Skip navigation

Chief Security Officer’s Tool Kit (Small to Large Jobs)

This article will be the first of my old routine in blogging. I will be talking about a “Chief Security Officer’s Tool Kit (Small to Large Jobs) ”. This will entail what a Chief Security Officer should do for what condition kind of a do’s and don’t idea. Some of it may be to lamens terms in the “Home User” section.

Home user

Home users usually need less security tools like a UTM (Unified Threat Management) Tool but you can give them many tools on the market to keep them safe and a few basic precautions and things to look out for when being online.

Recommended Tool’s to Fix or Help User

Anti-virus – (recommended) Avira Anti-Virus Suite great free tool and they offer tools with more features for a small amount. They offer many products ranging from mail, web, Sharepoint, Anti-Spam, 3 types of web proxy’s, Exchange, they offer many server solutions and even for your mobile, and bundles and free stand alone tools as well. They offer products for windows and linux but I could not find the linux one. Downsides of the free product is you get a pop-up every time you boot to advertise their products. –

This tool is one of the best FREE anti-virus tools out there. They also offer many products for Linux, AntiSpam, AntiVir Exchange, Portalserver, Proxy’s and more.

Spybot Search & Destroy Anti-Spyware tool with great host file update tool called “Immunize”. For more on your host file or more tools check my article at Your Host-File Can be your Best Friend if in Use!!!

SUPERAntiSpyware Anti-Spyware tool that has great memory features. –

Secunia – This tool is for finding any application in its database and will find if that application has a flaw know to the public and if a fix is available. This will also work on the operating system also. –

Ccleaner – This tool is a tool will help you to remove temp files. This tool makes it very easy to find and remove many locations in the OS. This tool has many ways to remove files. They have algorithms like simple (one wipe), DOD 5220.22-M (3 pass), NSA (7 pass) and Gutmann (35 pass). They also have a reg cleaner. –

TrueCrypt – This tool is a great encryption tool that has many tools and features with in the application. –

PC Tools Firewall Plus – (recommended) –


Combodo – This tool did not give me a good experience but it was annoying. It is rated among the world as one of the best firewalls and it did do that. Has a great sandbox feature but if anything in the sandbox can’t be saved on the OS that I found and not that user friendly. –

Sandboxie – This tool is one of the best tools I ever found. This tool helps you run any application, any except it self in a sandbox. It will let you know if you are in a sandbox by putting a # on the top of the application. This tool will not save you from exploits I don’t think did not test yet. It will stop all files from the OS. This will tell you if a file wants to access the OS and make it a little to easy to bring it to the OS. –


Avast! – I found out about Avast! Process Visualization (avast! Sandbox) it seems like a good technology and threat detection. I did not use it. I would not recommend it as a first try. I found that Avast! Signatures are not as advanced and up-to-date. (my tests don’t give me hate mail) –

For more tools you can see my older article at The Guide to Locking Down a PC

or my article to test your computers security at Test Your Computers Security!. I also have an article to add entry’s to your Host File at

Your Host-File Can be your Best Friend if in Use!!!.


1. Log on web sites and trust the site (If you don’t trust the site do research on the site see if they are a legit site from what they offer), look again (URL is it the site or has been changed, look letters can be changed E can be a 3 or a 8 can be a B or a 5 can be an S, letters or numbers or special characters can be added to your site name), and SSL (TLS).

2.Passwords on websites turn to long pass phrases. You can use a tool witch is my favourite like “Last Pass”. This tool organizes all your passwords in a web style interface in your browser with many security features to keep your information safe. It also encourages long pass phrases like I said will allow you to store long gibberish strings of information that will not be susceptible to dictionary attacks and to brute force a long set of characters, numbers and special characters together will take hours with a cluster of machines all trying to guess it online and will put up many red flags on the account on the website, and still will take many days or years, and if you change the pass phrase when they finish they have to start all over. So lesson here lone pass phrases not in an easy location, only you can access. That encrypts your data so no one can see it like “Last Pass”. Don’t use same passwords for sites, keep your passwords at least 5-10 characters long.

3.If you find a machine is compromised by a virus or unauthorized access to the machine, format (new install of the operating system) but first backup all your important data to a media like a read only media, CD or DVD will work. I don’t care if you can remove any infection, if I created a virus I would always have a backup plan, i.e. Backdoor to the machine (exploit not patched, backup of virus, different strain of virus in different location,registry key, fuzzed application, persistent backdoor like a process etc…). I always say “Any infection is still an infection”. This still goes for if someone gains your credentials to a website change it as soon as you can.

First limited user always. Unless needed for maintenance for that session. Don’t click links, copy URL also don’t open e-mail that looks odd and also never open attachments from people unless you have contacted the person conforming that they did send it to you.

