14 January 2008

Windows Vista: Really that Bad?

Many Vista users have been complaining about Vista's compatibility issues, battery life problems, and random other annoying features of Vista. I've come to dislike Vista almost as much as I dislike Macs. However, when I tried making the cookie copying article and some other stuff, I've come to realize maybe it isn't that bad.

Right after I wrote the article on secretly stealing cookies (See the article), I realized I never discussed what you can do if you have Windows Vista (and IE7 which comes installed). When I try to test out this program, first I find the cookies folder locked (gasp). Alright, so while I was at it, I tried another program that uses batch files to do some..umm..stuff. What the hell? I find out I don't have access again. What gives?

What I came to realize was that Vista's "least privileges" rule was actually "saving" my computer. While at the same time this property of Vista prevents users from opening a whole array of things without being bugged by the User Account Control (UAC), it also stops unwanted programs from executing scripts to access the registry or restricted folders.

Is it really that useful though? If you're an inexperienced user, maybe you'll read what UAC has to say the first couple times. Then you get accustomed to it and then click "Allow" every single time. What I found out was that Vista keeps a lot of things locked even UAC is turned off. So it might stop some people from doing stupid stuff but there's plenty of ways to get around this stuff.

Alright so Vista stopped me from doing some stuff. I figured out where the cookies were kept anyways without anything stopping me (see edit in IE Cookies: Yum!).
Posted by 1 comment:
Labels: , ,

11 January 2008

IE Cookies: Yum!

Cookies are debated to be a dangerous thing. Website can track what you're doing whereas they also help you keep your cart in order when you shop online. So what are they? In this article, I'll show you one quick hack which will let you use someone elses cookies on your computer.

There's a couple things you should know about cookies first.
  1. Where they are located
  2. How to copy your cookies
  3. What is in a cookie
  4. What can you do with cookies (other than eat them)

1. Where Are They Located
Depending on the internet browser you have, your cookies are stored in different places. I'm only going to look at Internet Explorer and Mozilla Firefox.
  • Internet Explorer - %userprofile%\Cookies
  • Mozilla Firefox - %appdata%\Mozilla\Firefox\Profiles\[random number].default\cookies.txt
Note that whereas IE stores the cookies in a folder, Firefox stores it in one file.

EDIT: For Windows Vista with IE7, the cookies you can actually access are stored in a different location. They are in '%appdata%\Microsoft\Windows\Cookies'.

2. Copy Your Cookies
On Firefox, this is pretty simple. Just copy that 'cookies.txt' file and you're done. On IE, there are two ways. The easy way is to (this is using IE6) do File->Import and Export->Export Cookies and save the file. That will give you a cookies.txt file just like Firefox! If you want to copy to IE, just Import Cookies instead and pick the cookies file.

OK, so this wouldn't be an article without the hard and sneakier way. I started off learning the easy way before I wondered what else you could do if you just had the cookies folder. You start off by copying the 'Cookies' folder to a directory of your choice. If you try to paste this folder into some other another computer/user's folder, you find out a file called 'index.dat' can't be written! One solution to this is to logoff, and login as another user and then paste (to the first user). Ok, ok, that's a bit too annoying if you need to do that everytime. Before I teach the other way, there's some other stuff you should learn... (scroll to the bottom if you just want to know how)

3. What's in a Cookie
So you're looking at that exported cookie file from IE and wondering what the hell do all those numbers and other things mean. Here's the breakdown of all that stuff.

yahoo.com   TRUE   /   FALSE   2127949143  C  mg=1
  1. domain yahoo.com- what (the domain that) created the cookie
  2. flag TRUE- whether or not all machines in the domain can access this
  3. path /- place within the domain that has access
  4. secure FALSE- whether or not a secure connection is needed
  5. expiration 2127949143- when the cookie expires in epoch time (seconds since Jan. 1, 1970 00:00:00 GMT)
  6. name C- name of the cookie
  7. value mg=1- value of the cookie
Each cookie in the 'cookies.txt' file is seperated by a new line (or more sometimes). The Firefox 'cookies.txt' file looks a bit different because the "newline" character is different but don't worry about that.

4. What Can You Do With Cookies
The basics of what cookies are used for: shopping carts, tracking you (in good and bad ways), storing login information (for email, blogs, other websites), and a bunch of other stuff. You can copy your cookies if you're migrating from one internet browser to another.

