Verifying file integrity.

This post is all about the checksum, i have a read a lot about this topic in college days.Never had really hand experience how it can be used in daily life.

we download a lot of files from internet, copy files (movies ,songs .text and lot of other things) from friends place to our pen drive.Sometimes it may happen that , the file hasn't copied/downloaded properly :( .We realize this thing when we try to use the copied/downloaded content .
This is where our checksum comes into picture.Just to verify that the files are copied correctly Just use the "sum" Command in linux.
Just as an example:

Remote Host:
------------
$ sum vlc0.8.5test3win32.exe
20311 8132

After copying to pendrive or something.
---------------------------------------
[bash$pradeep@localhost]sum vlc0.8.5test3win32.exe
20311 8132

When you download a file , the checksum apart from verifying the file integrity helps us make sure that , the file we downloaded is not tampered by middle man.And it is virus free.

You can see many sites ,that provide some material to download has MD5/SHA1 signatures for the content they have kept for download.You can use this and verify that the piece of downloaded content is same as what is kept on the site and it is virus free.Sometimes it happens that , even though the content you downloaded works fine.But it is infected with virus.

This tool is very useful ("sum") to me in office .Very often i provide patches of our product to people .And provide them them the sum command output, to check whether the patch they had downloaded is fine. So that they wont come to me again saying , your patch is not proper . :)

All about autorun.inf

It is been long i thought of blogging about this topic, finally i am able to do this now.

What is this ?

I guess very few might have knowledge about this file, this is the file you most often see in the cd's(compact disc) home directory.You might have seen, when you insert cd into the drive , it gets auto started with some program,or it will open some default file , basically some sort of task is performed when cd is inserted.You might have wondered how this happened.Its all the magic of this autorun.inf file.

This is a some sort of script file ,which tells windows what to do upon the opening of folder in which it is located.which is type of initialization file ,which tells what actions to perform when the folder is opened.

We can do lot of things with it.You can make the windows set some background , when folder opens , and many more.This windows oses feature has made the viruses a way to spread themselves .Most often it is used by viruses ;).

Sometimes you might have seen , you try to open a drive/folder.It fails to
open.Its because of this autorun.inf.

How to locate and remove it ?
This file is always hidden in the folder.you can see this file in the root
folder of usb stick.You can use Dir /a to find that file from command line.Viruses make an entry in it , to run when the folder is opened.Just open that file from command line and see some malicious code has made an entry in it.If so you can safely delete this file.

Security flaw in delicious.

   I have a delicious account, i had kept auto login feature for it on my office computer.But when i tried to access my delicious account from my home desktop,then i realized that i had forgotten my password.So i thought of changing its password by going to link, i forgot my password, which will send the mail to my email account which i had registered while signing up.
   Its has been long time since i created my delicious account , the email id that i gave was too older one and i use it no more , hence i don't remember the password for it also!!!.Then i got perplexed how to change my password.just browsing through the delicious site, i went to settings of my account(from office computer where it is logged in already).I got shocked when i saw, i can change the email id which i used for registration without prompting for old password.I just changed that email id to my currently using email id.After that i went to forgot password link and gave my account id, which sent a mail to my current id from there i changed mypassword!!!
   It means if we login to our delicious account and left without logging off , then some one can easily change our password.!!!without knowing our old password,which can done by just changing the registered id.

How to browse the web in an efficient way

When i first got my internet connection at mysore, i was jubilant,browsed the web day and night ,after sometime i gone through the phase where exactly i didn't knew what to browse.Then i started thinking how to filter out of informative and interesting thing on the web.I got this idea after many days of browsing.

Each one browses web daily and ends some information in his kitty..To make a note of the all the vital things that he came across ,either he makes a bookmark locally or do it online on sites such as "Del.ic.ious","Google bookmarks".

If he gets some idea out of the things he browsed .He will write a blog entry.
If it is an important news , he diggs it in digg.com.

Your brain might already started thinking , how these all above things helps me to browse web effecient way.The answer to this is feeds and feedreader .We have now feeds available for all of the sites including the bookmarks,blogs and diggs of some one.All just i have to do is to "Subscribe to feeds" of the bookamarks,diggs and blogs of the person you know well in browsing in good things.From his network you can pick some other names.Just make the feed entries of all these things in your feedreaders -GoogleReader or other feed reader softwares.

By just going through the popular bookmarks on each of the famous bookmarking sites(delicious) or just subscribing for the feed, we get lot of useful and interesting information to digest.
Eg. Delicious http://del.icio.us/popular/
http://digg.com/all

At the end of day that's how i get some fruity stuff to browse.
This is what i follow to filter interesting and informative information on the web.
This is what i call lazy and effecient browsing ;)

Screen Saver - the screen life saver

Allmost all of them who use computer are well versed with the term "screen saver",butonly few might have tried to unearth its origin.what ever may be the case, let me explain laconic history about the origin of word "screen saver".

In earlier times when people used to keep the computer idle for long time, the contents of screen used to be same - same pixels form the screen contents.Implies the same set of electron beam strikes the screen for long duration,as a result monitor got damaged soon and its life got reduced.

Thats the point of time ,the smart people came into act ,found a new concept and coined it as "screen saver" . The "screen saver" continoulsy changes the contents of the screen(main logic), hence the pixels projected on the screen, preventing the damage of the screen and ameliorating the life of the monitor.Thus how the origin of the word "screen saver", came into existence.

Password Conundrum

I have many email accounts ,and login accouts on many servers on which i work.I often get obfuscated with passwords of different accounts .Off course you might suggest to keep the same password, but the problem is if one gets hacked then problem surmounts.

After trying various methods, finally i came up with answers to two important questions.First is method of generating secure password and second is how to manage passwords of many accounts.

To generate good password,one method i follow is, first take some sentence of english that you like, say "Google is the mother of all search engines".Pick the first,last or any letter from each word in a sentence.I pick here the first letter of each word.Then append each letter,that will generate a highly secure and easy to remember passwords.The password for the above case becomes becomes "gitmoase".Voila!! see how easily ,cryptic and easily rememberable password can be generated.
Lets come to second case,generate the passwords for other accounts using the password generated in earlier case i,e "gitmoase" as template.Lets say you have created the account for Rediff account, you can keep it as "gitRmoase" ,insert the first letter of the site name "Rediff.com" as fourth letter of the password of that site,you can pick any letter and put at any place as your convenience.For yahoo keep it as "gitYmoase"("Yahoo.com) and so on.

Dont try to break my passwords using the same ;)

Peek into system registry

In earlier version of windows , Each program used to have .ini files known as initialization files(such as Dektop.ini).Which contains the initialization parameters for the programs.As no of programs increased in the system.Microsoft adapted new technique of using the registry (database).
Registry is a database for all the programs.Where each program stores its info.Apart from that windows uses it for other purpose,such as which programs to start at startup ,and user specfic info and others.
Registry is the most vulnerable thing in windows.All viruses and trojan uses the power of this to spread and infect the systems..
Lets elucdiate it by some examples.
The entry :
a)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
If you make entry of the any program here , it will start up when windows starts.

b)HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
If you make the entry of your program name here,Your program will execute each time when a executable is Run.

Hmm this is how the virus and trojans use the Registry to spread and infect the system.
To manipulate the registry ,we can do it by using Regedit tool or programmatically we can manipulate it by using the apis(thats what viruses use).
To Know various ways how the virus and trojans make use of registry to affect the system , and how the virus and trojan code is written follow this link.
Trojans and virus working.