7385 MB of Free Storage, and counting....




Did You know that you could use a Gmail (Google Mail) account as an online mass storage?
No, I don't mean sending yourself 6000 emails in a row...
You can use it almost like an FTP , it's much easier than your 6000 emails!  here is how to:


First of all, you'll need a free Gmail account. Don't have one?   follow me ...
Second, even if you have, just create another one: easier, faster, bigger and safer ...
Done?
Ok, all you need now is a Firefox extension called Gspace, available here:  www.getgspace.com
The next time you'll open Firefox, go to "Tools" and click on the Gspace Tab
Follow the very simple instructions, and you'll be up and running in less than 1 minute.
Now you can use an extra 7400 MB of Storage ;-)  per account ;-))
You can share the account with a friend and upload / download large amount of data.
Plus, you'll read the FAQ and discover that you can create folders, view your pictures directly, create multiple accounts, upload, download, sideload and so on. 

Little side tips 

- Do NOT upload sensitive files, unless you are the king of cryptography.  It's safe but not under any warranty. Uploading your financial statement is NOT a good idea.  (You are on your own. Clear?)
- Do NOT transfer more than 1000MB per day or Google will freeze your account for 24 hrs (BTW, it's 1 GB of data and It is a lot)
- Max size per file is 19MB, (Google rules again). As you are smart you'll go around by Googling word such as "de-concatenation" or "deconcatenate"or the more colloquial "file splitter".
Can't find it? Try RAR Machine
If You are a Windows user, I would then (highly) recommend the very good WinRar from RarLab.
Last but not least: Don't forget that it is (Still) a mailbox. So If you set up Mail, Entourage, or Outlook to go fetch your mail on this account, it will.  Not only you'll upload the file, but as "mail", you'll download them to. Hence my advice to create a separate mailbox.



Little side notes 

As Gmail is a free service, they have set limits on the volume,  here are the "rules", straight from the source:
:It's likely that a normal Gmail users didn't notice that Gmail has a lot of limitations for sending messages. Here are some of them:
- 500 messages per day (i.e., you can hit 'Send' a maximum of 500 times)
- 500 unique recipients per message
- 2000 total emails per day (for example, you could send one message to a group of 500 people four times)

In addition to these limitations, "Google will temporarily disable your account if you send a message to more than 500 recipients or if you send a large number of undeliverable messages". According to the help center, you can only send a message to up to 100 people at a time if you use POP or IMAP.
Google explains that these restrictions were created to fight against spam and to prevent abuse:
If you want to hear it yourself : googlesystem.blogspot.com
I know, bummer!  But you can still create as many account as you want ....




Like this Article?  SHARE IT!!! 
Use the Re-Tweet button ☝
Know Something worthy of mentioning? Leave a comment and earn brownie points!



When launching Excel, Entourage, PowerPoint, Word, you have a message :
"Office for mac has determined that your product key is not valid"



Let me guess....this was probably right after you added the latest update ...
Microsoft Added this feature without informing anyone. You may have a valid School or University Licence, Still, MS would like you to buy it again ....

I knew that Office for Mac was a ClusterF*ck*, specially Excel but I am sometimes nostalgic too...I keep on looking at it..
So, here is how to fix your issue:

1) Time Machine*

Go back before the update, restore, et voila ! :-)
(I did a full restore of the /application/Office for Mac)
Save the latest v. of your .doc, .xls, .xlsx , etc files
Tip courtesy of Fran. Thank you Fran ;-)



 2 ) Manual
Removing Office 2008 License Files:
If your copy of Office 2008 was installed with an invalid product key, or if you mistakenly used the same product key to install Office 2008 on more than one computer, you must remove the invalid product key and enter a valid product key to use Office 2008.
1. In the Finder, select /Applications/Microsoft Office 2008/Office/OfficePID.plist, and then on the File menu, click Move to Trash.
2. Select /Users/username/Library/Preferences/Microsoft/Office 2008/Microsoft Office 2008 settings.plist, and then on the File menu, click Move to Trash.

-YOU WILL BE PROMPTED to RE-Enter your license, as used before the Update
 A Valid license key for Office 2008 looks like:

Please be aware that those two keys are given as "example" and you must NOT use them.
As they are valid, it would be illegal for you to use them, so, just don't use them.

W339P-JRCPB-XX8XD-YK49M-7DYCW
OR
FWCQQ-3XX2G-3CD89-4VRJK-CR4YD


3) Time Machine Again (simple)
This is an untested Solution
Restore files:
/Applications/Microsoft Office 2008/Office/OfficePID.plist
/Users/username/Library/Preferences/Microsoft/Office 2008/Microsoft Office 2008 settings.plist


Leave a comment if you have other solutions
Thanks
*Excel 2008 is extremely slow. Microsoft has received numerous complains about "stupid slow performances"
*Time Machine
If Time Machine is not set up on your Mac, this is a reminder: Time Machine WILL save your life.
Time Capsule: Apple just upgraded Time Capsule: for $299 , you have a 1 TeraByte backup disk AND an Airport Extreme base Station <<< good deal

Hire a Spy!






Works for: Mac / Windows / Linux / Ubuntu





It’s not funny to have your computer stolen, it even sucks BIG time.
Not only “they” take your belongings, but also they often go away with your memories and personal information.
A home insurance will only refund you cents on the dollar: Once the package was open, your precious laptop took a bad hit on the blue book; probably 30% the first day. A month after, your superb machine is obsolete and the value went down like a beer in the throat of a thirsty Irishman..
As for the rest …your precious pictures, emails, documents… bye-bye ..But most important, the thief may have access to bank accounts, Social Security Number, Credit Card information, and you know it’s were it is going to hurt really bad: Changing and securing all this information: Call the bank, Call the CC company, etc etc. In short: Good luck!

So, what can you do beside adding locks, alarms systems and hiring a bodyguard?

You could hire a spy!

