Hacking Firefox to Always Auto Save Password Without Showing Notification Bar
As usual when I was screening through all the new posts in forum to see if there are any spam and also any computer topic that I can help, I saw an interest question asked by Rizzano. He wanted to know if there is anyway to make Firefox auto save password without clicking the Remember button. In Firefox, even if you have the option “Security Remember passwords for sites” checked in Tools > Options,the browser will still display a notification bar at the top that asks “Do you want Firefox to remember the password for “Username” on website.com?” with three buttons “Remember”, “Never for This Site” and “Not Now”.
The first thing that came to my mind was perhaps there is an addon that can do this but I couldn’t find any that can make Firefox auto save password without prompting. After spending nearly two hours researching on how Firefox saves the password, I managed to find a way on how to make Firefox save the login information to the Firefox Saved Passwords manager.
First, I searched some of the important keywords such as “Never for This Site” and “Not Now” on all the files and found that this function is controlled by a few javascript .js files. Then I was more confident in getting this to work since I didn’t have to go through the trouble of downloading the Firefox source code, modify and compile it.
When you submit a form with username and password, it will process the function:
1. _onFormSubmit() in nsLoginManager.js
2. promptToSavePassword in nsLoginManagerPrompter.js
3. _showSaveLoginNotification in nsLoginManagerPrompter.js
4. addLogin in nsLoginManager.js
1. Close Firefox
2. Edit nsLoginManagerPrompter.js with notepad which is normally located in C:Program FilesMozilla Firefoxcomponents
3. Replace the entire line 642 to 711 with the code below:
var pwmgr = this._pwmgr;
pwmgr.addLogin(aLogin);
Now whenever you login to any website, Firefox will auto save the site, username and password to the login manager WITHOUT showing the notification bar. You can access the saved password area by going to Tools > Options > Security and click the Saved Passwords button. There is one possible bug which is even when a user entered the wrong username or password, it will still be saved.
I am calling this a hack instead of customization because it’s not an included feature in Firefox. I had to manually modify one of it’s original core files to make this work. Thinking about this logically, obviously Firefox did not include such feature nor there is an addon for this because they don’t want the world’s favorite browser to turn into a keylogger. Use it with care and think twice before implementing this illegally as it can get you into a lot of trouble!
Technorati Tags: firefox , password , login , notification , save
More here:
Hacking Firefox to Always Auto Save Password Without Showing Notification Bar
SMBv2 Nuke Crashes Windows Vista, 7 and Server 2008 with BlueScreen of Death
About 15 years ago during Windows 95 era, there were a lot of “winnukes” which can cause Windows to blue screen. Microsoft did release patches to fix those bugs but during that time Internet was still very new and not many people know that there are updates to fix those problems. There was no Windows Update to scan what your system needed to update. Then came Windows 98 and most of the winnukes were patched. However I still remembered that a team called X-Coders has came up with IGMP nukes which can also crashes Windows 98.
Finally XP came and it is considered to be one of the most stable Windows that Microsoft ever released! As stable as it is, hackers still able to find flaw in their system. That time there was another nuker called SMBDie which crashes Windows XP computers by sending a specially crafted SMB request.
It definitely worked because I was pretty much “abusing” it with my childish teenager mindset. I didn’t crash just anyone but only to a particular guy who was downloading a lot with Limewire and hogging the Internet connection until none of the housemates can use the Internet. If I am not wrong, that bug was patched in SP1.
Just when we thought the latest Windows Vista and 7 is safe, Laurent GaffiƩ discovered an exploit that can cause a remote computer to get a bluescreen of death and released a proof of concept on 9th September. I only got to know about it few days ago because on the day the exploit was released, I was busy packing my bags and getting ready for my honeymoon.
I found 2 compiled version of the exploit and this is how it looks like. This one has an interface for you to enter the victim’s IP address and clicking the OK button will send a specially crafted packet to the remote computer.
The second one is command line application. Just enter the IP address after the program to launch the attack.
I’ve tried to attack my own computer running Windows Vista SP1 and the computer shows a blue screen and auto rebooted. When Windows is booted up, I got a notification window that says “Window has recovered from an unexpected shutdown” with the problem event name “BlueScreen”.
