Put your passwords in your pocket and take them everywhere you go

My own personal favorite password manager, Password Safe, isn't officially portable. But in practice, it sort of is.

After you install Password Safe onto a computer, you can drag and drop the program folder onto a flash drive and safely remove the drive. Then you can connect it to another Windows PC and launch Password Safe. You'll want to keep your password database file on the flash drive too, of course.

But this doesn't work perfectly. It has two flaws, neither of them serious.

First, when you launch Password Safe from the flash drive and browse to open a password database file, the program will default to your Documents folder. You'll have to navigate drives and folders to get to the file, which will be on the flash drive.

Second, when you close the program, it leaves an icon running in the notification area. You must right-click that icon and exit the program before Windows will allow you to safely remove the flash drive.

You can find unofficial portable versions of Password Safe around the Internet. I've tried a couple, and they both had these same two problems.

Password Safe isn't the only option. The popularKeepass program is available in a portable version, which lacks Password Safe's portable annoyances.

Another option: If you have a smartphone or a tablet, both Password Safe and Keepass are available as Android and iOS apps.

Source

Read More

Three cool ways to tweak File Explorer in Windows 8

Microsoft may have bungled a few things with Windows 8 (snark reply: "Just a few?!"), but File Explorer isn't one of them.

For one thing, the file manager finally earned a home on the Taskbar (even if you have to switch to the desktop to find it). Even better, Microsoft endowed it with the now-familiar Ribbon interface, making for much easier navigation of your files (and Explorer itself).

However, I think it could be even better with a little tweaking. Here are three simple changes you can make to improve the File Explorer experience:

1. Customize the Quick Access Toolbar. See those tiny icons in the upper-left corner of the File Explorer window? Click the even tinier arrow next to them for a list of additional functions you can enable. Why add, say, a Delete icon when Explorer already has one? Because the latter appears only when you're viewing the Home tab. Put it on the Toolbar, however, and it's always just a click away.

2. Show all your folders. In an effort to keep things compact, Explorer shows an abbreviated list of your folders in the lefthand navigation pane. I'd rather see everything, which is possible by clicking the View tab, then the Navigation pane icon. Now simply clickShow all folders.

3. Improve your view. I find that very few users ever monkey with Explorer's default view for files, even though it's often very valuable to do so. Thankfully, Explorer now gives you a preview of what each view will look like, a huge boon to users who might get confused by a sudden change. Just click the View tab, then mouse over the various options in the Layout section: Extra large icons, List, Details, etc. In the file area you'll immediately see how that view would look. Like what you see? Click the setting to implement it.

Source

Read More

How to safely remove a USB drive even when Windows says it isn't safe to do so

Windows' built-in solution usually works: Click the Safely Remove Hardware icon in the notification area (aka the system tray or the systray) and select the drive. When you get the "Safe To Remove Hardware" message, it's safe to remove the hardware.

But sometimes, "usually" isn't good enough, and Windows instead tells you that "This device is currently in use."

But Windows won't tell you what's using the device. Without that information, it's tough to know how to fix the problem.

Guessing makes a good start. Close all of your Windows Explorer windows, along with any programs that might be holding onto a file from the drive. Then try the Safely Remove Hardware icon again.

If that doesn't work, you can simply shut down your computer--not hibernate it or put it in sleep mode--but shut it down completely. That always works, but it takes time and interrupts your workflow.

In the original forum discussion, Flashorn offered an improved variation: Log off, log on, and try again. It's faster than a full shutdown and reboot, and it will probably close whatever process is causing the problem. But it still takes time.

Which is why I prefer Unlocker. Intended to help you free up files that Windows won't let you delete, it can also help free external drives. Unlocker doesn't cost anything, although you're encouraged to make a $5 donation.

Download and install the program. Then, the next time Windows tells you that a "device is currently in use," right-click the drive and select Unlocker. The program will tell you what process or processes are causing the problem.

It will also offer solutions. It can kill the process(es), but that can make Windows unstable. It can also try to unlock the files from one or all processes without killing them.

My favorite solution isn't on the Unlocker menu. Once you know what process is causing the problem, you can usually figure out what application you need to close--they generally have the same name. So you just close that program manually, saving all appropriate files, then use the Safely Remove Hardware icon again.

Source

Read More

Here's what an eavesdropper sees when you use an unsecured Wi-Fi hotspot

You’ve probably read at least one story with warnings about using unsecure public Wi-Fi hotspots, so you know that eavesdroppers can capture information traveling over those networks. But nothing gets the point across as effectively as seeing the snooping in action. So I parked myself at my local coffee shop the other day to soak up the airwaves and see what I could see.

My intent wasn't to hack anyone's computer or device—that's illegal—but just to listen. It’s similar to listening in on someone’s CB or walkie-talkie radio conversation. Like CBs and walkie-talkies, Wi-Fi networks operate on public airwaves that anyone nearby can tune into.