For less than you will ever believe, you could hire a spy.
For how much? Well, between $49 and Free
Free is a very good price …So, read carefully, very carefully…
Multiple solutions exist: LoJack for computers ($$$) Mobile Me (via Back to my Mac), Undercover ($$) & Prey Project (Free)
In this post I will only look at Undercover & Prey, LoJack being a little expensive and Mobile Me having a serious stealth issue in my opinion. (a "Smile you're being filmed" would have been more discreet)








First, how is it working?


As soon as your laptop or desktop is missing (stolen or lost), go to the website of the respective company and declare your computer missing, lost or stolen.
This action will activate a software (it must be installed PRIOR to the activation) and this software will log the IP address used, take pictures, screenshots and sometime Keylogging and send all of that to either: an email address or create a report on a website
You’ll end up (with some chance) with at least, few pictures of the thief, screenshots and his IP address.
I have previously mentioned in this blog what was IP tracing and Keylogging, as well as webcam & microphone remote control.
The IP Address being a very easy way locate someone, even for noobs like the rest of us. For Law Enforcement Agency it's a joke: they'll get everything and even more.

Fee or Free?

Undercover being a (one time) fee service ($49), it has some features that Prey does not have, yet: Keylogging and a nifty simulation of hardware failure, furthermore, Undercover will contact the authorities for you and provides them with all the necessary information.
Prey is Free, but you are on your own and it does not have Keylogging capabilities, or Hardware failure simulation.

Both system have limitations, and there is no absolute guarantee that you will recover the stolen goods, but you have a much greater chance with them than without.
The Undercover Website explains all steps very well, and as I know you: let's move on to the free one: Prey

Be very careful, Prey is not easy to remove under Mac OS (and it should not be!)


Step by Step How to:
Go to the Preyproject website: http://preyproject.com/






Top left, select your language

Sign Up and Create an Account (email, pswd, etc)

Wait for the verification email, and activate your account

Create a Profile, up to 3 Devices. i.e 2 laptops, 1 desktop
Note carefully the API & Device number

Download Prey



Double click to Install












 

Select the Install option: Control Panel or Standalone






I would strongly suggest you
to use the Control Panel Option






Enter the general settings value, Timing and Language
Enter the API key and the Device Key (paste and copy from the website)
Important: Keep that for yourself! 














Now that Prey is installed, go back to the website, log in and go to "My Devices"

Select a Device 













Set up your Preferences:
Missing On/Off (by default is should be Off)
-But you are going to test it! Aren't you?
Auto update, Delay between executions, reports, etc
If your computer is not equipped with a built in webcam, the Webcam option is pretty much useless.

Action Module:
I would suggest to de-activate (Off) this option. A noisy pop-up appears and, in my humble opinion it has the only purpose of alerting the thief that something is happening.
I better have the chance to take few pictures of his face than letting him know that I am monitoring his activities.

Don't forget to UPDATE!




















 



Don't forget to UPDATE!

WARNING:

It may take up to 15 minutes the first time you activate Prey to receive a Report. Don't panic, be a little patient.

Depending on your screen size, the Screenshot can be large, hence it may take Prey some time to transmit the Screenshot and the picture. (which is smart: using all your bandwidth at once could alert the thief that something is fishy...)

I would also suggest to restart your computer after installing. It seems to me that it works better...
Pop Up Alert example:
The best way to signal the thief that he is being watched.
Please, de-activate this option. Stealth is King!










Prey in Surveillance Mode

 

What if:
-You go on vacation for few days and come back to find your home burglarized?
The Thief may have visited you few hours ago, or few days ago..
If the villains just did it, it's Ok. Activate Prey and wait ....
But if they did it a week ago, your laptop may have changed hands few times and was probably re-formatted.
A solution is to leave Prey on "Surveillance mode" : just de-activate the webcam & screenshot option, leave the Network logging & use the max interval for timing.
Prey will log every hour, but will not take pictures or screenshot.
If a thief pays you a visit, you'll have the 10 last IP.
When you realize the theft, then you can activate Prey on "Attack Mode": Pictures, Screenshot every 2 minutes ...
Here are the setting for a "Surveillance Mode"



 

WARNING II

Prey will not prevent the thief to access your data and files. if you have stored sensitive documents and files in your computer you should read the post about encrypting your sensitive data. Seriously.

WARNING III
Prey will not work if the thief:
- Does not use the internet OR if he is not in range of a wifi spot (also includes laptop OFF & al)
- Format the Hard Drive, or re-install OS (Prevent that with a Firmware Lock)
- Blind the webcam (no picture)
- Uninstall the program (Unix command by hand, no App is visible under Mac OS)

 In any case, you should test Prey and ensure that you have correctly installed it. 


Limitations:
No Keylogging: Too bad, with a Keylogger and some luck, a simple search on social networks and you'll have all the info you want.

IP Address:
Will only give you the location of the connecting server. If the thief connects from a relayed IP, you'll end up with the location of the main server. (try tracing the IP of an Apple store, you'll end up with AT&T in Kansas..)
You can trace back the IP using an IP Trace Route such as explained in this post . Nevertheless, even without the perfect location, you'll have enough information to contact a law enforcement agency. (Law enforcement in the US need a subpoena to request data from an Internet Provider.)
Bugs
Unfortunately, the green led of the webcam will go on when it takes a picture; It is the only visible sign that Prey is on. (other than digging deep into your Mac)

IP Tracing Example (from a Spammer using a corporate bot. yup! Mac and Cheese manufacturing companies are spamming you with enlargement pills)














Like this Article?  SHARE IT!!! 
Use the Re-Tweet button ☝
Know Something worthy of mentioning? Leave a comment and earn brownie points!







KisMAC Full Video Tutorial  WEP  &  WPA Key
Airport, Re-Injection & Bruteforce Attack


How to crack a WEP  &  WPA Key

The "new and improved" KisMAC tutorial, in HD con la musica  
This is, of course, for educational / auditing purpose only.
Read the Legal disclaimer before you use KisMAC.