To tell customer what to look for

    1. Look for the https:// in front the sites name if the http:// has no s, put one there and refresh the page. This will make sure that the site you trust will establish a secure connection to the site if not don’t trust the site (sorry but if any one in between the connection can see the traffic I don’t trust the site). Check for a certificate for the site. Usually a lock in the URL, bottom of page in bottom left of the screen. If you can establish a https:// connection and can’t see the certificate. You might have a mixed connection or the connection is forward to a http:// connection on the server side. But still I think if you really need to get on the site and does not have a certificate use a tool like “Wireshark” and it is located at . It can monitor your connection to see if the certificate is established.
    2. Tell the customer about tools like “Last Pass” and tell them how convenient, secure like the features about the service and it can be found at I also found a talk about the product in great detail on how it works, and the features, security found at “Steve Gibson’s” Podcast called “Security Now” located at Episode # 256 Called “Last Pass” or a transcript of the show at

    3. Tell the customer if their machine is compromised what happened that how they passed the defences like an exploit in easy terms like a link, program, email, web exploit, etc… Describe what can happen if not removed like they will have full control of their computer and any activity and passwords can be monitored. Even If you can remove an automated tool like a virus I still say the machine is not 100% secure there was still an exploit that they used to gain control of their machine and if you were a malicious person that wants control of a person’s machine would you add a backdoor if someone found your tool? I would so the only way to be 100% is to format their machine and re-flash their BIOS. New rootkits will look at what version of your motherboard, BIOS and will fuzz it to add a backdoor. This is very uncommon but still in the wild.

Extra Information

You can also add a frozen state of the machine like Windows Steady State found at

This may have many tech Support Calls because it takes a snapshot of a system and freazes it so any changes made after the change will not be saved. You can set locations to allow saves and also easy account lock downs.


You can also tell them to receive a router that has Network Address Translation (NAT) even if they have only one computer. Also with a Demilitarized Zone (DMZ)This will prevent direct attack if targeted by an attacker on the outer layer of the network. Also have static IP addresses assigned and have a white list to only allow the present computers on the network that are trusted and block all others.

Talking about routers, you have to see if your router may be vulnerable to attack. Remember that it is still an embedded device and the firmware may be at fault or the user name or password may be to easy to brute force or may be defaulted. Also check if UPnP may be enabled and do not allow it to be allowed. If so a UPnP software/hardware on the network may ask the router to allow ports and services to enable without any credentials used or logged.


Next change the default DNS settings to a trusted DNS service like OpenDNS found at and set it up in the router. This will give you a performance and security gain by using a powerful DNS service with many filters to stop bad sites on your network or for parental control. Also OpenDNS offers a great filter service and has a great blacklist of bad sites. It also has a prevention tool to prevent DNS Rebinding attacks.

Small Business

Most information I said in the Home user will be relevant here.

A small business should have a UTM (Unified Threat Management) solution like the Astaro Security Gateway. They should also look at a type of patch management solution. They also should be PCI Compliant. Like the home user they should have end-point security like a anti-virus solution like some of the tools I said in the “Home User” section. They should have a software firewall and look into a hardware firewall/UTM/ Content Filter. Check if any servers are active and up-to-date.

If they have a web server that is web facing they should move it to a separate network within their network. They should do the 3-way network, 2 routers minimum needed and a switch, the switch will be public facing out side the routers connecting to it will be one router will be the network and one will be the web server. They will isolate the server so if any server attack to the web server will not allow the infection out of that part of the network. Only if their is some communication to the other network that is persistent on that network to the other. This might still be obtained but will be harder to jump onto the other range.

If a domain controller, you should put stringent policy’s. First limited user always. Unless needed for maintenance for that session. Next, you should look for a way to look at logs in an easy fashion. You should also allow an ip filter tool like PeerBlock (Windows only) found at . This tool will allow you to monitor ip addresses and ranges that are malicious or you don’t want on your network.

Lock down your shares (SMB) and make sure you have no anonymous access is allowed. Also make sure the access of the shares only are allowed to what hey need. Try to insure no execution off applications on the share. Make sure your logs are being monitored.

Also check if if you have any FTP servers are used if so make sure they don’t have a bad password that can be brute forced. Also if you do use FTP at all make sure you have a SSH tunnel you traffic through so your credentials are not seen in clear text. Also make sure your SSH server does not have the same credentials and good password not to be brute forced. Lastly on the SSH Server make sure you give it an encrypted key that is known to the user and make the SSH user a non admin to minimize risk. To make it easy for the user to use this implementation you can use tools like WinSCP found at . For more information look at and also If you want to find a SSH client on windows you can use Putty found at they also have a key generator called PuTTYgen and a key storage application called Pageant.

Medium Business

Lack of information! Will do more research.

Large Enterprise

Lack of information! Will do more research.


This will be made when the article is done.