The good news is Windows Firewall is able to block this attack. Thank God that all Windows Firewall is turned on by default or else a lot of people will get nuked by another wave of SMBDie. Looks like Windows Firewall is not so useless after all… Windows XP and 2000 are NOT affected as they don’t have the SMB2.0 driver. You can also update your Windows to be patched from this exploit. If you take a look at this video , Immunity Inc has made a working exploit of SMBv2 that can run commands on the remote system!
Technorati Tags: smb , nuke , windows , exploit , security
More here: SMBv2 Nuke Crashes Windows Vista, 7 and Server 2008 with BlueScreen of Death
Remove Fake Antivirus and Fake Antispyware Automatically
Fake or rogue antivirus has been around for a long time and they are still not giving up trying to cheat computer users. Normally this is how you will “suddenly” have a rogue antivirus or antispyware installed without you even knowing it. You visit a website and you get a warning message that is very convincing and looks like its coming from Windows telling you that you have a virus/spyware. You click on a button and it will auto install. Here comes the worst part, it then downloads viruses to your computer and the rogue antivirus will find the virus. If you want to clean the virus using the fake antivirus which you just downloaded, you’ll have to purchase the software license.
This is ridiculous isn’t it? Your computer is actually free from virus but after being tricked into installing a fake antivirus, your computer now has virus and very likely you’ll be purchasing a license for a fake antivirus. Some of the rogue antivirus are very hard to remove or uninstall. Fortunately we can automate the whole uninstallation process with this simple small portable tool called Remove Fake Antivirus .
It is very easy to use Remove Fake Antivirus. All you need to do is run the program and click the Start button. Currently Remove Fake Antivirus v1.32 is able to remove 27 types of fake antivirus and antimalware.
1. Cyber Security
2. Alpha Antivirus
3. Braviax
4. Windows Police Pro
5. Antivirus Pro 2010
6. PC Antispyware 2010
7. FraudTool.MalwareProtector.d
8. Winshield2009.com
9. Green AV
10. Windows Protection Suite
11. Total Security 2009
12. Windows System Suite
13. Antivirus BEST
14. System Security
15. Personal Antivirus
16. System Security 2009
17. Malware Doctor
18. Antivirus System Pro
19. WinPC Defender
20. Anti-Virus-1
21. Spyware Guard 2008
22. System Guard 2009
23. Antivirus 2009
24. Antivirus 2010
25. Antivirus Pro 2009
26. Antivirus 360
27. MS Antispyware 2009
For testing purposes, I’ve installed Antivirus Pro 2010 on my computer. Then it reports that there are 33 useless and unwanted files on my computer. 21 are critical privacy compromising content, 9 contains medium privacy threats and 3 are junk. At first I thought they were real virus but when I randomly uploaded 3 files to VirusTotal to have it scanned with 41 different antivirus, surprisingly no threats were detected! To remove Antivirus Pro 2010, I ran RemoveFakeAntivirus.exe, waited for a few seconds and after a reboot, Antivirus Pro 2010 has been removed.
Although Antivirus Pro 2010 gave fake reports, but I am pretty sure that there are some fake antivirus that will drop in real trojan/virus/worm on your computer. Be sure to scan your computer with a reputable antivirus such as Kaspersky, Norton, Avira or BitDefender after removing the rogue antivirus with Remove Fake Antivirus. I personally believe the list of supported rogue AVs will most likely continue to grow if Olzen manage to get more samples of the fake antiviruses. Olzen, the author of Remove Fake Antivirus is 26 years old and he’s from Malaysia too!
[ Download Remove Fake Antivirus ]Technorati Tags: rogue , fake , antivirus , antispyware , security , removal
More:
Remove Fake Antivirus and Fake Antispyware Automatically
FREE 1 Year IObit Security 360 PRO License Code Valid for EVERYONE
Most of us should have heard about IObit, the company that develops useful Windows software such as Advanced SystemCare, SmartDefrag and Game Booster. I personally also like IObit products because they are develop quality software. Recently they’ve released one of their new product called IObit Security 360 that is used to scan and remove various malware such as spyware, adware, trojans, keyloggers, bots, worms and hijackers.
