Walker News » Security

How To Enable Facebook Account Login History?

Walker — Thu, 06 May 2010 19:14:32 +0000

Facebook offers an optional account security feature allows users to be notified (by email) when the account login is done from computer or Internet devices that are never been used or acknowledged by the account owners.

Once you’ve turned on this (new) feature, Facebook will prompt you to register the computer, after the login screen but before loading the Facebook News Feed, if that computer is either never been used to login your Facebook account OR the web browser cache that contains your previous login activities has been emptied / deleted:

Enable Facebook account login activity tracking feature

1) Login to Facebook, click the Account link on the top-right corner followed by Account Settings.

2) Locate the Account Security and click Change. Select Yes and click Submit.

After turn on the Facebook Account Security feature, you (or the bad guy) will be prompted to register the new computer (as mentioned earlier) and an email alert about account login on this new registered computer will be sent to the owner’s registered email address (i.e. the one used to login to Facebook).

If you are using same login password for both the Facebook and email, then this feature is pretty useless as the bad guy would have login the registered email account too and delete that notification.

Although this feature is a bit troublesome to people (me and probably you) who regularly empty web browser cache, I personally think it is worth to be enabling. At least, the bad guy will think twice as he is prompted to register the computer used to login Facebook account that is not of him/her.

P/S: I am also looking forward Facebook to support HTTPS entirely, from the time of account login until logoff, to prevent my “precious” privacy from easily read by network sniffer as the plain-text data packets travel across the computer network.

How To Record Wireless Router Connection Log?

Walker — Sun, 14 Mar 2010 15:54:47 +0000

The trick to log wireless connection of router modem can be useful in securing WLAN, as the WIFI activities log allows network administrator (or broadband owner) to detect WIFI connection initiated from unknown clients or devices.

With that in mind, I developed a simple Windows-Bash shell script and run it repeatedly by Windows Task Scheduler to log WIFI connection activities on the D-LINK router modem.

For those who are using Linux, I think you will get the idea on how to do it after reading this post. For those who are using Windows (in my case, it is Windows 7 Ultimate x64-bit), you need the following to proceed:

The D-LINK DSL-2640T Wireless ADSL Router modem. Although most router modems are running on Linux, there might be some differences on display wireless connection in the router. For my DSL-2640T, the Linux command used to check WLAN connection status is:
```
cat /proc/wlan/mgmt/staStatistics
```
If you are kind to share, please leave a comment about the command for checking wireless connection in your router modem, if it is different than mine. Please specify the brand, model, and probably the firmware version too.
win-bash, the portable GNU bash shell for Microsoft Windows without relying on cygwin library or any other non-standard DLL and does not need any registry variables to run properly (even working fine on my Windows 7 Ultimate x64-bit).
plink, the open source SSH client for Windows command line.
CoreUtils for Windows (download the binaries zip file) – the script requires date, wc, and tail program to run properly.

Trick to generate wireless ADSL router modem connection log

1) Create folder in C:\ drive to keep the GNU utilities, e.g. C:\GNUTool

2) Download and keep the win-bash.exe, Putty (plink.exe) and GNU CoreUtils for Windows (wc.exe, tail.exe, date.exe) in C:\GNUTool

3) Copy the following Windows-Bash shell script code to Notepad, change the text in red accordingly (to suit your case) and save it as WifiChk.sh in C:\GNUTool folder:

Be careful when changing the Windows path, if necessary, as the path must use / (slash) and not the \ (backslash) when use in the Windows-Bash shell script.
The Windows-Bash shell script is case-sensitive, i.e. “A” is not equal to “a”.