How to crack WEP. How to crack WPA. How to Hack WEP. How to Hack WPA kismac snow leopard
Recover WEP key. Recover WPA key. Crack WEP Password. Crack WPA passwordHow To Crack A WiFi Network’s WEP Password Cracking WEP and WPA Wireless Networks Cracking WEP with Kismac




 How to secure your data, Rock Solid.  


-  You probably have a folder or a file somewhere containing sensitive data: passwords and login, few documents or scans of things that you want to keep private.

Keeping them accessible to all is not a safe solution, if your computer is gone AWOL, the “new” owner may have access to sensitive data.
If your Mac is protected by a Login password, please remember that it can be easily bypassed (Password reset via Unix command or by inserting the OS X CD )
Keeping your sensitive documents encrypted may prevent Id theft and protects you against unwanted access to files and folders on your Mac.

A solution to encrypt data in a very secure way is to create an Encrypted Disk Image
Encrypting just a file or a folder is not as safe as encrypting the whole image.
The “thief” will need to mount the entire disk to have access to it.
Here is How To, Step by Step

Go to "Applications" >>> "Utilities"

Select Disk Utility


- Select “New Image”
- Select your options
- Volume Name i.e MrWhite
- Select the size, i.e 100 Mb for documents should be plenty enough. Use more if you have pictures, scans or Videos.
- Select the encryption.
 I would suggest the 256-bit or 512-bit, the 128-bit is weaker
- Click Create 



Enter a password, or better, a Passphrase*.




UNCHECK “Remember password in my Keychain” otherwise, if the keychain is cracked you’ll be “SOL”
Please Note: If you forget this password you will not be able to retrieve it. If you have a tendency to forget them, use Keychain...
- Click "OK"

The Encrypted Disk image is now created. To access it, double click the Icon on your Desktop and enter your Passphrase.
The Disk will mount and you'll be able to use it as any disk or storage. Drag & drop your document, folders in it.

To close the Disk Image:
Either Log off
Right Click on the icon and choose "Eject"
or go to Finder, click on ⏏ and "Eject" disk

Passphrase

To generate a good Passphrase, use letters upper and lower case, add numbers and for the sake of yourself, use signs too. As a tip, you can hold the Shift key while typing a number. (1=! 2=@, etc )
If you have any doubts whatsoever why you need a strong and uncommon password, take a minute or two and read the very end of this post.
For the "Geek" of it, a password of 20 ch length, using upper & lower case, numbers and shift signs has 74 possibilities per character or 20^74 pos.
20 Ch length = 24,245,681,433,252,000 billions of billions possibilities. Enough to keep a someone busy for a very long time.

The Yahoo! / Msn / Google Password Heist. 
About 10 to 30,000 passwords, including email,  where put online, as a sample,  probably for someone to sell a much larger list. This list was "the proof" that they were valid.
it's estimated that the full list was well over 300,000 emails & passwords.
This heist was not made by "cracking the passwords, but simply by asking people. A Web page was promising that they could tell you who "blocked you" on MSN, you simply had to enter your email and... password.  Yes.. curiosity killed the cat! just like the famous "I love you" virus
The very interesting part, was in my eyes, the analysis of the passwords.
Often, people will use one for everything, including bank, credit cards, etc ...
The second interesting thing is, Passwords list exist , most used etc ...

I could not access the list on time, but the excellent Reusable Security Blog did
Here is his (Matt Weir) analysis about what you use

Total Passwords: 9,845 - This number excludes all the e-mail addresses that had blank passwords Average Password Length: 8.7 characters long
Percentage that contained an UPPERCASE letter: 7.2%
Percentage that contained a special, (aka !@#$), character: 5.2%
Percentage that contained a digit: 51.7%
Percentage that only contained lowercase letters: 43.3%
Percentage that only contained digits: 17.6%
Percentage the started with a digit, (aka '1password'): 25.0%
Percentage that ended with a digit, (aka 'password1'): 44.1%
Percentage that started with a special character: 0.5%   <<  Big hint here
Percentage that ended with a special character: 2.2%    <<  Here too ...
Percentage that started with an uppercase letter: 6.1%

Overall letter frequency analysis:
aeoi1r0ln2st9mc83765u4dbpghyvfkjAzEIOxRLwSNq.MTC_DB-UP*G@H/ZYF+VJK,\amp;amp;X!Q=W?'#")(%^][}< {`>
First character, letter frequency analysis:
a1mbc2sp0lterdjfgn3hi6k759vo48yAwMzBSCuqPLExJRTFDGNV*HOZYKI\W@/-+(.$U&?Q^[,#
Last character, letter frequency analysis:
aos01326e57849nrilydzmtuAhbO.gck*SxpfE@+LvjNRw_-I?/$q!ZX)YKH"UPMDCB#GF'&%}T,]\VJ(

As a repeat, the previous is from Matt Weir, from Reusable Security
So, it tells me that there are still a large number of people using password vulnerable to wordlist attacks.  Furthermore:
40% of users are using the same password for everything.
92.7% did not use an UPPERCASE
94.8% did not use a special character

And the best: Only contained digits: 17.6%
Average length 8.7 >> rounded to 9 Characters

For the 18% (of dummies) that only use digit:
Digit only = 10 possibility per Character
9Ch long = 10^9 = 1,000,000,000 possible combination
Realistic number of test before cracking: 50% (10^4.5)   Time to crack : 0,015 hour = Joke

For those 18%, Read this carefully:
"Neil O'Neil, a digital forensics investigator at secure payments firm The Logic Group, found that "123456" cropped up on the list 64 times. There were 18 uses of the second most popular password, "123456789",
Big surprise!!! Just like the ones mentioned in the 500 most used password.
the 500 most used passwords list is 4 or 5 yrs old, but it seems like it was brand new.

