How To Make Windows More Secure Against Buffer Overflows

Bit protectionI recently found a great tutorial on how to make Windows Vista and XP more secure. By default Windows Vista and Windows XP SP2 or above have measures to prevent buffer overflows and memory corruption. Data Execution Prevention (DEP) is one of these measures Microsoft implemented. The problem with DEP is that you need to configure it right. The video I found takes you through the process of configuring it right both for Windows Vista and XP.

Here is the tutorial. It is really worth taking a look at.

I hope you find it helpful

Bypassing BIOS password protection

Securing your own computer is very important and most people rely on BIOS passwords to protect their computer. But this is a huge mistake since anyone with a little bit of knowledge is able to bypass it easily.

Bypassing BIOS password protected computers

Most BIOS chips have built-in master passwords or hidden routes which enable you to bypass the password protection in case you lost or forgot your password.

Master passwords
There are several web sites that list all the BIOS master passwords, here is one of them. You can also just google “BIOS master password list” and you will find tons of lists.

It is not guaranteed that these master passwords work because of the different BIOS chips but there is a pretty good chance that they will.

Bypassing it the other way
You can also bypass it if you are already running Windows( I acutally don’t recommend doing this since it can be harmful to your BIOS, only use it if you know what you are doing). Open the command prompt cmd.exe . There enter:
Debug [Enter]
o 70 17 [Enter]
o 71 17 [Enter]
q [Enter]

This will restart the computer.

Firewall guide

In today’s world it is important for every internet user to have a personal firewall. Even if you have a firewall it does not mean that you are well-protected, e.g. if you are constantly browsing to insecure web sites even the best firewall is not going to be able to protect you.

What do firewalls do?
A firewall is there to protect your computer from unauthorized access, on a very simple scale. It looks at the traffic that passes through it and decides whether to deny or permit it. That is why it is extremely important to configure your firewall right, otherwise it will not be able to protect you.

Free firewalls
There are several good free personal firewalls out there:

I personally recommend Comodo’s and ZoneAlarms’ firewall since I’ve been using them for a while. Take a look at them and see which fits best for you.

How to test your firewall?
Testing is important especially for firewalls to see whether you can rely on them. On Pc Flank’s web site there is actually a program you can download that tests your firewall configuration. Furthermore they post information about which of the well known firewalls have passed their test.

Another program at which you might want to take a look at is Gibson Research Corporation’s LeakTest. It basically does the same as the program mentioned above. Try running both and see if they find different problems.

Want to know more?
Here are some sources I stumbled upon which you might find helpful:

In the end, if you really want to secure you have to do more than getting a better firewall. I am soon going to cover more ways to make your system even more secure.

Google hacking – use Google to find passwords, usernames …

Google now a days is the most popular search engine there is on the internet. This is because it is so good at what it is doing. Because of that you can use it to find sensitive information. Google hacking is therefore nothing else than using complex Google queries to find information related to computer security.

Use Google to find what you are looking for
There are several tricks you have to know to use Google to find sensitive information. First take a look at the Google operators and the cheatsheet. There are the several operators described which you can use to form complex queries.

Important operators

  • filetype — is used to specify what kind of file the acessed file should be, e.g. filetype:php returns only php files
  • inurl — defines what should be included in the url of the accessed site, e.g. inurl:edu returns all pages that have edu in their url
  • intitle — defines what should be included in the title of the accessed site, e.g. intitle:”index of” returns all sites that have “index of” in their title

These are the operators you will often use, so get familiar with them. Play around a little bit, e.g. try: icq filetype:log and see what Google returns.

Google Hacking Database
Johnny Long, the person who made Google hacking famous, has a database on its website. Take a look at it. There are hundreds of queries which you can use to find relevant information.

Please do not abuse this and cause harm in any way, this article was written to make you understand what kind of security breaches are out there and therefore be able to fix them.

I hope this was helpful.

Bookmark and Share