RouterIP="192.168.1.1"
RouterID="admin"
RouterPasswd="Your_Router_Admin_Password"
RouterCmd="cat /proc/wlan/mgmt/staStatistics"

GNUPath="C:/GNUTool"
WifiLog="C:/GNUTool/WifiClient.log"

TDate=`$GNUPath/date +"%d-%m-%y %H:%M:%S"`
WIFICnt=`$GNUPath/plink -l $RouterID -pw $RouterPasswd $RouterIP "$RouterCmd" | $GNUPath/wc -l`
RecCnt=$((WIFICnt-2))
OutRes=""

if [ $RecCnt -ne 0 ]
then
	OutRes=$TDate" :: "`$GNUPath/plink -l $RouterID -pw $RouterPasswd $RouterIP "$RouterCmd" | $GNUPath/tail -$RecCnt`
	echo $OutRes >> $WifiLog
fi

4) Setup Windows Task Scheduler to run the WifiChk.sh by win-bash.exe repeatedly, as this:

C:\GNUTool\win-bash.exe C:\GNUTool\WifiChk.sh

In my setup, the WifiChk.sh script is executed every 15 minutes, at every hour, 24×7, and it doesn’t impair the router performance as well as broadband Internet experience.

Latest WordPress 2.9.2 Fixes Trashed Posts Vulnerability

Walker — Tue, 16 Feb 2010 09:26:18 +0000

For those who are using WordPress to run multi-author blog, you should follow the WordPress Development blog, one of the best site to keep users informed of the latest patches to fix vulnerabilities discovered by WordPress community, as well as ongoing releases to enhanced WordPress features and functionalities.

The latest WordPress 2.9.2, for example, include patch to fix a bug discovered by Thomas Mackenzie, where the posts moved to trash bin can be viewed by any authenticated users regardless of the user privilege/level or WordPress role.

Having said that, even a subscriber can read posts in the WordPress trash bin!

Whether it is a multi-author or single user WordPress-powered blog, the owner should always keep the blogging software up to date.

Kaspersky Detects Trojan In Facebook

Walker — Wed, 21 Oct 2009 15:43:00 +0000

I just detected a Trojan program in Facebook as I clicked the hyperlink points to an external resource (video clip). Luckily the Kaspersky IS 8.0.0.506 does the job well, otherwise my Vista system could have been infected :-)

As others said their Antivirus doesn’t complain at all about this inflected URL that hosts HK Creative Art Association, I then consulted Google. The answer is, THAT IS NOT a fault alarm, because Google Chrome also displaying a vivid warning message about malware found on that particular hyperlink:

As a precaution, better don’t simply click on the hyperlink that points to resources (video, music, picture, etc) hosted outside of the website you’re browsing (in this case, Facebook).

If you’re really curious to peek the hyperlinked resource, better to copy the URL and open it in a new web browser window (i.e. click the web browser shortcut to open a new browser process; NOT right-click the URL and select open new window or new tab), hopefully can minimize the risk of Trojan/virus attack that target web browser session vulnerability (session fixation), especially if you’re using outdated, not-patched web browser.

Besides, investment on a genuine, always updated Internet security software is never been a waste. So far, I am satisfied with Kaspersky.

Is there A Reliable Cracked Software? Why Use Genuine Software?

Walker — Sun, 24 May 2009 08:53:34 +0000

Why using pirated software?

About 10 years ago, I spent all money on my first DIY computer, but almost zero cost on all Windows software installed onto it.

Obviously, I used pirated program, with installers borrowed from friends or bought them myself from pirated software booth at a flat price of 3 – 5 buck per CD.

Why I did that?

First, I was about to start the 1st semester of computer study in college on my own limited finance. As you may know, the hardware was not cheap at that time, so I couldn’t afford to spent additional on genuine software.

Second, none of the people I knew in college or friends were using Linux or open source software. As a novice at that time, learning Linux on my own could be a great challenge. In order to learn from peer and “masters” around me, I had no choice to go for Windows. Since all of them were using pirated Windows and also my limited finance disallowed me to have genuine software, I just followed the “culture”.

Why using Genuine software now?

Before Windows XP released, most of the pirated software were actually “cracked” by using a genuine product key or serial number.

By using this method, there is no worry of Trojan or virus, so long as you install the software with a genuine installer and activate it with “pirated” product key that is actually a genuine license key shared by millions of people around the world.

However, software activation changes after Microsoft introduced Microsoft Product Activation or Windows Product Activation, started with Windows XP.

Many other software follow the way of Microsoft licensing Windows XP, i.e. to install the software with a valid product key and then activate it within grace period, by connecting to the software vendor server or phone the call center to get an activation key for this purpose.