2005 list                     2009 list
password          123456 
12345678          123456789
1234              alejandra
pussy             111111 
12345             alejandro
dragon            tequiero
qwerty            12345678
696969            1234567
mustang           alberto




The snipet was probably listing a sampling from Spanish speaking account, but I'll really curious to see the full list

So, if I had to create a password list, guess what ..
First on the list would be 8 or 9 Ch long, all digit, then all lowercase, then adding a digit or 2 first, then adding a digit or 2 at last.
That list should cover about 80% of all passwords
That would be a big list of 7,518,774,324,736 possibilities, but it would cover 80% of the general public. Not bad.
So, GET A REAL PASSWORD! 

Update Nov 26, 2009
I just received an email from a (well educated) friend of mine.
The email had many known contacts in the "To" field, and was looking genuine. The body was "Is it you in this picture? You look like a goof!  Are you out of your mind?" and had link to a website.
Knowing the guy, it really looked like something he would send.






Just one thing ticked me: No signature. My friend normally use a signature with his name and contact.
Out of curiosity, I just did a quick Reverse IP Tracking, Result: Philadelphia.
Huh? the guy is in Boston.  Quick Google search and bam! This was an Attack site: 5 Browser exploits, Worms and keylogger
Grab the phone, and called him:
- Did you send me an email about me looking like a goof?
- Nope!
- Dude, I have bad news...
I explained to him the situation, and he told me that he had not been able to access his email all day long...
After 15 min explaining to him that his account had been hacked, he slipped out his password for me to try.
Guess what?  This well educated man was using a password ranked #10 in the most used password list.
The result was that it only took them few seconds to crack his account and that "they" accessed all previous emails, including the ones that you receive when you subscribe to a service, including bank, mortgage, etc.
Not only they were trying to scam his contact list too, but they had the time to dig deeper....
His bank called the next day: Are you trying to wire money to Ukraine?
What raised a red flag at the bank was that his password was changed on the bank website, and the money transfer was asked at 2:30 AM US time 
He spent a good portion of his day calling bank, mortgage company, and subscribing to a credit monitoring company.
He scanned his computer many times, but as of today, he does not sleep very tight at night and call his CC company once a day.
So, as a warning, for the third time:
Don't use a weak password, especially one listed as "most used"
Encrypt your sensitive data
If your Email system (Gmail, Yahoo, etc) is Webmail based, Delete & Erase sensitive Emails. Move them into the encrypted folder you have created.
Don't be a potential victim, do it now.  


Because it's raining and I am bored:
Why use a -serious- password

Let 's assume a cluster of 10,000 Macbook Pro, dual core etc, working all together for you (distributed work ):
A Mac Book Pro, on intensive use needs 263 Watt of power and generates 894 BTU/h output of heat
Cracking possibilities : up to 10,000,000 pswd /second/computer
If you do the math, you'll realize that cracking by brute force a 20 characters Full ASCII password will cost you up to 40 million dollars worth of electricity, create enough BTU to generate a heat wave the size of Texas and take you hundred of thousands of years.
You could hit the jackpot and find the pswd within minutes, but generally, it will take 50% of the maximum time possible to break a password.
This is the reason why Keyloggers, Phishing and Clickjacking were invented. That's were, in my opinion, where the real danger is ...




Leopard Password Reset OS X 10.5

This is not a Password Crack, it's a Login Password Reset. Leopard Only, Not Snow Leopard.

Login Password Reset:    - If you do not know what you are doing, don't do it ! -

At Boot, press and hold ⌘ + S (Command + S)
Wait few seconds, a command line will appear
Then type verbatim:
 fsck -fy
(wait, it will take few seconds)
mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
dscl . -passwd /Users/UserName newpassword


(The password is now reset, you can login)






Blogumulus / Blogmulus

Update:
Due to technical issues, Blogmulus was DOA for few months. It is now fixed :- )

Blogmulus Not Working:  Just apply the following corrections:
In the HTML code of the template, just replace the lines
http://halotemplates.s3.amazonaws.com/wp-cumulus-example/tagcloud.swf
by the line 
http://sites.google.com/site/bloggerustemplatus/code/tagcloud.swf

and the line 
http://halotemplates.s3.amazonaws.com/wp-cumulus-example/swfobject.js
by the line 
http://sites.google.com/site/bloggerustemplatus/code/swfobject.js



  Don't forget to check the box "Expand Widget Templates" and also, as always, save your template before any modification.

An Other REALLY cool thing for Blogger is here ... it's Cu3er


Q from Justin:
Hi, Can you please tell me how you do the Cloud tags on the right?, it’s really cool and I love it! 
Thanks! Justin


Here it is:
As you can see in the sidebar, it’s a navigation menu through the articles tag.
It makes them look like in a rotating cloud, and I find it very cool.

It needs sometimes a little “refresh” but other than that, it works very well under blogger and WP.
Blogmulus / Blogumus AKA label cloud or Tag cloud is the work of Amanda Fazini & Roy Tank, all credits belongs to them. You’ll find links at the end of this post.
I wish I was that good, but I am not…

How to create a tag cloud for your blog:

SAVE your actual template. If you encounter any issue, you’ll have a backup.
Login into the Blogger dashboard,
Go to “Layout”
Select “Edit HTML”
Select “Before editing….. save a copy of it. Download Full Template”
And SAVE!!!
Once Saved, Re-Save again. –just in case…

Check the Box “Expand Widget Templates”

Using the CTRL-F of your browser, locate the following code: <b:section class='sidebar' id='sidebar' preferred='yes'>

If you can not find the exact code, look for:  <b:section class='sidebar'

After this line paste the following code:

<b:widget id='Label99' locked='false' title='Labels' type='Label'>
<b:includable id='main'>
<b:if cond='data:title'>
<h2><data:title/></h2>
</b:if>
<div class='widget-content'>
<script src='http://sites.google.com/site/bloggerustemplatus/code/swfobject.js'
type='text/javascript'/>
<div id='flashcontent'>Blogumulus by <a href='http://www.roytanck.com/'>Roy Tanck</a> and <a
href='http://www.bloggerbuster.com'>Amanda Fazani</a></div>
<script type='text/javascript'>
var so = new SWFObject(http://sites.google.com/site/bloggerustemplatus/code/tagcloud.swf&quot;, &quot;tagcloud&quot;, &quot;240&quot;, &quot;300&quot;, &quot;7&quot;,
&quot;#ffffff&quot;);
// uncomment next line to enable transparency
//so.addParam(&quot;wmode&quot;, &quot;transparent&quot;);
so.addVariable(&quot;tcolor&quot;, &quot;0×333333&quot;);
so.addVariable(&quot;mode&quot;, &quot;tags&quot;);
so.addVariable(&quot;distr&quot;, &quot;true&quot;);
so.addVariable(&quot;tspeed&quot;, &quot;100&quot;);
so.addVariable(&quot;tagcloud&quot;, &quot;<tags><b:loop values='data:labels' var='label'><a
expr:href='data:label.url' style='12'><data:label.name/></a></b:loop></tags>&quot;);
so.addParam(&quot;allowScriptAccess&quot;, &quot;always&quot;);
so.write(&quot;flashcontent&quot;);
</script>
<b:include name='quickedit'/>
</div>
</b:includable>
</b:widget>

Click the preview button and check your blog. If you have an error, double check that you have all the lines correctly pasted.
If you see a widget but the cloud is “empty”, check if you have labels on your post.

Editing size, color & font:
Default values are:
*Width is set to 240px
* Height is set to 300px
* Background color is white

* Text color is grey
* Font size is 12
If you like it better wider, shorter, or want to change the color scheme, etc, you will need to do edit various parts of the code. Don’t worry, it’s easy!
Just remember to check the box “expand widgets” or the code may not appear.
Also, if you are using Blogspot editor, you may notice a small change in the code if you save your template. Don’t panic, it’s minimal: You’ll notice some added “&quot” compared to the original.

Original:
var so = new SWFObject(”http://sites.google.com/site/bloggerustemplatus/code/tagcloud.swf”, “tagcloud”, “240", “300", “7", “#ffffff”);
Blogspot editor:
var so = new SWFObject(http://sites.google.com/site/bloggerustemplatus/code/tagcloud.swf&quot;, &quot;tagcloud&quot;, &quot;255&quot;, &quot;290&quot;,

Editing width and height:

Width and height are in this line:
var so = new SWFObject(”http://sites.google.com/site/bloggerustemplatus/code/tagcloud.swf”, “tagcloud”, “240", “300", “7", “#ffffff”);

The value for width is 240 (in Red)
The value for height is 300 (in Blue)

Change the value to the desired size, don’t go too far as you blog settings may not accept a ten fold increase…

Change the values, but keep the quotes.
Example:
var so = new SWFObject(http://sites.google.com/site/bloggerustemplatus/code/tagcloud.swf&quot;, &quot;tagcloud&quot;, &quot;255&quot;, &quot;290&quot;,

Editing background & font color:
You can change the background color to any other color by altering the hexadecimal value in the same line: var so = ne….………..“tagcloud”, “240", “300", “7", “#ffffff”);

#fffffff is the color white.
If you do not know what color to use, you can check hexadecimal colors in BlogSpot under “Font and Colors” and play around.  Don’t forget to “Clear Edit” or you’ll change the color of you entire blog.

Editing Font size and Font Color
Font Color
Find the line: so.addVariable(&quot;tcolor&quot;, &quot;0×333333&quot;);
And change the value 0×333333
This time, do not add the hash tag # but keep the 0x
Example: You want Vermilion Red , the hex color is #cc0000
Just copy the cc0000 and add 0x before 0xcc0000 will make your text Red.










Font size:
Locate the line: var='label'><a expr:href='data:label.url' style='12'><data:label.name/></a></b:loop></tags>&quot;);
The value ‘12’ is your font size.

As you will, with time, add more labels, keep it not too big. A size 18 or 24 will cram everything.
Last but not least, you may have to hit the refresh button if nothing appears at the first view.
As a repeat, Blogmulus / Blogumus AKA label cloud or Tag cloud is the work of Amanda Fazini & Roy Tank. Hail to them: Amanda Fazini: www.bloggerbuster.com Roy Tank: www.roytanck.com



How to crack a WEP Key

This is, of course, for educational / auditing purpose only.
Read the Legal disclaimer before you use KisMAC. Especially if you are in Germany ;-)


How to crack WEP. How to crack WPA. How to Hack WEP. How to Hack WPA kismac snow leopard
Recover WEP key. Recover WPA key. Crack WEP Password. Crack WPA passwordHow To Crack A WiFi Network’s WEP Password Cracking WEP and WPA Wireless Networks Cracking WEP with Kismac



Resources, Wordlist,  Dictionary files


What injection device should I use?

-The list of “approved” hardware is here: http://trac.kismac-ng.org/wiki/HardwareList
I have tried the Edimax EW-7318 USg, Hawking HWUG1 & HWUG1A (about $40)
The KisMAC Team highly recommends the Alfa AWUS036H (about $50)
I am not really impressed by the sensitivity of the Hawking “as is”, you may want to consider a high gain antenna, or the Alfa Alfa AWUS036H for better results.
I’ll try the Hawking with a directional antenna and post results, if any.