Jailbroken Device, the Security Problem and the Freedom

The issues these days we have with mobile devices. We want more freedom with our device. We think after you buy it you can do what ever you want to it, wrong! The manufacturers want to protect you from some security issues. If you “Jail Brake” a device you are using an exploit to gain a foot hold within your system. The goal then is to gain full root access, then you can enable software that was banned because of an issue. If the manufacturers usually have an application store to sell or distribute application’s. They are just trying to protect their users or their image, if they put an adult content application it may look badly on the company as an example. I like the idea of free and open applications but I want security also. If you “Jail Brake” a device you may void your warranty and may loose service from the manufacturer. Just like if you “Jail Brake” an iPhone/iPod Touch from a service like they will look at the version and will try to exploit the latest flaw with that version. Issues you will have a flaw on your device and if you patch it you will un-jail brake your device. So it comes down to do you want a more custom device with unauthorized applications and a device that will have a flaw you can not patch and loss of warranty possibly? Websites like this may also leverage them selves in your device, also anyone can try to exploit your device if they so choose It comes down to security over freedom.

Pentesters Thought of Attack!

(This was created on 19 August 2010)

The Following article is for educational use ONLY!!!!! Any use for illegal use or use on a computer/network/website/ service/ application (program, code, Operating System) or any other that is not mentioned. The owner of the article takes no responsibility for use of this information such as tools, attacks or terminology used. Like I said The Following article is for educational use ONLY!!!!!

This article is about how basic pentesters/White Hat Hacker’s /Black Hat Hacker’s try to gain control of a computer/network. This article is basic terminology and ways to gain control. I will not show you how to use them but I will not give examples of of the tools used by pentesters for the reason that people may miss use, I will give tools that will help you protect you from some of these attacks. Some information in this article might be redundant to higher computer savvy people or people in the computer security field. This is for anyone to try to understand many types of attack and how pentesters gain access to a system/network.

I will have an article to help CSO’s to get an idea on how to protect with tools, services, needs, knowledge for the users of the environment for all enterprises from home based to large enterprises. I will add after it is finished. You can also look at my other articles that have many ways to protect users in many ways.

Please enjoy my talk’s.

Basic Terminology

Target – The machine/network/subnet/website/database, etc… the attacker is looking for.

Physical Access – This is when the attacker will have access in the location near the target.

Remote Access – This is when the attacker will not have access in a location not near the target.

Vulnerability – This is a flaw in a system that can be exploited for a purpose of gaining access.

Exploit – This is a way of gaining access of a system through a flaw.

Client Side Exploit – A way of gaining access of a system usually by social engineering, they convince you to click on a link/click a button/ go to a web site/ open a file. They evoke possibility of java script if a web site is the means of this attack to evoke an exploit to send info to the server that was not meant or open a connection to the server to gain access of your system.

Server Side Exploit – A way of gaining access of a system usually by a server application on a web page using an auxiliary scanner to scan your system for a flaw to gain access.

Scanner – A tool looking for something example a port scanner, vulnerability scanner or a network mapping scanner.

Module – This is an add-on to something like a tool, usually a scanner.

Payload – This is what the attacker will you to do after they exploit a system they will send information that identifies the source and destination of the material. The payload is the actual data sent after the exploit is used.

Trigger – What is used to exploit a system by the user or the attacker.

Injection – This can be used to inject the payload into thew system. Usually

Pivoting – Moving from one machine/network/subnet or IP range to another.

Spoof – This is when an attacker will mask their IP address to seem to be someone else a proxy is an example.

Honey Pot – This is usually a sand-boxed application that will have a intentional flaw to lour a automated pentest tool or hacker to monitor their activity to better protect a system or network.

Shellcode – This is a piece of code that used as the payload in the exploitation of a software vulnerability.

Types Of Attack

Social Engineering – This is when the attacker convinces you/someone that there someone that they are not and will try to get information or credentials to get a foot hold on their target.

Session Hijacking – This is when an attacker will impersonate your/someone’s credentials to gain information or access. This is used on systems via tokens or user names and passwords or another vector is websites via cookies on peoples computers or an attack prior to gain this attack as a payload.

Network Mapping – This is where the attacker will try to scan the network for operating systems,services, servers, applications, ARP Sniffing, looking for machines, IP ranges, subnets, etc… they will try to find even more information to gain a better foot hold after they had gained access from a source to get into the network. This type of attack is also used to gain access from the outer perimeter.

Fuzzing – Common way to use Fuzzing is on an application. They will first inject an exploit and a payload into an application that will look trusted. Next they usually try to use “Social Engineering” to get you/someone to open the application, this will result into an application running that was intended to crash and then they can now inject the payload and gain full access most of the time of the system. This process is usually all automated.

Vulnerability Scanning – This is done by an attacker will use “Network Mapping” and “Scanner’s” to “Pivot” from one machine/network to another to see if any exploits are known to the application. Many applications that do this incorporate into “Pentesting” applications to give the attacker a better understanding of the network and how to gain access.

