Unable to disable/stop sharing of a drive. The drive got administratively shared after setup of a Wireless Network.

Symptoms

1. While playing around Windows XP system, user created a Wireless Network 'f' using "Setup Wireless Network Wizard" and set a SSID and WEP/WPA.

The created wireless network 'f' is not visible, in preferred network. (It has been already deleted)

2. A Windows drive got administratively Shared during the setup process:

3. Now, when user is unable to permanently stop sharing/disable sharing. When user tries to stop/disable the sharing Windows flashes following message :

So, how to disable/stop sharing of the drive permanently?

Solution

Open regedit (Registry Edit tool), and go to registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

and set registry-key "AutoShareWks "=dword:00000000.

If key 'AutoShareWks' is not present in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, then right click in the right pane of the regedit and create this key of type DWORD and set it to 0.

Restart the Windows XP, sharing of the drive should stop.

Unable to delete a registry key in Windows 7 even as Administrator? Getting error "Access denied.." or "cannot delete… .Error while deleting key."

Symptoms

1.     User is log-in to Windows 7, and windows account is having administrative privileges. When user opens windows regedit (C:\windows\regedit.exe) or regedt32  by Run As Administrator and try to delete some registry keys, a error message pops-up, saying “Access denied.." or "cannot delete… .Error while deleting key.":

On selecting Yes, a error message pops-up:

2.     When trying to assign Permissions, Full Control  or trying to add an user using Advanced options, it gets error “Access Denied” :

3.     User has tried to activate the default Administrator account on Windows 7, using following command at cmd.exe (Run as Administrator):

net user administrator /active:yes

But, the Administrator account is also facing the same errors.

Solution

A simple solution is, download free utility PsExec from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Open cmd.exe (Run as Administrator), and type following command to get Full Control of registry:

Now, user should have Full Control of registry and the registry keys can be deleted easily. The PsExec tool should be used carefully, it is a system utility.

What is DroidSheep? How to protect against DroidSheep attacks? What is session hijacking attack?

DroidSheep is an Android App, very similar in functionality to FireSheep, which is a FireFox extension developed by Eric Butler for the Firefox web browser, and is used for doing session hijacking attacks over the Wi-Fi hotspots that the laptop is connected to.

DroidSheep is used for session hijacking over the Wi-Fi hotspots that the mobile is connected to.

Picture given below shows the Menu of the DroidSheep:

So, DroidSheep is used in session hijacking attacks. But, what is session hijacking attack?

When we use our Internet Browser (Internet Explorer, FireFox, and Opera) or ay web application to browse or access our profile/user-account on websites such as Facebook, Amazon, Linkedin, Twitter, Flickr, DropBox etc., these websites usually ask to enter the credentials (username and password) in order to verify our identity. Generally, at the time of authentication/verification encrypted-HTTPS protocol is used and after this plain HTTP takes over to avoid performance issues.

Since HTTP is a stateless protocol, it treats each HTTP request (Web-Page request) as an independent web-page-request that is unrelated to any previous request.  In order to remember a user, the website’s web-server sends a cookie (a text message) to the browser. The cookie is then sent back to the web-server each time the browser requests a page from the web-server. In this way the web-server identifies users.

To maintain access control on user profile/user account a website’s web-server should ask for credentials (username and password) before giving access to users. To avoid entering the credentials at every web-page-request, the web-server adds a session-token or session-ID with the cookies. Now, this Session-ID is sent with any subsequent HTTP request.

The software involved in Session-jacking, sniffs/reads/monitors packets sent over a Wi-Fi hotspot or a wired network. To do so it puts its network adapter in promiscuous-mode and uses libpcap or Pcap packet libraries. When it gets session-ID or session-token of an authenticated/verified user on the same network, it just replays the packets to the web-server; the web-server thinks that the system running the session-hijacking software is the user identified by this ID or token. It allows the attacker to impersonate the victim user, even if the password itself is not compromised. The attacker can start browsing the profiles/accounts of the victim user.

DroidSheep has got one more feature which allow it to do the ARP-Spoofing attack for WPA protected Wi-Fi hotspots. ARP spoofing is a form of Man In The Middle (MITM) attack in which attacker sends spoofed/fake, ARP messages onto a LAN or WLAN (Wi-Fi hotspot) and associate its  identity (MAC address with the IP address) with the Gateway/Access-Point/Router’s identity. It then, acts as a proxy and sits between the router and users and relays (can read/modify the traffic) traffic between them.

How to protect against DroidSheep attacks?

1.     Some Websites, such as Gmail      provides setting 'Always use https':

2.     Use HTTPS End-to-End Encryption Applications

Many websites such as Facebook, Twitter, Flickr, DropBox, Google etc. use encrypted HTTPS at the time of authentication/verification only, after then plain HTTP takes over to avoid performance issues. HTTPS can provide end-to-end encryption and security between the web-application and the web-server. To force HTTPS protocol on your browser, we can use NoScript, Force-TLS or HTTPS Everywhere Add-On for FireFox, Use HTTPS or KB SSL Enforcer extension for Google, Redirect to HTTPS  for Opera, and User script for Internet Explorer. These applications search for HTTPS connections available on the  Web-sites and enforce the HTTPS end-to-end communication, if the HTTPS is not available, then they simply re-direct to  plain HTTP connections. Below are pictures of popular HTTPS enforcer applications:

'HTTPS-Everywhere' AddOn for Mozilla FireFox:

'Use HTTPS' extension for Google Chrome:

'Redirect to HTTPS' for Opera:

3.     Wi-Fi Protected Access (WPA) or more higher encryption should be used for Wi-Fi hotspot Access-Point, it provides strong encryption to user traffic. Attacker from outside, will have to decrypt the packets of the network.