There are 2 editions available for it which is the FREE and PRO version. PRO version normally cost $29.95 for a year’s subscription and it contains extra features that gives an automated protection on your computer. The free version doesn’t protect your computer real time against malware but you can use it to run manual scans to find if your computer has any malwares. For a limited time only, IObit is giving out free licenses for Security 360 PRO valid for a year and this offer expires on Nov 11, 2009. Hugo Dong from IObit has kindly given me the permission to use the promotional link, so go ahead and get your free license! IObit are so confident that their product is the strongest free anti-malware software that they even ask IT professionals and amateur home users to put Security 360 to the test and they will in return put the testers in the draw to win money!
To get your free IObit Security 306 PRO license code, all you need to do is go to this page http://db.iobit.com/license-free/win7-special-offer.php , enter your email and click the Get Free License button. You should immediately get an email from IObit Support that contains the 20 random character license code. Then download the latest version of IObit Security 360 installer is360setup.exe and install. Run IObit Security 360 and click the button “Upgrade”, which is on the right side of the product name. You will see a pop up box. Enter the following license code and click “Activate” to upgrade.
IObit Security 360 PRO interface is really simple without too many confusing options. I do not have a big archive of spyware to test the effectiveness of IObit Security 360 but I’ve did a pretty simple comparison. This test is not for the money or draw but for my own knowledge.
IObit Security 360 PRO
Smart Scan took 2 minutes 13 seconds to scan 59226 objects.
Full Scan took 5 minutes 17 seconds to scan 66762 objects.
Cannot detect private trojan via context menu manual scan.
Cannot detect private trojan when I run it even with DOG, automatic and advanced protection turned on, and protection level set as high.
When computer is infected with trojan, I ran a full scan and nothing was found.
Malwarebytes’ Anti-Malware
Quick Scan tool 2 minutes 10 seconds to scan 81520 objects.
Full Scan took 9 minutes 25 seconds to scan 135338 objects.
Cannot detect private trojan via context menu manual scan.
Cannot detect private trojan when I run it even with Protection Module turned on.
When computer is infected with trojan, I ran a full scan and it managed to find 2 suspicious registry entries that was created by the trojan. Deleting the registry disables the trojan from starting up.
SUPERAntiSpyware
Quick Scan took 8 minutes 16 seconds to scan 26466 objects.
Complete Scan took 8 minutes 32 seconds to scan 32324 objects.
Cannot detect private trojan via context menu manual scan.
Cannot detect private trojan when I run it even with Real-Time Protection turned on.
When computer is infected with trojan, I ran a full scan and nothing was found.
I wouldn’t judge that all anti-malwares above are bad just by one failed detection but I can see that IObit Security 360 scans pretty fast. There are a lot of other tests results you can refer to in this forum . Do take note that IObit Security 360 PRO is an antimalware and not a replacement for your antivirus. You can actually run this antimalware software together with your antivirus for a more complete protection.
Technorati Tags: iobit , security , 360 , antimalware , promotion
Excerpt from:
FREE 1 Year IObit Security 360 PRO License Code Valid for EVERYONE
BEST Rated Firewall Online Armor Premium v3 Genuine License Key for FREE
There are so many firewall software that claims to protect your computer against hackers and malicious programs and I am sure you have wondered which is the best firewall. Look no further because it is definitely Online Armor. No it’s not something that I just say for fun but it has been proven with a series of 84 tests. If you take a look at the latest Matousec Proactive Security Challenge test results , Online Armor took the first place by scoring 99%, reaching level 10+ and excellent protection level when compared with 40 other security suite software that has firewall function.
There is a free version for Online Armor and this version managed to get number 6 out of 41 which I’d say it’s pretty impressive for a free product. Of course having the best product will cost you money and Online Armor Premium v3.5 cost $39.95. However you can now get it for FREE, thanks to Gizmo ! This offer will end on 11.59 PM Wednesday August 12, 2009. (All times are US Pacific Standard Time). So get your free Online Armor Premium v3 license key fast by following the few simple steps below!