0Day/Zero Day – This is an attack that is not disclosed to the vendor of the product or the public. If someone has been compromised by a “0Day” this means that know one has a fix yet and a new way of attack.

SQL Injection – This attack is used on databases via injecting maliciously crafted SQL responses and scripts that should not access the database to try to gain access to the machine.

Brute Force – This will try to find out a password of a user (website, local, etc…) this is a type of ”Password Cracking” and can take many hours to accomplish if the person has a long password with multiple special characters. This attack is highly noticeable if you attack on a website because you cause many password attempts and possibility of lock out and high traffic to one account.

Dictionary Attack – This attack is when you get a text file full of dictionary words and common passwords and try them on a target. If the password is not in the dictionary then it will fail but it is faster then a “Brute Force” attack.

Password Cracking – This is a attack where the goal is to gain the targets password. You can gain it by trying to receive an md5 hash or the password then cracking it via rainbow tables. You can also “Brute Force” and also “Dictionary attack”.

DNS Poisoning – This is usually done if the attacker has “physical access” to the network. If done any URL in the browser can be “spoofed”. This website domain looks right but the server is at another IP address.

ARP Poisoning – This is usually done if the attacker has “physical access” to the network. The attacker will insert them self in between the router and the clients to trick everyone on the network to pass all the traffic through them. If done the attacker can see/change any data they want to on both sides of the conversation. If you have the connection encrypted with at least a 125 -bit connection preferbily AES encryption you should be safe but never fully trust your connection. It can still be decrypted, all they need is time.

Wardriving – This attack is when an attacker will be close to an encrypted access point and capture the encrypted packets. They will then try to decrypt them at a later time to try to gain the key then they will have access to the network. This is also on open access points they just need to establish a connection to the access point and join the network.

Types of Exploits

Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root.

Privilege-confusion bugs – such as: Cross-site request forgery in web applications, Clickjacking, FTP bounce attack, Privilege escalation.

Unauthorized Data Access – It refers to when someone/something has access to a location that was not intended or not wanted.

Denial-of-Service attack (DoS attack)– This can also be know distributed denial-of-service attack (DDoS attack) this attack will ask a server for information from multiple sources at the same time, this will result in to much allocated memory and server will crash to the amount of traffic. This will result in a shutdown, or reboot, or total system crash, services corrupted or crashed, you may have many issues if this attack is done on your system.

Application Exploitation/Flaws

Arbitrary Code Execution – It is used to execute any commands of an attacker’s choice on a target machine or a process. This is a bug in software that gives an attacker a way to execute arbitrary code.

Buffer Overflow – This is also know as a buffer overrun, this is where writing data to a buffer in a computer program, overruns the buffer’s boundary and overwrites adjacent memory. This may result in rouge program behaviour, this may include, incorrect results, memory access errors, program termination, or a breach of system security.

Code Injection – It is the exploitation of a bug in a system that is caused by processing invalid data. Code injection can be used by an attacker to inject code into a computer program to change the course of execution.

Heap Spraying – This is when an attacker will use arbitrary code execution or attempts to put a sequence of bytes located in the memory to target allocated large blocks filled with the right values to try to crash the application as fast as possible to try and gain a foot hold in the system and have possible privilege evaluation.

Web Exploitation (client-side)
Cross-site scripting – XSS, an acronym for cross-site scripting, it is a type of computer security vulnerability it is typically found in web applications. That enables malicious attackers to inject client-side script into web sites viewed by other users. The attacker can bypass access controls such as the same origin policy. If so they can gain a privilege-escalation and will have more access to the web server or application server.

HTTP header injection – This is a general class of web application vulnerability. When HTTP headers are dynamically generated based on user input. HTTP responses can allow “HTTP response splitting” and “cross-site scripting”. This is a new type of web-based attacks.

HTTP Request Smuggling – also known as HRS is a result of a device failure to stop deformed inbound HTTP requests.

Web Exploitation (server-side)

DNS Rebinding – In this attack, code embedded in a compromised or malicious web page alters the way a web browser user side and confuse a DNS system. The attack may be used by invoking typically JavaScript, Java or Flash. DNS rebinding can increase the ability of JavaScript-based malware to infiltrate private networks. It can also be used to harness many users’ browsers to make many requests on the attacker’s behalf for the purpose of data scraping or DDoS attacks. It can also be used to attack private routers and use default user names and passwords in their database to try to gain access to your network. If they do gain access they can do anything they want (ARP poisoning, network mapping or possible infiltrate systems).

Clickjacking -This is a way that an attacker can try and trick the user into revealing confidential information or taking control over a system wile clicking on a web page. This is vulnerable to many browsers and operating systems. It can take form of embedded code or a script that can execute without any user’s knowledge. They can use a link, button that will preform another function or now even two buttons, if the user clicks one they are also clicking the other. The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008. The exploit is also known as UI redressing.