Nota Bene:
KisMAC will try every word (from the list provided) to attempt to crack the key, hence it may take a lot of time....if you have a slow machine, be really patient.
I have a not so bad machine, and I run about 170 words per second. You can leave a comment with your config and speed for me to compare.
Mine: MacBook Pro 2.5GHz Intel Core 2 Duo + 4GB DDR2 SDRAM : about 170 Word/sec

Can you find listing or maps of available networks?
-Yes you can, check the Wigle Webpage http://wigle.net

How to uninstall Drivers ?
Your best shot at uninstalling drivers is to use the free App called "App Cleaner"

How to select a single channel?
Take a look at "Step B", the picture shows "all channel selected"
you just have to click on "none" and the check the single channel wanted
you can also use directly the tab "Channel"

I am a Super Geek, is there something more powerful than KisMAC?
Aircrack-ng (Reserved for Advanced User)
Wireshark is also a powerful one. You can use Wireshark to read PCAP Dump Files.
PCAP Dump files are useful for "counter attack" i.e. When someone is trying to penetrate your own network. (KisMAC will notify the console log)

Passwords List
Worst password list: Please, don't use them .....;-) they are often the first checked ....
http://aloah.free.fr/mactips/Wordlists.html
http://trac.kismac-ng.org/wiki/wordlists

List of Dictionary files or Wordlist / Wordlists

Sometimes called wordkey or word key (as per the results of your queries via Google Analytics
for WPA attack:
http://aloah.free.fr/mactips/Wordlists.html
http://trac.kismac-ng.org/wiki/wordlists
or you can compile your own.
I may suggest you to skip passwords of 1,2,3 & 4 characters, very few people use 3 ch passwords... A bruteforce attack will not take a long time on 3 ch....
WPA:
Minimum 8ch, so you can skip all pswd of less than 8 characters.

Note on dictionary files:
the words are tested "as is" and not in combination.
Example: the password is "I love Kismac"
If your dictionary contains the words "I" + "love" + "Kismac" it will NOT work, your dictionary must contain the exact "I love Kismac" as a word to successfully attempt to crack.

This is the only way to end with a successful attack is to use a dictionary containing the (exact) word(s).
Pure Brute Force attacks do NOT work with KisMAC (trying every single combination starting at "a" then "aa", "aaa", etc) You need to provide KisMAC with a dictionary file, format TXT, with an empty line at the end.

Passwords hints
A Dictionary attack uses a list of existing words. Often those lists are all lowercase or mixed, in English, and use "common" words
the more complex is your password, the greater is the chance that it will take a mind-boggling and un-human length of CPU time to try all the possible combination. (million of years)
If you use Kismac on a WPA attack, the only way to end with a successful attack is to use a dictionary containing the (exact) word.
Brute Force attacks do NOT work with KisMAC
As a possible target of WPA attack, "I", use stupid-strength passwords on full ASCII.
I do not use English words, or any common language, and I use lots of $igns and numbers.
So, how patient is the attacker?

Memotechnic tips
Instead of your "123456" dummy password you can use an HARD TO GUESS word and add numbers to it PLUS a second set of numbers while holding the "Shift" key
Example: the maiden name of your mom is Kismac, her Bday is 07 12 1962
you got a "07121962Kismac)&_!@_!(^@"
You just have a 20 Ch length password that you can easily retain.
As KisMac does not use pure Bruteforce to crack WPA, you are pretty safe with a password like this. finding such a word a in dictionary would be...surprising.
Be aware that you can find list of names, towns, zipcodes, etc . So, using "Smith" or "Boston" is not really foolproof

Even in the improbable case of a very, very tenacious "auditor", a 20 character full ASCII password (255 characters possibility) is up to 20^255 possibilities.
How big is 20^255?
well, that's: 1,351,461,283,755,590,000,000,000,000,000,000,000,000,000,000,000 possibilities
it's already stupid strong. Unless you are the NSA, it's probably out of your reach:

Update on Oct 6 2009.
You may have heard of the Yahoo! password heist.
10,000 passwords and emails listed on the web, plus another 30,000 accounts of Gmail and Comcast compromised.
According to serious sources, the list was a possible snippet of 250,000 email and password for resale.
Email? not a big deal, huh? who cares? they just need to go to your online banking, and reset the password. They will get the message. You won't ....
I could not access the list on time, but the excellent Reusable Security Blog did
Here is his (Matt Weir) analysis about what you use

So on to the analysis:
Total Passwords: 9,845 - This number excludes all the e-mail addresses that had blank passwords

    Average Password Length: 8.7 characters long
    Percentage that contained an UPPERCASE letter: 7.2%
    Percentage that contained a special, (aka !@#$), character: 5.2%
    Percentage that contained a digit: 51.7%
    Percentage that only contained lowercase letters: 43.3%
    Percentage that only contained digits: 17.6%
    Percentage the started with a digit, (aka '1password'): 25.0%
    Percentage that ended with a digit, (aka 'password1'): 44.1%
    Percentage that started with a special character: 0.5%  << Big hint here
    Percentage that ended with a special character: 2.2%  << here too ...
    Percentage that started with an uppercase letter: 6.1%
    Overall letter frequency analysis:
    aeoi1r0ln2st9mc83765u4dbpghyvfkjAzEIOxRLwSNq.MTC_DB-UP*G@H/ZYF+VJK,\amp;amp;X!Q=W?'#")(%^][}< {`>

    First character, letter frequency analysis:
    a1mbc2sp0lterdjfgn3hi6k759vo48yAwMzBSCuqPLExJRTFDGNV*HOZYKI\W@/-+(.$U&?Q^[,#

    Last character, letter frequency analysis:
    aos01326e57849nrilydzmtuAhbO.gck*SxpfE@+LvjNRw_-I?/$q!ZX)YKH"UPMDCB#GF'&%}T,]\VJ(
    As a repeat, the previous is from Matt Weir, from Reusable Security

    So, it tells me that there are still a large number of people using password vulnerable to dictionary attacks.
    Furthermore:
    40% of users are using the same password for everything.
    92.7% did not use an UPPERCASE
    94.8% did not use a special character
    and the best: Only contained digits: 17.6%
    Average length 8.7 >> rounded to 9 Characters
    For the 18% (of dummies) that only use digit:
    Digit only = 10 possibility per Ch. 9Ch long = 10^9 = 1,000,000,000 possible combination
    Realistic number of test before cracking: 50% (10^4.5)
    Time to crack : 0,015 hour = Joke
    For those 18%, Read this carefully:
    "Neil O'Neil, a digital forensics investigator at secure payments firm The Logic Group, found that "123456" cropped up on the list 64 times. There were 18 uses of the second most popular password, "123456789",
    Big surprise!!! Just like the ones mentioned in the 500 most used password. Can you guess what was the #3 and 4#? probably 1234567 and 12345678.
    the 500 most used passwords list is 4 or 5 yrs old, but it seems like it was brand new.
    #1 to #10: 123456,password, 12345678,1234, pussy , 12345, dragon , qwerty , 696969, mustang

    So, if I had to create a password list, guess what ..