As you'll see, it’s relatively easy to capture sensitive communication at the vast majority of public hotspots—locations like cafes, restaurants, airports, hotels, and other public places. You can snag emails, passwords, and unencrypted instant messages, and you can hijack unsecured logins to popular websites. Fortunately, ways exist to protect your online activity while you’re out-and-about with your laptop, tablet, and other Wi-Fi gadgets. I'll touch on those, too.

Capturing webpages

I opened my laptop at the coffee shop and began capturing Wi-Fi signals, technically called 802.11 packets, with the help of a free trial of a wireless network analyzer. The packets appeared on screen in real time as they were captured—much more quickly than I could read them—so I stopped capturing after a few minutes to analyze what I had vacuumed up. Note: You can click on any of these screenshots to view larger versions that are easier to read.

My own website, captured via the hotspot packets and reassembled for viewing.

I first searched for packets containing HTML code, to see which websites other hotspot users were browsing. While I did see activity from other patrons, I didn’t capture anything interesting, so I visited my own website—www.egeier.com—on my smartphone.

This is a copy of the email I sent (and subsequently received) using my smartphone connected to the hotspot.

The raw packets with HTML code looked like gibberish, but as you can see above, the trial network analyzer I used reassembled the packets and displayed them as a regular webpage view. The formatting was slightly off and some of the images were missing, but plenty of information still came through.

I didn’t find anyone else sending or receiving emails during my visit, but I did discover the test messages I sent and received via my smartphone while it was connected to the hotspot. Since I use an app to connect to my email service via POP3 without encryption, you could have seen my login credentials along with the message (I've blurred the username and password in the screenshot).

This is all the information someone would need to configure their email client to use my account and start receiving my emails. They might also be able to send emails from my account.

And these are the packets that went over the network when I sent an instant message using Yahoo Instant Messenger.

I also used Yahoo Messenger to send a message while I was capturing Wi-Fi signals. Sure enough, the tool plucked that information out of the air, too. You should never use an unencrypted instant-messaging service with any expectation of privacy.

Capturing FTP login credentials

If you still use FTP (File Transfer Protocol) to download, upload, or share files, you should avoid connecting to them over unsecured hotspots. Most FTP servers use unencrypted connections, so both login credentials and content are sent in plain text, where any eavesdropper can easily capture them.

These captured packets reveal the username and password securing my FTP server (I've blurred them in this screenshot).

While using my laptop to connect to my own Web server’s FTP server, I was able to capture the packets containing my login ID and password—details that would have enabled any nearby eavesdropper to to gain unfettered access to my websites.

Hijacking accounts

Computers aren’t the only devices susceptible to eavesdropping. I also ran an app called DroidSheep on my spare rooted Android smartphone. This app can be used to gain access to private accounts on popular Web services, such as Gmail, LinkedIn, Yahoo, and Facebook.

DroidSheep looks for and lists any unsecure logins to popular websites. While it doesn’t capture the passwords to those sites, it can exploit a vulnerability that allows you to open the site using another person’s current session, giving you full access to their account in the process.

As you can see from the screenshot below, DroidSheep detected Google, LinkedIn, and Yahoo logins from other people who were connected to the hotspot, as well as the Facebook login I made on my other smartphone.

DroidSheep detected other users' log-ins, which means those accounts were vulnerable to hijacking.

.

I couldn’t legally access other people’s logins, of course, but I did open my own Facebook login.

Using DroidSheep, I was able to access my own Facebook page without providing a user ID or password. I could have done the same with any other patron's accounts if they were logged in.

Once I’d done that, I could magically access my Facebook account on that rooted Android phone (see the screen at lower right) without ever providing my username or password from that device.

How to use Wi-Fi hotspots securely

Now that you’ve seen just how easy it is for someone to eavesdrop on your Wi-Fi, here's how you can use a public hotspot with some degree of security:

• Every time you log in to a website, make sure that your connection is encrypted. The URL address should start with https instead of http.
• You also need to make sure that the connection stays encrypted for all of your online session. Some websites, including Facebook, will encrypt your log-in and then return you to an unsecured session—leaving you vulnerable to hijacking, as discussed earlier.
• Many sites give you the option of encrypting your entire session. You can do this with Facebook by enabling Secure Browsing in the Security settings.
• When you check your email, try to login via the Web browser and ensure that your connection is encrypted (again, look for https at the beginning of the URL). If you use an email client such as Outlook, make sure your POP3 or IMAP and SMTP accounts are configured with encryption turned on.
• Never use FTP or other services that aren’t encrypted.
• To encrypt your Web browsing and all other online activity, use a VPN, or virtual private network (this article will show you how).
• Keep in mind that private networks have similar vulnerabilities: Anyone nearby can eavesdrop on the network. Enabling WPA or WPA2 security will encrypt the Wi-Fi traffic, obscuring the actual communications, but anyone who also has that password will be able to snoop on the packets traveling over the network. This is particularly important for small businesses that don’t use the enterprise (802.1X) mode of WPA or WPA2 security that prevents user-to-user eavesdropping.

Source

Read More