CSRF – (Cross-site request forgery) as known as a one-click attack or session riding (“sea-surf”) or XSRF. This type of malicious exploit of a website is done by having the user trust a site that they will brows to and will exploit them. This can be done by having the attacker do some Cross-site scripting, pentesting, or any exploitation to gain access of the website that they want access. Then they will use this attack to embed maliciously crafted code or a script on a website. When the user accesses the site they will be exploited. The attacker can also own the site to exploit the user with this attack.

Types of Hackers (Hats)

Black Hat – It refers to a hacker that breaks into networks or computers systems. They will not notify on any findings on flaws on systems and will exploit it for their benefit.

Gray Hat – They may notify on any findings on flaws on systems and might exploit it for their benefit. Most times they will notify a network or computer system but later that day/week/month will disclose it to the world or the internet.

White Hat – It refers to an penetration tester or ethical hacker who’s main goal is on securing and protecting systems. They will notify on any findings on flaws on systems and will not exploit it for their benefit.

Red Hat – It refers to a type of hacker who try’s to find or change the UNIX/Linux platform and usually open source software to make it better.

Tools for Protection

NoScript – This is a plug-in found at and works with Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash, Silverlight, Cross-site scripting POST requests into data-less GET requests (Anti-XSS protection),Quicktime clips, PDF documents, FRAME’s, IFRAME’s,Block JAR remote resources being loaded as documents,JAR document blocking Exceptions, HTTPS enforcement, Clickjacking protection,Application Boundaries Enforcer (ABE) and more.


Ok, now you know that there is many types of attacks of a system/server/network, but we still need to fix the flaws in software if so then most of these attacks will be no more. I say keep your software patched and think twice before you click a link or open a file or go to a site be cautious. There are many ways to save a system also just have a firewall, av-software, and stay up-to-date. There is many more ways to keep safe but I will fill in the rest in my next article. If you have nay questions just leave a comment.

Automated Infection

Some people think someone will create some virus and it will be a program that looks for systems/network’s to infect. This is semi-true, a virus is a application but it still needs some form of attack and needs a payload after a successful attack. The only reason a virus is created and used is for doing work to try an infiltrate a system easier. But, there are many holes in applications and also viruses such as many have the same signatures that will be detected by anti-virus vendors and security research facility. Viruses are becoming more difficult to remove and detect. There are many ways to try an stop an infection or a pentester if you asked one to do a test on your network. A virus these days are very deceiving. If you remove one via anti virus or manual methods, this will not be 100% effective. You should think how did it get in? There is always some type of exploit that must of happened on your system to give them the upper hand on getting on your system. Also if you remove one there will be a backdoor made most of the time by the virus or the attacker. It could be in the registry, process, another application, another exploit, fuzzed another application (uncommon but still in the wild). There are to many vectors of attack so I say an infection is an infection. You should do a format on any condition. Do many scans on your data with many trusted products in the anti-virus market on a trusted machine before you return it to your newly formatted machine. Also viruses these days most of the time will attack other computers on your network to heighten the infection. If you have an infection do multiple scans and use a trusted security support technician that you trust on your hole network.

Rechecked all links on the 19 August 2010


Exploit (Computer_Security)

Vulnerability (Computing)

Physical Access

Remote Access



Client-Side Exploit

Server-Side Exploit








Honey Pot


Types Of Attack

Social Engineering

Session Hijacking

Network Mapping


Vulnerability Scanning

0Day/Zero Day

SQL Injection

Brute Force

Dictionary Attack

Password Cracking

DNS Poisoning

ARP Poisoning


Types of Exploits

Privilege-confusion bugs

Unauthorized Data Access

Denial-of-Service attack (DoS attack),,sid92_gci213591,00.html

Application Exploitation/Flaws

Arbitrary Code Execution

Buffer Overflow,,sid14_gci549024,00.html

Code Injection

Heap Spraying

Web Exploitation (client-side)

Cross-site scripting (XSS)

HTTP header injection

HTTP Request Smuggling

Web Exploitation (server-side)

DNS Rebinding


CSRF (Cross-site request forgery)

Black Hat

Gray Hat,,sid14_gci555449,00.html

White Hat

Red Hat

Extra Information

The Cloud…Does it Matter?

Ok, First I want to say people are over exaggerating on the idea of the cloud and its technology. My definition of the cloud is as follows.

“The Cloud and its technology behind it is a very simple definition but complex network of machines, this can be software as a service to the user in a web site GUI or even just a file transfer service. If you have a network of machines in one location or multiple and with one interface for its users, that can be a cloud interface. Its just a service. It can be used via application on your desktop to any protocol or service type. The main way to access the cloud is via a web GUI.”