1. Go to http://www.tallemu.com/cart/
2. Click the “ ADD TO CART ” button for Online Armor.
3. Then click the “ Checkout ” button on the top right of the screen.
4. Indicate whether you are an existing or new customer. If new then complete the registration details and click the “Register” button.
5. At the Checkout screen, enter the promo code GIZMO and click the “Apply Promo Code” button.
6. You should now see that the total has changed to $0.00. Click the Pay button.
7. Now check your email address and you should receive an email from Online Armor Sales (support@tallemu.com) with the subject [Online Armor Store] – Order processed?. Note down your License Key.
8. Download the latest version of Online Armor and install. During installation, you’ll be prompted to register Online Armor by entering license key.
Currently Online Armor runs on Windows XP and Vista, 32 bit only. This free Online Armor Premium v3.5 license is valid for 1 year. Most of the firewall software such as Outpost, ZoneAlarm, Online Armor, Lavasoft, Sunbelt are subscription based meaning you have to renew every year like what you normally do for antivirus software. There are only very few firewall software such as Jetico and Malware Defender that will provide you with lifetime updates when you purchase a license.
Maybe, I’d say that “maybe” Online Armor scored so well in Matousec test is because it is made to block all leak tests created by Matousec. I said that because I tried cutting off using netCut on my test computer running Online Armor Premium but the firewall didn’t detect anything at all. Obviously the Internet and LAN was inaccessible until I turn off netCut. I tried searching in Options and couldn’t find anything that could block or protect a computer from ARP poisoning. I am sure Tall Emu, the company that made Online Armor knows about netCut as I found a discussion dated year 2007 in WildersSecurity but don’t know why they did not make their program to protect against such attacks.
Technorati Tags: firewall , security , license , online-armor , hacker
More here: BEST Rated Firewall Online Armor Premium v3 Genuine License Key for FREE
FREE 1 Year Dr. Web Antivirus Genuine License Key Worth $30 for EVERYONE
Finally, I am able to use the word EVERYONE in a freebie post because here is a promotion by Dr Web and they are giving out free 1 year antivirus genuine license to each and everyone one of you. Some of the impressive feature found in Dr.Web antivirus is FLY-CODE. This is new feature of Dr.Web 5.0 which is a universal decompression technology that allows detecting viruses disguised by means of packers unknown to Dr.Web. Just like other top antivirus, Dr.Web also has a unique non-signature detection technology called Origins Tracing that has also been brought to a new level in Dr.Web 5.0. It has already proven its efficiency during epidemics that caused data losses to a large number of customers of other vendors. Other than that, it can detect spam-bots, scans virus in email, automatic updating and etc.
Dr.Web Antivirus normally cost 21,84 EURO for 1 user valid for 1 year but it’s free for a limited time. If you wish to get your personalized genuine license for Dr.Web Antivirus v5 valid for one year, just follow the simple instructions below. Best part is this license can also be used on Dr.Web anti-virus for Windows Mobile. Get it FAST before this offer expires!
1. Go to this page http://www.drweb.com.cn/other/frdrweb.aspx
2. Click the button at the bottom to go to the next step.
3. Enter your name, valid email address, age and again click the red color button on the right. It is advisable to use Hotmail or Yahoo because Gmail seems to have problems.
4. You can enter anything in the box that has asterisk and click the button on the right.
5. Check the email that you entered in step 2 and you should get an email from public@drweb.com.cn with the subject containing Chinese characters. Note down the 16 digit product key. If you didn’t get any email, you should check your junk/spam folder.
6. Download the latest version of Dr.Web Antivirus v5 and install.
7. During installation, Dr.Web will ask for license key file. Select “ Receive key file during installation ” and click next.
8. On the registration step 1 window, click “Obtain a license key file”. At step 2, type in the 16 digit OEM serial number and click Next. Step 3 just click Next. Now provide your user information to register yourself as Dr.Web customer and click Next. Finally it will verify your serial number and generate a key file drweb32.key.
Alternatively you can also go to this page http://buy.drweb.com/register/ to generate your Dr.Web key file based on your serial number.
