Enter your password securely

I came across a nifty little utility that just might keep you from having your passwords stolen from you by a keylogger or similar devices and programs. Neo Aplin wrote this tiny little app called Neo's SafeKeys which will let you enter your passwords via a little onscreen keyboard. The really nifty part is that not only are you defeating keyboard loggers, but it places the buttons differently and the program window is a different size each time it's run, thereby defeating any program that attempts to log which button was clicked by mouse placement. All-in-all if you use public computers or even are just paranoid about your own and run Windows, this app's for you! If you missed the above link, here it is again.

Desktop Environments vs. Window Managers

Many of you who are new to Linux have probably encountered the terms desktop environment and window manager, and might be thinking "what the hell are either and why do I care?" Well, if you're not running a brand new computer, you might have a lot of reason to care. I came across an article today on Download Squad that explains the difference in a newbie-friendly manner. Most Linux installations default to either KDE or GNOME. These are both what's known as desktop environments. This is something akin to what Windows is to a PC or what OSX is to a Mac, a full-featured environment that provides everything you need to access everything on your computer. This might seem like 'well, ok duh,' but there are other options. Back in the early days of Linux, you had to put together all the components of a complete system yourself. This involved a window manager.

A window manager does one main thing, and that is to handle windows. That includes the borders and controls that let you control what is visible and how you interact with it. It also includes the menus and desktop icons (if that is how the particular manager does it.) In addition to it, you also needed to have software running to handle your sound, any panels you wanted, screensaver, and anything else you wanted to run. This seems like it might be tedious and complicated, and sometimes it is, but it allows for a COMPLETELY customized Linux experience. You can control every aspect of your system and have it look, act, and work just how you want. And as a side effect of only running the components you need, window managers are much slimmer, quicker, more efficient, and if they crash, they don't take down anything else with them (like that novel you are working on and haven't saved for 25 pages.) A couple of my favorite window managers are Enlightenment and Window Maker. If you have an older PC that seems real sluggish currently, (or you think you can't even use) give one of these a try, you might find out your 233MHz PII can run as well as your 2GHz P4, and can look good doing it.

Tip: if you really are putting it on a 233 (or something slow) go with Window Maker, it is much slimmer than Enlightenment.

Special thanks to Kristin Shoemaker for her (sorry Kristin!) excellent blog post on the topic, check his article for more information on desktop environments and window managers.

USB Flash Drive Virus Proof of Concept

I came across something very disturbing a few minutes ago, and I think the world really needs to know about it. I know you all know that Windows is horribly vulnerable to every PC malady that has ever existed, but here's one that is basically built-in on purpose by Microsoft.

This particular exploit utilizes the built in autorun.inf 'feature' in all recent versions of Windows to run its payload, whose source code can be seen at QuantumG's site where I Stumbled Upon it. What the code does, is basically as soon as you insert the flash drive containing this program, opener.exe, and the 4 lines in autorun.inf, it will find any other removable drives, copy itself onto them, and hide itself. The actual process goes like this:

1. Open an explorer window for the drive we're running from.
2. Make sure there is only one copy of opener.exe running.
3. Scan the available drives for any that are removable.
4. Check that there is some free space on the drive.
5. Check that the drive doesn't already have an autorun.inf.
6. Dump the following into autorun.inf:

   [autorun]
   shell\eject=Eject
   shell\eject\command=opener.exe
   shell=eject
   

   This creates a new shell command which I've just randomly named "Eject" and, importantly, makes it the default action.
7. Write a copy of opener.exe to the drive.
8. Mark both autorun.inf and opener.exe as hidden.
9. Do any other removable drives we can find.
10. Wait about a minute.
11. Go back to step 3.

This is very basic virus behavior, but if the author was malicious, absolutely anything they wanted to do could be done. This has very serious implications for users, and needs to be addressed post-haste by Microsoft. Let's get the word out, you can help by Stumbling, Digging, or doing whatever you can to share this post and get it fixed.

Original site at http://rtfm.insomnia.org/~qg/opener.php
Image courtesy of Francois Thé

How to post HTML code on your website

OK, so I came across this great tip that lets you see the passwords you have saved in Firefox, so I immediately went to post it on here, and after typing it up, putting the code in, and trying to post it, I found out that it won't show the code on my site because it is interpreting it. So, I had a new problem: how to show the code without it being read as code. It took me a few minutes to find out how to do this, and I had to use a few methods of searching before I found the appropriate answer, so here it is just for you:

Within the HTML example, first replace the "&" character with "&" everywhere it occurs. Then replace the "<" character with "<" and the ">" character with ">" in the same way.

Within the HTML example, first replace the "&" character with "&amp;" everywhere it occurs. Then replace the "<" character with "&lt;" and the ">" character with "&gt;" in the same way.

Interestingly enough, in order to post these instructions, I had to replace "&amp;" with "&quot;&amp;&quot;", "&lt;" with "&quot;$amp;lt;&quot;", and "&gt;" with "&quot;$amp;gt;&quot;" so that they themselves aren't interpreted. To show you what I had to type to get "&quot;&amp;&quot;" to display, view the source, cause it would be really really confusing if I tried to make it viewable, the first level of de-interpretation was bad enough, let alone the second. I better stop before I recurse into infinity showing what has to be input as code to display what the code should be. Enjoy!

View password 'asteriskd out' in Firefox

Have you ever needed to see what that password you had Firefox remember last year was because now you can only get on that website from your computer at home, and need it at work? Or something like that. I know it's been awhile since I made a post, but come on guys, nobody has even noticed, have you? Anyways, to see what's behind the ***s, make sure you are on the page you want to get the password from, and it is entered in the box (you can see ****** in the box.) Now, click in the address bar up top, and replace the text in there with the following text: (copy and paste)

javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords in forms on this page:\n\n" + s); else alert("There are no passwords in forms on this page.");})();

When you press enter, you will get a box revealing the mystery!