That is my definition of the cloud. I do not know why people are in a big storm of is the cloud safe? How secure are their network? What compliance do they have on their servers? The list goes on. Ok, it is as safe as going to any site was before but now they have a bigger infrastructure. I think you should never rely totally on the cloud for your data or especially personal or important. Their were many cases when people lost their privacy, data and more to the cloud. I think it is a good alternative backup solution to store your photos or stuff but make sure its in some encrypted rapper. Also make sure you keep to the 3 step backup solution when you are backing up data. Step 1: Keep one on a portable media device preferably a DVD and make new backups of old data every few years just in case it gets damaged, stolen. Step 2: Keep one local for editing prosperous, and a good place if your backup on a media is loosed, damage or stolen. Step 3: You should use the cloud, make sure you have control of the key, encrypt you data then send it to the cloud service that you trust and is known like Carbonite found at you listen to any of shows you may get a discount.

So, I think that they should have a normal audit every few months that will do a vulnerability assessment and even better a pen tester to tell you if he/she could get in and how to fix it. They should have tools to monitor traffic on their servers and any unauthorized access should result in termination on access, logged and contact the authorities if necessary.

Dear World!!!

Hi again. I know I did not update the blog in over 8 months ago but I was busy. I had family issues and still but I still enjoy security. I will give more information on my blog if people give back!!! I need help with a few of my ideas and none have been done…well my big ones that me and my friend have. Him and I are enthusiasts and bad coders. I have a few batch scripts that link here and no download…My bad. All are on

sorry for the loop back if you came from

already well me and my friend have an idea that needs help with a back-end MySQL server with many parts and or Ruby On Rails with a nice GUI. Also a OS hack idea and lastly a game me and a few friends want to create (first person shooter (campaign and online)) We need all back grounds have the ideas but stuck with the creative aspect of coding.

I will release a semi chart I don’t know yet but I will put some fundamentals of how people get in your system / server/ network. Also some tools to stop it and see if your  system / server/ network is or can be venerable to these kind of exploits.

Well talk to you all soon and if you want to contact me leave it in the coments/

Keep safe in the battle field of the web.

I made some batch scripts to make peoples life easier (Windows Only) Sorry. You can find them at

Restart Browser(s): This can be used to restart a browser if it crashes or frezes and can’t close (IE, Firefox Works Have Not Fully Tested Rest).

scan HDD: This is used to Maintain any Hard Drive attached to a PC also used to recover sectors. (chkdsk /R)

Start Windows services: This is used to start some services such as Command Prompt also Task Manager…etc. Also some tools for command prompt such as ipconfig and more.

Hi, This is more of a question then an blog post. I have a tool I am making to download security tools from the web and I am not much of a programmer. I used the idea from SDFix security tool kit how they update their tools and failed it said file destination not found please help. Go to

Any articals to places to learn to program would be great I would like to learn to program in assembly and C also I would like to learn to program bash scripts for UNIX baced systems and batch scripts for windows. All help is great!!!!!!!!!:)

Many people want to know if their security can be compromised so they wait to see if their method of security works. People need tools to test it not just wait to see if you get a virus and your virus scanner will detect it. Remember, rootkits are getting more and more clever they latch on to the OS in many different parts (Kernel, system folders, etc…)  and many virus scanners will not detect them. You have to use tools such as “Gmer” Found on or other tools. One day I found an article where it shows links to sites that will test certain aspects of security. I can’t find the link to the page so sorry to the creator of the article .


Test Your Computers Security!

I thought I’d put together a few ways of testing your systems security setup. These are not virus or malware scanners but various ways of testing your current security software.

Virus Test

The Eicar Virus is a harmless virus that contains a string of characters that will be recognised by all Anti-Virus or Anti-Malware vendors. By downloading it your a/v should detect it and attempt to quarantine it. It can be downloaded in various formats (.txt, .zip) and is available here:

The file will test that your antivirus is functioning properly.

Trojan simulator is similar but installs a process and a registry autostart entry that your av package should detect:

Trojan Simulator

Firewall Testing


A firewall should be able to block incoming attacks from trojans or hackers. To test this ability it is good to see which ports are hidden on your computer or “stealthed”.

A good website to test your stealthed ports is GRC Shields Up! Follow the link below then click on shields up and follow the simple instructions.

GRC Shields UP!

For a firewall to be effective it needs to stop malware from contacting the internet. Malware may connect to upload stolen info, download more malicious software or serve you adverts.


To test whether your firewall will allow leaks in different ways you can use the software from Comodo on this page:

Firewall leak testing tools from Comodo

This software when run will try and communicate with the internet in various sneaky ways to try and bypass your firewall. A good firewall should stop these methods. Don’t let your A/V block the file, as it may be detected as a potentially unwanted program but isn’t a virus.