Dr.Web Antivirus v5 for Windows takes up around 46MB of memory during idle when Windows has just been booted up and it increases whenever it is working. If you are using Vista/7, you shouldn’t worry about that because it the OS itself has the ability to clean up memory. A big part of the memory usage is taken by the spidermail module which is used to scan for viruses in emails. You can disable it if you do not use Outlook or any POP3 email clients. Right click on the Dr Web icon at the notification area, SpIDer Mail > Settings. At the Scan tab, uncheck Load at start.
Dr.Web is definitely better than Vexira in terms of virus detection because it detected every virus that I drop in to my test computer. Dr.Web Antivirus runs on Windows 95/98/Me/NT/2000/XP/Vista 32bit only. Thanks to my_immortalize and collapse@ Doctus for “sharing”. I hope this time I “credited” the right person.
Technorati Tags: dr.web , antivirus , security , free , license
Continue here: FREE 1 Year Dr. Web Antivirus Genuine License Key Worth $30 for EVERYONE
Protect Your Computer Against ARP Poison Attack netCut
I wonder how many of you tried netCut after reading yesterday’s article? Don’t you find it kind of hard to believe that netCut has been available for so long yet so many computers is affected by this attack just because of the standard of ARP. Attacking computers with netCut seemed to be fun for script kiddies but the person who got cut is no fun at all.
If you felt that your Internet connection that is shared on network being cut off when others is working fine, then here is how you can determine whether if someone is really poisoning your ARP cache. Other than that, if you’re connected to a public wi-fi, you should protect your computer against these attacks. Even when you think you are on a paid wifi which seems to be safer, you’re wrong because someone could cut off your Internet and then spoof their computer as your computer to get free internet on a paid wifi.I did some research on how to protect against netCut and here are a few working ones. Not all can protect against netCut, for example Anti Netcut by tools4free and StopCut. Both of these anti netcut tools doesn’t work and annoying as well because every once in a while, an advertisement window will popup. In fact I even got a warning from Comodo Firewall that Anti Netcut is trying to secretly connect to a FTP server. In the Arcai’s netcut Software 2.0, there is a checkbox “Protected My Computer” which supposedly to protect your computer against Arcai’s netcut Software but it didn’t work on my Windows XP SP3 computer.
A working third party software that can intercept ARP spoofing/ARP attacks/ARP poisoning, intercept IP Address conflict, prevent Dos attack, safety mode, ARP flow analysis, protect ARP cache, active defense, locate attacker and ARP virus cleaner is AntiARP .There are 2 version of AntiARP which is the Personal Edition and the Server Edition. Unfortunately both versions are shareware. The Personal edition can only work on desktop operating system such as Windows 2000, XP and Vista. If you want to use it on Windows server based OS, then you have to go for the Server edition which cost more. It can automatically block netCut’s attack and also let you know who is the attacker.
So far I found out that the free Comodo Firewall is able to protect your computer against ARP poisoning but you have to enable it as it is disabled by default. Click on Firewall at the top bar and then click Advanced button at the left pane. Go to Attack Detection Settings and check “Protect the ARP Cache”.As for Kaspersky Internet Security 2010 users, sorry to let you know that it doesn’t block netCut attacks.
Technorati Tags: netcut , arp , antiarp , comodo , security
Read the rest here:
Protect Your Computer Against ARP Poison Attack netCut
Trick to get FREE 1 Year a-squared Anti-Malware Genuine Full License Worth $40
This blog site is mostly on computer tips and tricks and here’s one. Earlier this month I posted an article on how to obtain a free 1 year a-squared Anti-Malware genuine license but unfortunately the offer did not last long enough for more people to get it. The article was posted at 3PM (GMT+8) and the coupon code that converts the trial version to the full version expired just after 6 hours. If you’ve missed it the last time, I hope you are able to grab your free a-squared Anti-Malware license this time.