New electronic Rubik's Cube

I came across a sweet little digital toy online today that is basically an electronic Rubik's Cube. There is a little LCD on each square and you drag on them to rotate. The cube is called the Fentix Cube and is available in limited quantities from the Kinetica Museum in London.

New employment technology, untapped US market

I came across an extremely interesting article about a new technology in use in Japan that I believe needs to come over here. The original article is available for your viewing pleasure at http://joi.ito.com/archives/2007/10/21/otetsudai_networks.html.

The handheld device shows the location of all of the workers located in the area, and using it, employers are able to find people who are qualified for the particular job they need filled. This is in response to an increasing trend for young professionals to be in varying positions and not be locked into one job. This is not only the case in Japan, and I think that this would be not only extremely popular, but profitable here in the US. I would like to make this a reality, and am seeking somebody who is interested in getting this project off the ground, starting here in Anchorage, Alaska. I have the connections and ability to obtain space on radio towers if the interest was generated and the technology was obtained, licensed, or developed. I think this would be a great opportunity for a new startup, and would love to work with like-minded others to make this a reality. This is clearly an untapped market in the US, and potential for a national corporation exists, so forward-looking and thinking individuals who are business-oriented and enterprising should contact me immediately and we will discuss what we can do to bring this to our country. I can be reached by commenting on this article or email at lockext &t gmail /dot/ com. Decode the address, if you're human it shouldn't be too hard. ;) I'm looking for people who are serious about doing business and want to make this happen before somebody else takes over the market! Don't wait, let's make it happen!

Windows Vista important security announcement

It's come to my attention that there is a serious security issue in Windows Vista that all users should be aware of. It involves the use of Unicode characters to change the way that a filename appears in the explorer and desktop to make a dangerous executable in screensaver (.scr) format appear to be a harmless JPG. This vulnerability doesn't appear to exist in XP, only Vista. The following screenshots, as captured by Max Ried, demonstrate the vulnerability and show how serious the problem is.

The file on the XP desktop: The file on the Vista desktop:








As you can see the only way to identify it as not being just a picture is by hovering your mouse over it. It appears to me that this is done by using a particular character, which is actually 2 Unicode characters, one being the circle of commas, the other being the code which causes everything after it to be typed backwards. You can see how it works by copying the character, and pasting it into any text entry box, such as notepad.exe, then start typing right after you paste it. The character is at the bottom of this post as it becomes very hard to type forwards if pasted anywhere in the middle of the article. It looks like the filename is made up of the code to insert the gpj. backwards at the end of the filename (or appear as such to the viewer,) and then the actual filename, Nice Picture.scr. Apparently XP is not affected because it does not correctly support Unicode for filenames within explorer.exe and therefore the desktop. This vulnerability was first demonstrated at Heise Security and adapted here to include my additional data on the cause.

Another view of the problem in the 7Zip program, first in XP:















And in Vista:













And now the character I believe is responsible, along with the character that makes it possible to copy and paste it, otherwise the character doesn't take up any space and therefore can't be highlighted to copy, it would just cause everything you typed after it to be backwards, as I'll demonstrate here:

‫‬‭‮‪‫‬‭‮҉

this is what happens after you paste and start typing
‫‬‭

Help find Steve Fossett, or earn money!

I just found out that there is a good way that everyone on the net can help in the search for missing pilot Steve Fossett, and it is very easy. I implore everyone to go to http://www.mturk.com/mturk/ and sign up for this service (it is an Amazon.com service) which will allow you to accept jobs (many of which you can earn money for) including reviewing satellite images for objects that could be the wreckage of his plane. This is very important, and a good cause, and when you decide you are finished looking at satellite images for plane wreckage, you can use the service, called Mechanical Turk, to either submit jobs to be done by members of the internet community for a fair rate, or you can work on jobs submitted by others with a known amount to be paid on completion. If you submit jobs, you will be able to review the work done and accept or reject it, and you will only be charged if you accept. As a member of the community working on jobs, you post your solutions and if accepted, the amount earned is deposited in your Amazon.com account, and you can then transfer it to your personal checking account.

Ubuntu Hardy Heron 8.04 announced!

It seems like only months ago I was still using Ubuntu Breezy Badger 5.10, which even then was an incredibly useful, simple, and stable OS. So much so that from the moment I installed it, I forsook my Windows partition entirely and it languished in a state of disuse from then on. I still used the files on it though, so I couldn't delete it entirely yet. Then I decided to move to Dapper Drake 6.06 LTS, and it was then that I moved to a bigger hard drive. I copied everything from both my partitions that I wanted onto my new 80gig, and installed 6.06. Being a long-term-support release, it was remarkably stable and polished, and I never had any problems with it of any sort besides taking some time to figure out how to get stuff I wanted to try running, but that just makes it more fun. :)

I currently run Ubuntu Feisty Fawn 7.04, and it is by far the nicest, quickest, and most stable OS I've ever run, and I wouldn't trade it for anything (though I would and do give it away to as many people as are willing to take it.) These days, all the talk is about Gutsy Gibbon 7.10, and thousands or millions of people are trying out the pre-release versions quite successfully from what I've heard, though I don't really put any OS on my system until its the full release. However, I just read today that the next new version of Ubuntu has been announced as 8.04 Hardy Heron, and will be released in April of 2008! This is great news and Ubuntu is advancing rapidly as the biggest and one of the best distributions in Linux history, and putting a face to Linux that people can identify with and see for its benefits, even when they have never seen any Linux before. The announcement was made by Jono Bacon on August 29 this year on his blog at this address.