Let's get back to copying then. Either just copy the folder, or create a .bat file to automate this. Just have: 
'xcopy "%userprofile%\Cookies" "[destination]" \h \s \e'
in the file (where [destination] is replaced with the destination folder. So you've copied the Cookies folder (maybe even "sneakily" using the .bat file). How do you make a 'cookies.txt' file to use on another computer?

There's a freeware utility called IECookiesView (download) that will let you do this. Open IECV and go to File->'Select Cookies Folder' and find where you copied the cookies to.

Select all the cookies (Ctrl+A or Edit->'Select All Items') and then File->'Export to Netscape/Mozilla File'.

At first I thought this was all and tried to import using IE. Didn't work. So what was wrong? Two things: the file is exported with a different newline character (uses Unix LF carriage instead of Windows CRLF) and instead of using regular text in the files, it uses percent-encoding (which is just used in URLs..see the wiki).

Fix the first problem by downloading and installing Unix2Win (download), right-clicking the exported file from IECV and selecting 'Text Converter'->Unix2Windows. Cool..that was fairly easy.

EDIT: Alright, so I went back and found out you don't need to install Unix2Win. If you use my converter (see below), it will take care of everything. It will fix the newlines and the percent-encoding problem.

The next problem is a bit harder. Convert the the percent-encoded file to a normal text file. You can find an online solution or use mine. I made my own converter using Java (download). You have to use it from command prompt. Use 'java URL2UTF8 input output'. Perhaps you don't trust this file? If anyone wants to compile it on their own, I'll post up the source code too. If there are any errors that I haven't handled properly, please let me know. Ok, so maybe that wasn't hard for you either (it was for me...I tried searching on the web with no good results before I made it on my own).

Great, now you have the correct cookie text file and it actually works on IE (and Firefox too)!
Posted by No comments:
Labels: ,

08 January 2008

Skype on PSP?

All of you PSP users, you're in for a delight. Sony is planning to team up with Skype to develop a version of Skype for PSP users. In about a couple months when the new PSP model, the P-2000, comes out, gamers will be able to install firmware which will allow them to use Skype on their gaming system and talk in WiFi hotspots. (Read original article)

I think that's a great move. Adding extra functionality usually broadens the audience. So you're thinking of buying a game system one day and you're comparing what to get. The PSP is sure to stand out here right? So what's a part of this new functionality?
  1. Call PCs or PSPs that have Skype
  2. Call regular/mobile phone
  3. Get a phone number so PC/PSP Skype users can call

You won't be able to instant message and you will have to get a microphone and earbuds for the PSP, but you're adding phone functionality right?

So I've including all the above information so that you guys can know what's going on with this. I honestly think though that this is trying to make the PSP seem more like an iPhone. I mean you look at the PSP and the iPhone from a distance and they sorta look the same right? OK, maybe not that similar but it seems the PSP is trying to do the same thing though.

I think that all of these devices and companies are trying to do the same thing. They all seem to be trying to make some has-it-all device that will be all you need. Why carry around a phone and a PSP when you can carry just a PSP. Or why carry around a MP3 player, a phone and ...umm... a lot of stuff when you can just carry an iPhone?

There's an article ("Time to Do Everything Except Think" by David Brooks) that talks about a pretend society. Although it's an old article (April 2001), it talks about two people who are carrying devices that can do basically everything (it describes something like a Blackberry). The thing is, this article is starting to mimic what's going on now. David Brooks makes a lot of this stuff sound really bad and unhealthy. Sure to one extent it is, but I think it makes life a bit simpler too.

So as far as the PSP goes, you can choose to get that PSP with the phone or get an iPhone, but I don't really think it's really necessary. I'm into simplicity and I guess that also means not spending money. But whatever suits your life, I can understand your reasons if you get one too.
Posted by 1 comment:
Labels: , ,

07 January 2008

Keeping Your USB Drive Safe: Part 1

This is gonna be the first part of several posts on how to keep your thumb drive encrypted, backed up, and safe from anyone who wants to steal it. This tutorial will teach you how to use TrueCrypt and autorun.inf files to secure your USB drive and automatically ask for a password when you plugin your USB.

Encryption

So the first situation to avoid is letting your "private" information come into the wrong hands. To do this, we're going to use TrueCrypt (download), a freeware encryption software.

