -----                                                                                                   
    4 1                         {1, 1, 1, 1}                                                                                            
    3 2                         {2, 2, 2}                                                                                               
    2 3                         {3, 3} 
To finalize this sample, remove the temp file:
# Clean up
Remove-Item -Path $tempfile
While such a simple example may seem artificial, I am working on a way to reference the actual lines where duplicates appear this may "break" the simple Group cmdlet usage shown above, but, if you are in a hurry, these steps can save you very easily with minimal effort.

Thursday, July 5, 2012

PowerShell (v3) - Adding SACL Auditing to a File

Security, in Windows, can be a pretty large, complex subject, particularly from a developer's perspective. A few years ago I started exploring security, and, found some great resources. However, when I recently went to figure out how to add a SACL to a file for monitoring I came up short. So, the post below is an exploration of just what SACL's are and how to add them in Windows.

Security is controlled, in NTFS based file systems, on just a few key concepts. Two of the main concepts are: ACE's (access control entry) and ACL's (access control list). An ACE is a structure applied to an object indicated a specific right required by the object to be accessed. An ACL is a composite list of ACE's used to indicate the full permissions required/applied to an object. In short, an ACE belongs to an ACL; conversely, an ACL is composed of ACE's.

ACL's come in two flavors: 1) DACL (discretionary access control list) and SACL (system access control list). Keith Brown gives a great description of the two structures, in The .NET Developer's Guide to Windows Security,
The discretionary access control list (DACL) contains a list of permissions granted or denied to various users and groups. The reason it's called "discretionary" is that the owner of the object is always allowed to control its contents. Contrast this to the system access control list (SACL), over which the owner has no special control. In fact, the owner of an object isn't even allowed to read it. The SCAL is designed for use by security officers, and it specifies what actions will be audited by the system. I like to think of the SACL as the "Big Brother" bits.
In usage, SACL's are great for tracking who accesses a file. They provide a way to keep track of who works with a given object. One thing to note is that ACL's are not stored in the object, but, rather in the $MFT (master file table). For example, using Access Data's FTK Imager, you can see, below, two permission sets: 1) Take ownership and 2) Full permission.


Full permissions - explorer properties


Full permissions - FTK Imager ($MFT) view


Take ownership - explorer properties


Take ownership - FTK Imager ($MFT) view


When you start working with PowerShell, the Access Masks are displayed in terms of .NET enumerations. Below is a quick example to create a new file and return the SACL (Audit) permissions of the file listed above.

Wednesday, July 4, 2012

7 Best Free System Security Tools For Windows 7

7 Best Free System Security Tools For Windows 7

Everyone wants to keep their Windows based PC safe from virus, trojans and other threats. Many system security tools are available out there, but finding the good ones is not an easy task. So in order to help you out, today we have a list of 7 Best Free System Security Tools For Windows 7. These tools also work amazingly on other versions of Windows. The best part is that all these tools are free! Check them out:

CCleaner


CCleaner is definitely the best tool out there for cleaning your Windows PC. It not only protects your privacy online but also makes your PC faster and a lot more secure. It is a small, handy but yet very powerful tool.

SUPERAntiSpyware


SUPERAntiSpyware Professional provides really advanced and efficient protection from installation or re-installation of threats while you surf the web. Used in junction with the First Chance Prevention and Registry Protection, your PC is saved from threats that try to infect and infiltrate your PC at startup or while shutting down your system.

Registrar Registry Manager

This tool provides a perfect and safe solution for administrators and power users for maintaining the registry on both, their desktops and remote PCs on their network.

Eraser

This one is a really efficient and advanced security tool for Windows that lets you remove sensitive data from your hard drive by overwriting it many times with carefully chosen patterns.

Malwarebytes' Anti-Malware

This tool has the ability of detecting and removing malware that even the most popular anti-virus and anti-malware tools are unable to detect. It supervises every single process and halts malichous processes even before they start. It utilizes advanced heuristic scanning technology that supervises your system and keeps it protected and secure.

Glary Utilities

This one is yet another free tool that boasts registry and disk cleaning, privacy protection, performance accelerator and amazing multifunctional tools. It has the ability of fixing dogged registry errors, wiping off clutters, optimizing internet speed, safeguarding confidential files and maintaining maximum performance.

Ad-Aware

This tool provides real-time protection, a rootkit removal system$2C e-mail scanning and automatic updates etc to make sure that you are protected online.

Thursday, June 28, 2012

Twitter Ends Partnership with LinkedIn

According to a recent blog post by LinkedIn, Twitter has decided to end a two and a half year partnership with the website. The partnership allowed users of the social networking site for business professionals to publish tweets directly to their LinkedIn profiles. Consumer Product Chief for Twitter Michael Sippey recently wrote a post on the site's developer blog that the changes were part of a move to "deliver a core Twitter consumption experience through a consistent set of products and tools."

This isn't too surprising as Twitter has been slowly trying to push out partners who show tweets on their websites. However, those efforts have also been primarily focused on mobile clients, the same place Twitter has been emphasizing its own offerings.

LinkedIn and Twitter users will still be able to post updates on LinkedIn and broadcast them to Twitter, though the content sharing will not go the other way. This actually goes along with what Twitter's overall strategy has been recently. The social network is welcoming of others sending content to Twitter but isn't so keen on having others use tweets as content on their sites.

The strange thing about all of this, however, is that Twitter just upgraded its own Facebook app, which crossposts tweets to users' Facebook profiles, which is the exact same thing that the partnership with LinkedIn allowed since the partnership between the two sites formed back in 2009.

Twitter has struggled with rule and practice consistency for some time now with its partners like LinkedIn. Developers who have created apps for viewing tweets have found themselves placed at a disadvantage by changes to Twitter's rules and the site's efforts to develop its own mobile clients.

Source: Business Insider - Twitter Gives LinkedIn The Bird

Monday, June 25, 2012

5 Awesome iPhone, iPad and iPod Car Apps

Are you a car fanatic? Do you love cars? Well, if yes, then you should definitely get some cool car apps for your iDevices.  A plethora of car related apps are present in the App Store, so finding the best one is not an easy task. In order to help you find the best and most exciting, today we have a list of 5 Awesome iPhone, iPad and iPod Car Apps. You will see different types of car related apps in this list, so we have something for everyone. Check them all out and pick the ones you like the best!


Real Racing 2 HD



Real Racing 2 HD is an awesome racing game which provides you an ultimate racing experience on your iPad and iPad 2. It has fabulous visual effects which makes the experience even better. So take the steering wheel in your hands and race for the first position.  It is a must try game for every car enthusiast, and I am sure they would get addicted to this game.

Monday, June 18, 2012

5 Best Weather Apps for Mac

Mac boasts a weather widget itself which is quite nice. But if you something more sophisticated, accurate and feature-rich then you can try some other weather apps available out there for Mac. Many weather apps are present out there, but finding the best ones is not an easy task. So today we have a list of 5 Best Weather Apps for Mac. This list includes different types of apps like minimalistic menu bar apps, or apps with amazing animations etc. Check them out and pick the one that you like the best.

Menu Weather

Price: Free / $1.99
Compatible with: Mac OS X 10.6.6 or later



This app also only runs in the menu bar. Its Lite version is amazing and once you get it you would not need any other weather app or even its paid version. You can use any of the themes available which allow you to use various types of icons, and it shows all the important information.