    First on the list would be 8 or 9 Ch long, all digit, then all lowercase, then adding a digit or 2 first, then adding a digit or 2 at last.
    That list It should cover about 80% of all password.
    That would be a big list of 7,518,774,324,736 possibilities, but it would cover 80% of the general public. Not bad.
    So, GET A REAL PASSWORD!

    Because it's raining and I am bored:
    Why use a -serious- password

    Let 's assume a cluster of 10,000 Macbook Pro, dual core etc, working all together for you (distributed):
    A Mac Book Pro, on intensive uses 263 Watt and generates 894 BTU/h output of heat
    Cracking possibilities : up to 10,000,000 pswd /second/computer
    If you do the math, you'll realize that cracking by brute force a 20 characters Full ASCII password will cost you up to 40 million dollars worth of electricity, create enough BTU to generate a heat wave the size of Texas and take you hundred of thousands of years.
    You could hit the jackpot and find the pswd within minutes, but generally, it will take 50% of the maximum time possible to break a password
    This is the reason why Keyloggers, Phishing and Clickjacking were invented. That's were, in my opinion, where the real danger is ...

    Kismac for Windows
    I am not aware of a Windows version of KisMAC (KisDOWS???) , nevertheless, you can Google NetStumbler, Aircrack, Airsnort, etc..
    To the best of my knowledge, NetStumbler does not have cracking capabilities, nor the capabilities to uncloak hidden or deauthenticate networks.
    If you want serious power, you'll need to forget about Windows (breaking news, huh?) and move on to Linux with Aircrack-ng
    If you download a (working) version of KisMAC for Windows, please let me know.
    If you download one, especialy from a torrent, I am suggesting you to be VERY careful and scan the file left, right up and down for viruses or malware. ( hint )



    The Find Engine

    You know how to use Google, huh?   You type something and it searches for you? Correct?
    So you must be familiar with this one:

    -inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3)"endless summer"

    It's a query, just like when you type something in the search bar, this one is just (a little bit) more..complete.
    Let's start with the beginning:
    If you are looking for music to download (legally, of course) you may type the title of the song, i.e. Endless Summer.
    The result is 12.600.000 answers .... a bit too much for my taste.
    The solution is to use qualifiers and terms to refine your search up to the point that you'll find what YOU want in few seconds.
    The goal is to ask a question in such a way that you'll transform Google from Search Engine to a Find Engine.
    Believe me on that one: You do not want to Search, You want to FIND !
    Let's start... 12.600.000 answers.  The brackets [ ] are used for clarity, don't use them in a query

    Minus Sign -
    The minus sign remove word(s) from a search
    [ Endless Summer -film ] will remove all search with the word "film"  12.100.000 answers, 500,000 removed ;-)

    Plus Sign +
    In that case, you'll add a parameter.
    [ Endless Summer +mp3 -film ] will look for "mp3" and remove "film"  526.000 answers, 12.080.000 removed :-))

    You can add as many +&- as you want:  +mp3 +free -film -wma etc etc

    Quote signs " "
    Quote signs will allow to search exactly what is entered in the quotes, and in the order written.
    [ "Endless summer" +mp3 -film ] will not return anything else than -verbatim- "Endless summer".  No Donna Summer, or summer endless,  etc..
    This is very useful to research a definite sentence, or a person. 

    Tilde sign ~
    Placed before a word, the tilde sign will allow search for synonyms i.e. [ ~food ]  will search for food but also for related words:  restaurant, cooking, etc .. this is an EXPANDER (more results)

    Getting serious: Qualifiers

    inurl:  Use this qualifier to restrict the search  to pages or documents containing the search word specified in the page's url:
    intitle: Use this search qualifier to specify that the search take place in only those words  that came from a web page's title field. 
    cache:  This qualifier returns the most recent copy of the page that Google has stored and used for its indexing.  
    site:  Use this qualifier to restrict the results to a given site. For example site: [ www.apple.com "Quicktime" +download ] will take you straight to the right one. no fuss
    File Format:
    By defaut, Google searches for your specification coming from any number of different file formats, including, of course, html.  However, here are other file formats that you can choose, specifically, to have Google search for: Adobe PDF (pdt), Adobe Postscript (ps), Microsoft Word (doc),  Microsoft Excel (xls), Microsoft Powerpoint (ppt), Rich Text Format (rtf)
    If you are looking for a paper, site: + file format: + quotes  allows you to find a school paper in seconds.

    So, let's go back to our search, this time with the translation in plain English

    -inurl:(htm|html|php)  is not a webpage in HTML, HTM or PHP
     intitle:  has in the title (not the URL, the TITLE!) the following:  "index of" +"last modified" +"parent directory" +description +size
     +(wma|mp3) and has the format wma and/or mp3
    "endless summer" and contains the exact words "Endless Summer"
    You can go further and request a full title "endless summer.mp3" [ -inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3)"endless summer.mp3" ]


    So, enter the query and you'll find exactly this Google page and this exact song
    and much more.  :-)
    Not 12.600.000 answers to scroll, just 5. By Googling to the max, you have refined your search by a factor of 2.520.000  Stop searching, start finding! Get the right one in 2 sec.

    If you are looking for pictures, replace wma|mp3 by (jpg|png|tiff) , mov, mpg, flv, etc for video.
    It works also very well with the qualifier "cache" to find things that were deleted..;-)
    Now you can probably divide by a 1000 the number of results and refine your query to the max.
    Google can also give you straight answers:
    if you are looking for conversion, i.e. how many Milliliters in a ounce or do some math, you can ask.
    Try the following in the search bar or click the link:
    [ Define: CPU ]
    [ 1 gallon in centiliter ]
    [ 100 USD in EUR ]

    Now that you start grasping the possibilities, how about controlling a remote webcam with Google? 
    Try that [ inurl:"/view/index.shtml" ]  and you'll also get the IP to localize the webcam.