Popups, as well as being really annoying can serve you malware. To test your Browsers Popup stopping ability then try these links:

Popup Stopper Test

Online Popup Blocker Tests

Online Phishing Sites Testing

PhishTank has a list of recently submitted phishes (website forgeries designed to scam in some way).  The confidently brave or secure can check out these by surfing to these links…  But be wary of clicking on these sites as they can often serve viruses. If a phish is detected then your security software’s phishing protection should warn you. Firefox and Internet Explorer in built phishing filters should also provide protection or warnings.

Conficker Test

To test whether you have the conficker worm, this website will load an image from some of the websites that the conficker worm attempts to block. The site explains itself better than I can but essentially if you are missing the images you could be infected.

Conficker Eye Chart

Browser Security Testing

Browsers have various security issues and to test your browser then surf here:

Browser Security Test

You may only have vulnerabilities if you are not running the latest version of your browser.

Test Your Email Spam Filter

This website will send you a number of emails designed to test your email software’s spam filtering abilities in a variety of ways:

Your Host-File Can be your Best Friend if in Use!!!

Many tools can be used to update your host-file such as “Spybot Search & Destroy” with its “Immunize” feature. This tool in “Spybot Search & Destroy” will add rouge sites any will put them in your host file so you will not be able to go to them. Many tools try to keep them up-to-date but spybot is not a filter system but it helps. I made a list of some tools to update your Host-file and where to get them.

Most links came from the link below!!!


The HOSTS File installer for Windows








The HOSTS File for Windows/Linux.








The HOSTS File for Windows/Linux (please only use this if you experience problems with the above 2 packages).







The HOSTS File for Windows/Linux, optimized by HostsMan 4 for those that need or want, to keep the DNS Client enabled and running.







The HOSTS File for the MAC OS








This file contains ad/tracking servers in the hpHosts database. This should ONLY be downloaded by those wanting to block ad/tracking servers and nothing else, and requires manual merging.


This file contains a list of site’s that have been added AFTER the last full release of hpHosts. This should ONLY be downloaded by those currently using hpHosts, and requires manual merging.


This file contains a list of hostnames removed from hpHosts since 04/02/2009 for whatever reason (usually because they failed the resolution process).


Optional addition containing the Yahoo servers for those that wish to block them.



Restore Windows default HOSTS file


Batch files to enable/disable Windows DNS Client


Append to Hosts VBS Script v1.7 for appending your entries to the HOSTS File.

This script is UNSUPPORTED.


hpGuru’s HOSTS Diagnostic Utility.


Hosts Bypass is a Proxomitron filter which allows users to visit sites blocked by their hosts file without the need to remove them after each and every hosts update.


A small and useful utility for managing the HOSTS file, with automatic updates and a built in server to enhance HOSTS file usage.

HostsMan support forums can be found here

Download via website


A small and useful utility for managing the HOSTS file, with automatic updates.

Funkytoad also provide a server (crippled or paid versions) to be used in conjunction with HostsXpert, called Homer.

Download via website


These are small tweaks for Homer, by, that improve the usage and experience of Homer.

Download via website (phttpd)

I want everyone to have security easier on their lives so I am adding a few more tools in one post so watch out for it and let everyone know. Also tell me in the comments if you want a tool added to I have the wrong term in any of my posts. P.S. This will be separate from my post called “The Guide to Locking Down a PC” because it has many tools already and two I had my local source of the file had been corrupted and tryed many recovery options so its gone, sorry about the boarder problem remember I used Microsoft Office Word at the time not Open Office. Joke 🙂

P.S.S Fallow me on twitter @tysonmax or go to for random links, storys, security news, and stuff in my life.

People are always caring about their privacy and security but I see people taking convince over security all the time. If more workout it then forget about it right…WRONG!!! If you go to They are starting a potition to “gathering petition signatures with the request to patch the privacy vulnerabilities of web different web browsers. This petition will be sent to the four major development companies – Mozilla Corp., Apple inc., Microsoft Corp. and Opera Software ASA. Join us for a safe and secure Internet!”.

The big thing I agree with on the site is for vendors of products that everyone uses should talk to the owners of the product and say like on the site. “WE ASK YOU TO RELEASE AN UPDATE OR PATCH FOR YOUR BROWSER THAT WILL REMOVE THE OPPORTUNITY TO OBTAIN THE INFORMATION ABOUT RECENTLY VISITED WEBSITES.” Also to add to stop security holes in the products of other kinds also. That is why I enjoy security!! 🙂

Hi, Everyone  my friend has a tech site that everyone should check out. It is security and also general tech and might be some more that I will not say. Check it out at