If you didn’t know what is a-squared Anti-Malware, it gives a comprehensive PC protection against trojans, viruses, spyware, adware, worms, bots, keyloggers, rootkits and dialers with 2 cleaning scanners (anti-virus + anti-spyware) in 1 and 2 guards (signature scan + behavior analysis) against new infections. Unlike other malware protection products, a-squared Anti-Malware was designed to run parallel with other antivirus and firewall software without troubles. In case you find a conflict with another software, the support team will help to solve the problem quickly.The steps to get the free anti-malware license is exactly the same as the previous article. You need to sign up for a free a-squared account, check your email to get the temporary password and then convert a coupon code to a licensed software. Finally download and install the latest version of a-squared Anti-Malware and then enter the login information which you used to sign in to Customer Center.
The step-by-step instructions that I previously written can be found here .
The old expired coupon code used to be kam-nef-max-558 and it cannot be used to convert a license code anymore. Wait a minute, actually it can still be used if you add in another character to the code. I am not sure if it is a bug or if this is done deliberately. What you need to do is add a spacing at the beginning before the coupon code so it looks like something like this ” kam-nef-max-558 ” . Do NOT type the word “SPACE” but instead hit the spacebar on your keyboard then followed by kam-nef-max-558.Amazingly a-squared accepts the coupon code and you now have a 1 year fully licensed a-squared Anti-Malware associated to your account.
a-squared Anti-Malware does takes up quite a lot of memory when real-time protection is enabled. It could be due to having two scanners (anti-spyware + anti-virus) protecting your computer from virus and spyware. The antivirus engine is powered by Ikarus and although the brand is not really that popular compared to Kaspersky, Norton and McAfee, surprisingly it is able to detect the latest icrypt stub. I could only find one recent test on a-squared Anti-Malware from Malware Research Group and a-squared Anti-Malware got number 1 by detecting 99.7% from 639424 virus samples. Even the older tests results on Ikarus shows that it has pretty high detection rate.
Enough said. GET IT FAST BECAUSE THE CODE WILL DEFINITELY EXPIRE IN A FEW HOURS!Technorati Tags: ikarus , asquared , antimalware , security , free
Read more:
Trick to get FREE 1 Year a-squared Anti-Malware Genuine Full License Worth $40
Wipe Your Hard Disk Before Lending or Giving Away
The videographer for my wedding has given me 3 sets of DVD but I wanted more than that which is the original video files that is imported from his camcorder. Although DVDs has very good quality but it’s still not as clear as the original video files. The video guy told me that the videos are in AVI format and takes up 100GB. The only way I can get him to transfer the AVI files to me is to lend him my external hard drive and then collect it the next day when he’s done copying.
I have an external 5.25″ 7200RPM USB/Firewire hard drive which I can pass it to him to copy but before doing that, it is important that I wipe out whatever is in there to prevent from being recovered. If you didn’t know, when a file is deleted from your computer even when after emptying the recycle bin, the file can still be recovered using data recovery software. This hard drive used to be my backup hard drive and it contained a lot of important stuff that is worth keeping. Leaving my hard drive to a stranger for the whole day is definitely dangerous. Here’s what I used to securely wipe out my hard drive.
I’d used Darik’s Boot And Nuke (DBAN) but since it is a boot disk and I didn’t want to go through the trouble of loading the correct drivers my external firewire hard drive, I prefer something simple and portable that can be ran on Windows. I found WipeDisk and Eraser which both are portable and very easy to use. WipeDisk looked easier than Eraser so I gave it a try. After running WipeDisk for about 30 minutes, the WipeDisk program hung and there’s no way for me to terminate the program. I had press the power button for 5 seconds on my laptop to turn off the computer and then turn it back on.
I immediately deleted WipeDisk from my computer and then tried Eraser. Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 98, ME, NT, 2000, XP, Vista, Windows Server 2003 and Server 2008.
All I need to do is run Eraser, go to File > New Task and add the external hard drive. Right click on the drive that’s added in Eraser and select Run. It took about 170 minutes to wipe out my 200GB hard drive which is a bit long but you can set Eraser to sleep or shutdown your computer when finished.
Make sure you always wipe your disk first before lending your external hard drive, usb flash drive, camera memory card to your friend or when you want to throw or donate the drive away.
[ Download Eraser ]
Technorati Tags: delete , erase , wipe , eraser , security
Continue here: Wipe Your Hard Disk Before Lending or Giving Away