4.     We can setup a Virtual Private Network (VPN) [free or commercial]: set VPN server at home or office. It will do the encryption for all our traffic over the Wi-Fi hotspot and access for us.

5.     Programs like ARPWatch and ARPOn can be used to detect ARP poisoning.

When try to connect to Internet USB Modem (Huawei/ZTE/LG/Nokia), it gives error: “Unable to open serial port” or “Unable to open COM port for USB Modem”

Symptoms

1.  After installation USB Modem (Huawei/ZTE/LG/Nokia) works good, but when it is run after a restart of Windows XP/Vista/Windows 7, it gives error “Unable to open serial port” or “Unable to open COM port for USB Modem”. When USB Modem is plugged-out and plugged-in again, the problem gets resolved, and starts functioning again.

2.      The USB modem is detected without any problem.

3.      “Query Modem” feature from Device Manager > Modems > XXXX USB Modem > Diagnostics > Query Modem is working successfully.

The Problem

Possible reason of the problems is that there is conflict of Serial Ports (COM__) between the USB Modem and applications already installed on the Windows system.

Solution

One of the solutions for this problem is to manually assign the free and higher order Serial Ports (COM__) to the USB Modem:

1.      Select My Computer, right-click and click to Properties:

2.      Go to Hardware tab and click Device Manager button:

3.      In Device Manager, select the Ports, and find your USB Modem, right-click it and select

Properties, for example, for ZTE USB Modem:

4.      In USB Modem Properties, got to the tab “Port Settings” and click “Advanced” button:

5.      Now, from the drop down list “COM Port Number”, select a higher order and not in use serial port, for example, in the given picture below, COM71onwards can be selected.

6.      Do the same procedure for all the COM ports used by the USB Modem. For example: for ZTE Diagnostics Port, ZTE GPS Port, ZTE Service Port, and ZTE Voice Port set COM71, COM 72, COM73, and COM74.

To count characters/words/lines in text or in a text file or in a string/sentence/paragraph , using Microsoft Office Word, or OpenOffice.org Word Processor or Google Docs.

i. If you have got Microsoft Office 2007, then the easiest way of counting characters is to just copy and paste the text into Microsoft Office Word, go to Review menu and select Word Count.

It will display number of Words, Characters (no spaces), Characters (with spaces), Lines etc. Example: For the text “It will display”, it shows below figures:

ii. If you have got Microsoft Office 2003 or Microsoft Office XP, then copy and paste the text into Microsoft Office Word, go to Tool menu and select Word Count. It will display number of Words, Characters (no spaces), Characters (with spaces), Lines etc. Example: For the text “It will display”, it shows below figures:

iii. If you have got a Linux distribution such as Ubuntu, RedHat, Fedora, OpenSUSE, Mandriva etc. with OpenOffice.org, then copy and paste the text into OpenOffice.org Word Processor, go to Tools menu and select Word Count. It will display number of Words, Characters (no spaces), Characters (with spaces), Lines etc. Example: For the text “It will display”, it shows below figures:

iv. If you have got neither Microsoft Office nor OpenOffice.org, but have got a free GMail Account, then Google will help you:

Log-on to your GMail Account and click the Google Doc:

In the Google docs page, go to Create New and select Document:

v.  Paste the text in the Google docs word processor, and go to Tools menu and select Word count.

It will display number of Words, Characters (no spaces), Characters (with spaces) etc. Example: For the text “It will display”, it shows below figures:

Printer periodically goes offline? unable to print? Hewlett Packard (HP)/Lexmark/Dell/Canon/Epson printer and Windows XP/Vista/ windows 7 OS.

Symptoms

Some of the related Symptoms of the problems are as under:

1. Users have Windows XP (SP2)/ Vista or Windows 7 based systems.
2. Generally the printers are Network Printers. Network Printers are the printers which are connected to switches/routers/wireless routers and are
   shared among the users through Ethernet cable or wireless media. Hewlett Packard (HP), Lexmark, Dell, Canon, Epson are the popular network printer brands.
3. The printer gets PINGed successfully.
4. The printer becomes temporarily online if: the printer or Windows system is restarted, or the user log-ins after a log-off.

The Problem

Possible reason of the problems is that Microsoft has started to use SNMP (Simple Network Management Protocol) based technique for handling printer queues. Now, Windows starts several SNMP threads for printer queue. Windows sends multiple SNMP queries to monitor status of printer (whether it is online or offline). The printer sends its response to TCP port of the system. The spooler software of Windows reads the response from the port monitor and sets the status of the printer. Now, if the printer is not responding to the SNMP queries or the SNMP settings have not been configure properly then the printer may stay offline. For Example: For Windows, default community string is “public”, but if there is no feature in printer to map this, than it may cause problems.

Solution

One of the solutions for this problem is to disable the SNMP based printer-queue- handling technique and use the default standard algorithm:

1. For Windows XP:

Go to Control Panel and open Printers and Faxes folder, select the printer and right click and select the Properties

For Windows Vista:

Go to Control Panel\Hardware and Sound\Devices and Printers, select the printer and right click and select Run as Administrator > Properties
(Click to yes, for Windows permission pop-up)

For Windows 7:
Go to Control Panel\Hardware and

Sound\Devices and Printers, select the printer and right click and select Run as Administrator > Properties
(Click to yes, for Windows permission pop-up)

2. In the Properties of the Printer, select the tab Port and click the Configure Port button:

3. Uncheck "SNMP Status Enable" and click OK:

4. This will turn off SNMP querying and set the printer to always Online. We are now using the Standard TCP/IP Port monitor.