Site is ofline due to lack of readers and support. 😦

We hear all this talk about the worm called Conficker, also known as ZLOB, Downup, Downadup and Kido in the news latly. The worm is occuping approximately six percent of computers scanned by Panda Security are currently infected by the worm. In the news people are scared and it is like the blaster worm all over again. Well people found out their is a date ingrained in the worm that it is set to receve a set of instructions from the new programmer of the virus. This worm is exploiting the auto run feature in windows (all of it, Network shares, Pen drives, CD Drives, etc…). Also It has a warnning on Microsofts site at about the worm. Also I found a link that talks about it at and also on wikipedia at This worm finds a port that is open on your pc and gets in and or it uses vanribilities in programs to gain access. To advoid it is to turn auto run COMPLETLY OFF and keep programs upto date like Adobe readder, Windows etc… Windows has a security patch that semi fixes auto run but not really. It is only available in Vista and Server 2008. But I seen one for XP But I forget what it is called something like auto run patch, or something like that. Well I hope you scann your PC’s on April 1 2009, I know I will on my windows baced PC’s and friends/Family PC’s. Keep upto date and scan with everything you got. I give everyone the best of luck and keep safe online and off. Talk to you all next time!

More info and tools to try to remove it from Microsoft go to:

Or try this removal method

To Remove it try this (found at )

NOT RECOMMENDED TO USE:  SpyHunter* Spyware Detection Utility. Like They say on the site use my method in my post called

The Guide to Locking Down a PC

Stop Zlob Processes:
(Learn how to stop a process)

Unregister Zlob DLL Files:
(Learn how to do this)
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

Remove Zlob Registry Values:
(Learn how to delete a registry value)
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{634be415-da12-496b-b89e-329b73c4807f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{8329660f-e248-4872-98cc-fb9c4fec7ba8}
SOFTWARE\MICROSOFT\Windows \CURRENTVersion \POLICIES\EXPLORER\RUN\C:\Windows \System32\issrch.exe
SOFTWARE\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{2016a466-91a2-43c6-97d8-2fd380f065ef}

Find and Delete these Zlob Files:
(Learn how to do this)
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

Ok, first of all sorry about not posting for a wile but I am trying to build a sweet NAS and also changing all my PC’s in my network to Linux. (because it is better then Windows in many aspects). I don’t want any postings like “What is linux?”, because I will put some postings in a wile also I don’t want people saying “are you leaving windows to forget about the windows people that still need your help?” I will still help people not just in direct e-mail but in the comments also or on twitter but mostly on the blog. You can follow me on twitter @tysonmax or at My Email is (NO SPAM PLEASE!!!). So anyways I will talk more on my blog if more people link to it! Also I will talk more often I hope because I had many things going on. I will keep this blog upto date on viruses and security news as much as possible and many tips as I can please recomend me to frends and family, tech savy and not. Talk to you all soon!

In a recently aired episode of Security Now, episode # 163 GoogleUpdate & DNS Security. He talks about, in great detail about a type on DNS in some parts of the world ow being offered now. The DNS is more secure and every site is signed with keys. Only problem is that low performance and uses up to much bandwidth. Also this way is easyer to do an DDOS (Denial-of-service attack) This attack suts down a server or in this case a DNS.

“A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers.”

another quote from wikipedia for someone who wants mor detail on DNSSEC is ”

The Domain Name System Security Extensions (DNSSEC) are a suite of IETF specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers):

  • Origin authentication of DNS data
  • Data integrity
  • Authenticated denial of existence

It is widely believed that deploying DNSSEC is critically important for securing the Internet as a whole, but deployment has been hampered by the difficulty of:

  1. Devising a backward-compatible standard that can scale to the size of the Internet
  2. Preventing “zone enumeration” (see below) where desired
  3. Deploying DNSSEC implementations across a wide variety of DNS servers and resolvers (clients)
  4. Disagreement among key players over who should own the .com (etc) root keys
  5. Overcoming the perceived complexity of DNSSEC and DNSSEC deployment”

Steve talked about that the main domains have to all agree on this and implement it for it to work so they can be a party to sign a key, to confirm that site you are on is the site you want to be on not a fake site that has changed the url or infected you PC or even the DNS. So if all the party’s agree it will be confirmed that the site you are on is the one you want.

For more info on DNS if you don’t even know what a DNS is go to:

or read a small part of the site that might solve your answer.

“The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource participating in the Internet. It associates various information with domain names assigned to such participants. Most importantly, it translates humanly meaningful domain names to the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices world-wide.

An often used analogy to explain the Domain Name System is that it serves as the “phone book” for the Internet by translating human-friendly computer hostnames into IP addresses. For example, translates to”

Like I said the fallowing in “quotes” is from the site

For more info on DNSSEC go to the links I provided or go to:

Be safe, and secure on the web, with out it we wont have “E-bay” ( “Amazon” ( LOL :).

Welcome to your source of security for your computer. Every OS is welcome (Unix based, Linux, Windows and Mac) This blog will show you security holes in the OS browsers, programs and Now even worse privacy.