To prepare your drive first, install TrueCrypt in the "traveller mode" and copy the files to the root directory of your USB drive and start up TrueCrypt from your USB.

Using TrueCrypt



There are two things you can do from here: 1) Encrypt your whole USB drive or 2) Make an encrypted file container. The bad thing about encrypting your whole drive is let's say you take your USB to work or anywhere else and they don't have TrueCrypt. Crap, what do you do? You can't do anything unless you have TrueCrypt. So in this example we're going to make a file container so that you can keep TrueCrypt on your USB (did I mention it's portable?) along with your encrypted files so you can access your secret files from anywhere. (**If you plan to encrypt your whole drive, then you'll have to start TrueCrypt from your hard drive.)

File Container



Click on 'Create Volume'. Pick your drive in the next screen and create a file container using some filename you don't already have on your drive.

Pick Your Algorithms



Pick some encryption and hash algorithm. I usually pick Twofish since it works the fastest for me and Whirlpool (no particular reason for that).

Size and Password

Once you click next, you're going to pick a file container size. I made the container the size of the whole drive so I could keep everything encrypted. Pick your size and then pick your password in the screen after that.



TrueCrypt will allocate the space for the file container and you're done! Just start TrueCrypt and select your file container, mount, and enter the password whenever you want to access your files.

Optional Stuff (My Addition to this Process)

Let's say you've done all this but you want to make sure a person has to enter in the password to view any files. There are some things you can do to make it slightly harder for other's to access your files and easier for you.



We're going to do two things: 1) Make TrueCrypt start automatically and 2) Keep all your unencrypted files 'hidden' and harder to access.

So let's start off by creating a file called 'mount.bat' in the root folder of your USB. As many of you may know, this will let you command line arguments from a file. If you followed the previous part (encrypting) as explained, then open 'mount.bat' using a text editor and type the following:

start "" truecrypt /v usb /a /q /e
**Instead of entering 'usb', enter the name of your file container.

Create another file called 'unmount.bat' (also in the root folder) and type:

start "" truecrypt /d /q

Now create one last file called 'autorun.inf'. This is the file that will automatically execute this stuff as soon as your USB drive is plugged in. Type this in that file:

[autorun]
open=mount.bat
UseAutoPlay=1
shell\mount=Mount
shell\mount\command=mount.bat
shell\unmount=Unmount
shell\unmount\command=unmount.bat
shell=mount




The first line with 'open=..." says to open the following file as soon as the drive is plugged in. The second line says to just run the file instead of having Windows ask what to do (disable Autoplay feature). The next four lines sets some shell menu options to 'Mount' and 'Unmount' the device. The last line says that whenever you double-click on your USB drive from My Computer (if you're using Windows), it will ask you to enter the password for the TrueCrypt container (only if you haven't already done so).

Lastly, open command prompt and navigate to your USB drive (Just type the letter of your drive and ':' [colon] and enter). Type 'attrib +r +h +s' and press enter. This will make all your files read-only, hidden, and system files.

If you have any questions feel free to comment below and I'll try to answer them.
Posted by 1 comment:
Labels: , ,

06 January 2008

First Post: What Am I Doing?

So this is my first blog, first post, and first time using the internet (just kidding). I'm not entirely sure where this blog is going to be headed to but I'd love anyone and everyone to leave their comments and help me out. I'll just start off with a bit about me.

I'm a CS student at Carnegie Mellon University. I've come to realize that not everyone is meant to be a CS major. Sure you thought you knew stuff in high school. Then you get to college and you find out there's people operating on a different dimension of intelligence. So as far as my major, I didn't really know anything. Java was nice for a while, then they tell you that you need to know shell scripting, AWK, Perl, and C. The problem with this was, half the class already knew the stuff and I was one of the few that didn't.

I'm kinda a person that's in between everything but not great at anything. I'm good at math, but just not good enough to be a mathematics major. I'm good with computers, but maybe not enough to be a CS major. Basically I have no clue what the hell to do.

Well, that just meant I had a lot of learning to do. Basically, now I'm just on a rampage to learn as much as possible about everything computer-related. Maybe it doesn't have anything to do with my classes, but it's always nice to know random crap. That's where my blog begins. This I guess will be about all that "random crap" I find out and maybe even do stuff with.
Posted by No comments:
Labels: , ,
Subscribe to: Comments (Atom)