    Warning Note: 
    When using the -inurl, you'll probably may stumble upon websites dedicated to some type of not-so-legal activities. Be very aware that some of them are honey traps and have the sole goal to scam you. This is especially true when you search for "hot" subject such as new movies, softwares, etc. 
    I would highly suggest you to use the maximum caution, as well as the use of (free) services such as Web of Trust.  Also, set your browser on "alert" mode (see Firefox >>preferences>>security)

    Side Notes:
    Punctuation is ignored by Google, as well as case
    Google Stop Words
    The following words are ignored (too common)
    a, at, in, that, when, about, be, is, the, where, an, by, it, this, which, and, for, of, to, who, are, from, on, was, will, as, I, or, what, with,
    To Force a Stop Word, include it within quotes.  i.e  [ "Who is about to be" ]  only contains Stop Words but the quotes forces Google to research the exact sentence in the exact order.

    I am borderline geek, but not enough to be a nerd.
    Just like you, one day, I had to start and learn.
    So, jump in. Bring your Mac along, we are going to play a little and have some fun.  There is no need to worry, I won't send a report card.
    After all, the only risk for you is to learn a little something, those little tricks that will make your life easier or make you better are what you do. Jump in!
    Mac OS X is a fantastic OS and a lot of features are really cool or helpful and will make your life a breeze ...
    I hope you'll enjoy it as much as I do.    

    A bit of history:
    I started playing with computers a long time ago. For you kiddos, my first computer had less memory & colors than a $2 Walmart watch of today. It was a  Thompson MO5. No CD (not invented yet), No USB (ditto), No 3 1/2 floppy, 5 1/4 Floppy were top notch and expensive material;  Prog were saved on a tape. Yup!, the same type that you'll find in an antic store or in your grandpa 1981 Oldsmobile: Compact Cassette.
    Colors? Ohhh Yes, 16 colors and an amazing definition of 320x200 pixels. Each pixel was so big that you could land an helicopter on it.
    32 KO memory (Thirty-Two Kilo Octet) powered by an amazing Motorola CPU at one Mhz (that's 3000 times slower than the last iMac). With the Cassette Tape, it was between 15 to 20 minutes to find and load a prog (in Basic, please)
    I used to type those prog by hand. To send one to a friend was very simple: As modems where almost science fiction, and the word "internet" was unknown, we had to find a system to send "huge" amount of data: Trip to the post office and send few tapes. A week later, you were up and running ....
    If sold today, its price would be about $1,000 (Inflation corrected)
    My first "pro" one was a HP Vectra, 80386 at 12Gh and 20 Meg hard drive, MS-DOS 3 and a 13" screen the size of a Thanksgiving rated oven.
    So, now that you have smiled , or barfed, quit whining and enjoy your little  Dual or Quad core monster...  Let's make him sweat a little ....

    For the Geek of it: Internet

    The Last U2 Concert (at the Rose Bowl) on Youtube was a live Worldwide Live Streaming Event and about 10 Million people watched live:
    Streaming, Regular Quality is about 135 KB/S, HD is 340 KB/S
    Concert Time: 2:21:22
    Bandwidth needed live: 1,350,000,000 KB/S or 1,350,000 MB per sec.
    That's more internet per second then the entire internet in 1980,1981 & 1982 combined
    If you watched it in HD, that's 340 KB/S: Bump up the Bandwidth to 3,4 Million MB/S or in layman's terms: Your 500 GB Hard Drive every 0.00014 sec.

    Let's meet again in 10 years when the average home connection should be at few GigaBytes per sec. 





     


     Warning! Your PC is at risk of virus and malware attack
     Your System requires immediate check!
     System Security will perform a quick and free scan of your PC for viruses and malicious programs

      Do Not click on "OK"









     You are probably looking for the answer of the following questions:

     "Is It a Real Antivirus?"   << NO!    Trojan FakeSmoke

    "How do I stop this warning from popping up at every start of Firefox"

    1)  Force Quit Firefox:   >> Force Quit >>  Firefox   or shortcut Command+Option+Escape
    2)  Don't restart Firefox or it will pop up again
    3)  You need to trash the file(s) session.js and session.bak in the FireFox Profile folder.
          As you Force Quit'd FireFox, those file will remember your last session and return to that page.

     The files are situated EITHER in :

    Macintosh HD/Users/<username>/Library/Application Support/Firefox/Profiles/<profile folder>
       OR
    Macintosh HD/Users/<username>/Library/Mozilla/Firefox/Profiles/<profile




       
    "username" being the name given to the account   i.e  "JimSmith"
     The files should be named "session.js" and "session.bak"
     Trash the files, but DO NOT empty the Trash until you have verified that you have deleted the right ones.







    Restart FireFox  and verify that the Pop Up does not appear anymore.
     Fixed? Ok....

    - Yes, it's a malware or a scam. It will try to make you pay for a fake Antivirus, and probably Hack something on your computer. (beside Hacking your credit card)
    - Does it affect your Mac if you clicked Ok?  I don't know...I did not tried. Seems to be PC.
    - In order to avoid a repeat: You can Ban the website [nwwage.com] using an Add-On Called BlockSite.
    The Website,  IP 213.155.22.194  is Hosted in Odessa, Ukraine. The Owner as per the Whois, Is Registered in Florida.  Whois    http://www.ip-adress.com/whois/213.155.22.194
    Using multiple alias for the Website ,
     2009-10-31|malwareurl_Directs to Trojan FakeSmoke| 213.155.22.193|

     As a reminder: 
     Always have on hand more than one Browser: This attack blocked your ability to search for help.   (Opera is the less likely to be targeted)
     Also, Avast For Mac exist. And it's free. -Just in case .....










    top