Therefore, most of the pirated software nowadays are not simply a result of cracking with genuine product key. Indeed, these are really “cracked” software that done by repackaging genuinely installed and activated software, fooling the software with a locally installed activator, etc.

I don’t kinda like these kind of “cracked” software as I am worry about risk of Trojan or virus that might have built into the activator or repackaged installer.

How To Configure Windows Update Proxy Server Settings In Windows Vista SP1?

Walker — Thu, 21 May 2009 16:54:21 +0000

Windows Update requires two other clients to work, i.e. WinHTTP (Windows HTTP Service) and BITS (Background Intelligent Transfer Service) to scan and download the available updates from Microsoft servers.

Interestingly, none of these services is using Internet Explorer proxy setting. Indeed, Windows Update clients refers to WinHTTP proxy server setting that is either configured manually by user or automatically updated by Web Proxy Auto Detect (WPAD) feature of the connecting network.

Therefore, laptop users who access Internet via proxy server in corporate network with WPAD feature enabled are likely have problem to run Windows Update after switching to direct network (e.g. home broadband, public WIFI, etc) or other network that enforce proxy server for Internet access but disable Web Proxy Auto Detect setting.

WPAD setting is normally configured by network administrator in either DNS (Domain Name System) or DHCP (Dynamic Host Configuration Protocol) option.

In case WinHTTP proxy server setting is not updated, you have to do it manually.

The following guide to disable / enable WinHTTP proxy server is based on Windows Vista SP1. Anyway, it should be working on other Windows versions that support netsh command set.

To disable WinHTTP proxy server

Execute netsh winhttp show proxy to check if you have a proxy server configured for WinHTTP. To disable the WinHTTP proxy setting:

1) Open an elevated Command Prompt window (i.e. Command Prompt window with real Administrator privilege).

2) Execute netsh winhttp reset proxy to reset WinHTTP proxy setting to DIRECT (i.e. to connect to Internet directly without using any kind of proxy server).

Configure WinHTTP proxy setting

If the connecting network does not enable Web Proxy Auto Detect setting but requires proxy server (e.g. IP 188.8.6.7 and port number 80) to access Internet:

1) Open a Command Prompt window with real Administrator privilege.

2) Execute netsh set proxy 188.8.6.7:80.

To view netsh help and example on WinHTTP proxy configuration, execute this

netsh winhttp set proxy help

According to the netsh winhttp help, it’s possible to define different proxy server for http and/or https connection.

How To Use Putty-generated RSA Key To Login Linux OpenSSH Server?

Walker — Sun, 10 May 2009 16:28:04 +0000

In order for Windows users to remotely login Linux servers via SSH protocol, I suggest the Putty freeware (a SSH client for Windows that is also supporting legacy, insecure telnet and rlogin protocol).

For the sake of better security, most system administrators enforce SSH authentication over Public-key cryptography based on RSA algorithm.

(Sounds complicated and high-tech? No worry. You don’t have to know all these scary terms to make this trick works – engineer is applying what the scientists have found).

So, How to use Putty-based RSA public-key with OpenSSH server?

The public-key generated by Puttygen is not compatible with the one generated by OpenSSH.

However, you can manually modify the Putty-based public key before appending it to authorized_keys file:

1) Open Puttygen (Putty Key Generator), click Generate button and move the mouse cursor randomly within the key section/frame to create the key with default settings (e.g. SSH-2 RSA of 1024 bits).

2) When the key generation completes, create a strong passphrase in the text box provided.

3) Then, click save Public Key and Save Private Key button, one after another, to save the pair of key to local hard disk.

4) Transfer the Puttygen-created public key to Linux server (in my test case, it’s RHEL 5.2).

Let’s say this public key is only meant for Walker user account, save that public key in Walker’s $HOME/.ssh directory.

5) Open the Putty public key with Vi editor (any text editor of your choice):

Delete the lines initial with four dash and “Comment”.
Join the remain lines into one, single line.
Initial that single line with ssh-rsa keyword (a space at the end).

Not get it? Take a look at my “silent” screencast: