Lately I’ve found myself checking the same IT Security sites over and over again. In many cases I find myself checking them more then a couple times a day. Heres a round up of all the IT related sites I use as resources regularly. If you know of any other resources that are similar to this post please feel free to post a comment and I will update the list.

Exploit-db.com

There are plenty of databases online that index security vulnerabilities. This site however indexes the vulnerabilities with known exploits. Often when I read about a particular vulnerability I find it difficult to invision how it might be used to attack a system. With this database you are able to see how someone else took advantage of a particular vulnerability. I find it much more informative and educational this way. A very interesting sub-section of this site is the Google Dorks section. http://www.exploit-db.com/google-dorks/. This section contains all kinds of interesting google search terms that will return a wide variety of information pertaining to various servers and websites that google has indexed.

Securitytube.net

I am a big fan of hyper-niche video sites and this one is one of my favorites. Security Tube has a tight nit active community of security professionals that regularly share their research, techniques, and exploits. The website owner Vivek Ramachandran has also produced a number of his own videos. Vivek operates a certification program for wireless network security and another for Metasploit certification that is available through his website. The great thing that Vivek has done on this site is that all of his tutorial videos for the online courses are available for free. I do plan on taking the courses eventually but my plan is to watch and try out all of the videos for the courses first. These videos on their own make the site extremely valuable to anyone interested in IT Security so be sure to check out Wireless LAN Security and Penetration Testing Megaprimer and the SecurityTube Metasploit Framework Expert (SMFE) Course Material.

pastebin.com

I am always pleasantly amazed by the random pieces of information I find just browsing the recent posts section of this website. For those of you not aware Pastebin is basically an online clipboard that allows you to paste text content and make it available publicly via url. Pastebin gained a lot of popularity last spring as some of the big website hacks that were going on posted all of their database dumps on Pastebin (lulzsec, anonymous, sony etc). Now it seems that almost everyday another hacker is posting information about what they’ve done and many news and blog articles are regularly sourcing these pastebin posts.

thehackernews.com

There are many news reports out regularly about all kinds of events in hacking. Rather then looking at large news outlets I prefer this niche site for hacking specific news. I find that The Hacker News is very frequently updated and informed with a full range of content. This site typically has 2-3 new posts a day about all kinds of news in hacking and I am most impressed by the amount of international stories that they cover from all over the world. This is also a good source to find out about new apps and tools that are being used in the industry today.

http://www.oxid.it/ - Cain and Abel

This windows based tool (don’t stop reading yet) is the subject of some of my masters research. It has a full range of functions that make it a very versatile tool. It’s primarily popular for some of its man-in-the-middle attacks mainly its ARP poisoning attack. In addition it is also decent at finding and cracking windows admin passwords. It also has a full range of possibilities that don’t have a lot of information published on it. I’ve heard of some of my students using it to packet flood people they are playing against in Call of Duty or other peer to peer network games to perform a denial of service on them. I’ve also heard but not confirmed that it can be used for intercepting voice and video communication. The tool itself is worth checking out, if you’ve done anything interesting with this tool please post a comment and share it with me.

backtrack-linux.org/

Back Track is the definitive resource for anyone who is serious about IT Security. This is a linux distribution that comes ram packed with everything you might need to evaluate and penetration test a network. I run my version in a virtual machine on top of my primary OS but you might choose to dual boot it or install it on a spare computer. The challenge with this system is figuring out where everything is and how to use each tool but with a bit of reading in the -help files and forums you should be able to figure most of it out.

wireshark.org

In monitoring any network one thing I’ve learned is that packets don’t lie. It is sometimes difficult to filter down to the information you are after but if its transmitted across a network then the data is there somewhere. Wire Shark is one application that every security professional uses to see exactly what is going on in a network.

https://www.torproject.org

I could probably write an entire article on this web browser, in fact I probably will. For now though the best way to describe tor browser is that its a browser that lets you bypass any firewall to browse facebook or any blocked site from anywhere. How it works is a little interesting. In a typical browser if you set up a proxy you are making one connection from your computer to the proxy server then the server to whatever site you are going to. This may help you get around a firewall once but a lot of firewalls detect individual proxies or sites that list them also in terms of traceability its easy to trace route back to your ip. The tor project is a little different from the traditional forms mentioned, it actually encrypts your traffic and routes it through a number of proxy relays that allow you  transmit your data securely and browse anonymously.

Again if you have any links that you feel should be included in this list please feel free to leave a comment and include it.

This is an obvious scam but I am certain that they find a new sucker every hour and that this is how some hackers have bot nets of over 30,000 computers.

For a full detailed explanation of this Phishing Scheme check out this link http://www.guardian.co.uk/world/2010/jul/18/phone-scam-india-call-centres

The short version of this story is that I get a phone call from a guy with an Indian accent saying that he’s calling about my windows PC. Knowing full well that this is a scam as I have heard stories of this scheme from some of my students just never actually got the call myself, I decide to play along long enough to get some info on what he’s actually doing. Also figuring that the longer he’s talking to me the less people he can talk to who may be less knowledgeable about this scam.

To his opener of “I’m calling with regards to your windows PC” I reply with “which one?” Thinking that if he knows I have more then one computer at my house he might start salivating at the thought of getting multiple computers from one call.

He begins to tell me that he is from Microsoft and that they have been noticing viruses being transmitted to and from my computer.

He directs me to this website http://windowsonlinesupport.com/  WARNING DO NOT DOWNLOAD ANYTHING FROM THIS SITES LINKS OR FILL OUT ANY INFORMATION.

Now he gets me to read off what I see on the site to make sure that I am on the right page. When I read the icons out in his most enthusiastic voice says “YES!” (he uses the enthusiasm to trigger an emotional response and positive reinforcement for doing a good job).

At this point I want to take a closer look at the site itself. In the top right there is a login screen made to look like an msn or hotmail login screen that people are used to . The point of this icon is to get people to login using whatever default login they usually use, giving the phisher all access to whatever email account you use regularly.

There is also some icons used to get customers to sign up for their service. What service they provide beyond maxing out all your credit cards is not clear by the site.

From reading some other articles if this caller is successful in installing enough viruses and remote control software on your computer to render it useless they then insist that they pay you for the service they’ve just provided for you.

At the bottom of the page is where the real dangers lie. The above icons point to remote control software that undoubtably laced with an assortment of viruses. One virus to take control of your computer, one to block all other anti-virus programs, one to change all your web searches so that instead of displaying your search results you get ads so they make money. Also now that they have your computer as its slave they can use it to do various cloud computing tasks like DDoS attacks and mining for bitcoins.

Proving its a Scam

If you do a domain name whois lookup for the site claiming to be Microsoft and it comes back to say its hosted on a Godaddy server its definitely a scam. And heres proof :  http://dawhois.com/siteinfo/?query=windowsonlinesupport.com

On a side note it also shows that they have owned this domain and presumably been in operation for over a year.

Why bother?

The question I get is why would anyone spend this much time and money just to put a virus on your computer. Well to answer this lets dissect their business model a bit. Here I use simplified numbers based on my best estimates based on my experiences. At this time I don’t have enough sources to properly site the reasoning behind the numbers you will just have to trust my experience to get an ideal of the scale of these sort of operations.

The cost to set up a site like this is relatively low. 5-10 Dollars a month for web hosting, $10-20 a year for the domain name and $3-4 an hour for someone in a call center to call the phone book in a particular area. So lets say you start off with an operating budged of $200 for your first couple of months.

In this time you could afford almost 40-50 hours of cold calling. Considering that a call center operator could call 100+ people an hour (just an estimate). They could potentially attempt to reach 4000 + people in a week. (In my opinion these numbers are just low ball estimates and in reality are probably much higher).

The next question is how successful are these Phishers? Assuming they attempt to contact 4000+ people how many of them will they be able to scam into installing the virus on their computer? 1,5,10,50? My best guess would probably be more then 10 but less then 50 although a number as high as 400 would not surprise me in the least.

So lets say they are successfully able to infect 25 computers. They now effectively own these 25 computers and can do whatever they want with them. A popular thing to do with these infected computers is to set it up so that the most popular search engines (google) display a fake version of their web browser. The script will still display search results except rather then displaying genuine search results they will display ads disguised as search results so that if you click on them the people who infected your computer will make money. So going back to our 25 infected computers example, even if the user was tricked into clicking an ad once a day for the low click earnings of 10 cents per click (low ball number by most estimates). These computers if infected for over a month could result in 80 – 100 dollars a month (again extreme low ball estimates as most ppc ads can get much more then 10 cents per click and some of these virus can easily turn out 5-20 clicks per day).

Another popular use for these viruses is to help farm/process a virtual currency called BitCoins. Using the infected computer to process encrypted transactions results in a generation of a virtual currency for the person who processed the transaction. This can be quite profitable if you have a decent video card installed on your computer for the virus to make use of. Conceivably 25 computers working together could potentially generate 20-50 dollars a month if not more (depending on current exchange rate).

If you also consider the fact that if they observe your computer long enough while infected and they capture all your login information for websites, email, banking, and paypal etc. They could of course rob money directly from your bank account or use your credit card information to purchase items.

One of the less obvious uses of having a network of computers is a Distributed Denial of Service attack. Basically if a computer hacker has a network of computers available to them they can instruct them to visit a target website all at once. If you send 10,000 website request all at once repeatedly users that legitimately want to access the site will be blocked by all the other requests.

Once this scam is set up on a small scale it is really easy to just hire more people to do the calling. As a result of this scam its not uncommon for a hacker to control more then 30,000 computers in their network. Once these networks are set up the hacker can now rent out their network to people who wish to spam computers for whatever purpose.

I tried to write this in article in a way that simplifies some of the concepts. If you have more details or information to add I would love to hear about it. Also if you have received calls like this please share your experience and provide the link of the site that they directed you to.

All three parts will be available at the following links:
Part 1 – Creating the Soft Blur Effect
Part 2 –  Silky smooth skin in photoshop
Part 3 – Increasing the background blur in macro photography

Disclaimer: Before I begin on this tutorial I should first explain why you would want to use this tutorial.First of all if you are an experienced photographer you can achieve this effect with your camera and probably don’t need this tuturial. The typical macro shot contains an object in the foreground with a very short depth of field. As a result of the very narrow depth of field the background ends up being blurred. A trained photographer can easily accomplish this task but for a beginner or someone with a typical point an shoot camera you don’t always achieve the exact intended result. Also macro lenses can be expensive. Luckily theres a way for you to compensate for your lack of camera skill or quality camera with a quick photoshop trick.

Here you can see the original image as you can see the main focus is the bear itself and its eyes and the background is only slightly blurred. In this tutorial we are going to increase the amount of blur applied to this background.

First step as always is to duplicate the original layer so that you have something to work with with out messing up your original. Right click on the background layer and select duplicate layer. Name this new layer blurred background.

With the Blurred Background selected go to the top menu and select Filter-> Blur -> Gaussian Blur.

Now apply a blur filter on this layer. The amount of blur will depend on your image and its resolution. Anywhere from 3-10pixels should give you quite a significant amount of blur.

Now we are going to create a vector mask so that we can apply the blur effect just to the background and not the whole image. With the new layer selected click on the add new layer mask icon from the layers window.

For the next step ensure that you have the vector mask on the blurred background layer selected. This is a common mistake that people make so ensure you have the correct part of the layer selected. You should see a box outlining the vector mask like so.

There are two options you have next. Depending on the scale of your foreground Item you can either paint that item in black to remove the blur or fill the mask with black and then pain the background where you would like to blur in white. Either way you go you sure use a large fuzzy brush to paint softly around the edges of your foreground object. When you are done the mask should be black where you would like the image to show through to the sharp image bellow and white where you want it to be blurry. If you find that your gaussian blur effect was too strong you could reduce the opacity of the mask layer until it meets your liking.

Here we have the finished product image.

All three parts will be available at the following links:
Part 1 – Creating the Soft Blur Effect
Part 2 –  Silky smooth skin in photoshop
Part 3 – Increasing the background blur in macro photography

This image dosen’t really have any major imperfections but I’ll show you how you can improve the look of the skin. Here is the original image.

First thing I always do in photoshop is duplicate the original layer so I can preserve the original image for comparison later (or if I mess up). Do this by right clicking on the background layer and clicking duplicate layer. I’m going to name this layer skin touch ups.

On the skin touch ups layer I’m going to use the spot healing tool to remove any freckles or pimples. Try to avoid touching up around any natural lines that make up the composition of the subjects face. Select the spot healing tool and set it up with a soft brush just slightly larger then the size of whatever you want to remove (pimples, freckles, scars, etc.). Make sure the hardness is set really low (0 is ok).

For major touch ups you can also use the patch healing tool but I’m not going to go into that here. The spot healing brush essentially takes an average of all the pixels around it and blends it together. To touch up a pimple or freckle simply dab the brush with the pimple in the center of the brush. Here you can see the result of some small touch ups see if you can pick out the differences.

At this point I am going to duplicate the touch up layer. Name the new layer blur mask. At this point you should have 3 layers: The original background layer; the touch-ups layer; and the blur mask.

With the blur mask layer selected go to filter -> blur-> Gaussian Blur. Now like in the last tutorial the amount of blur that you will actually apply to the layer depends on the resolution of your image. You may have to play around with it a bit but probably somewhere between 2-10 pixels of radius will do. You want to blur the skin/ face without loosing too much of the image detail.

At this point we are going to use a layer mask to only allow the blur effect to be visible in certain area’s i.e. the skin. I tell my students to think of this like a window your are going to paint black and only chip off the pain the area’s you want to see through.

To add a layer mask select the blur layer and click on the create new layer mask icon.

With the paint bucket tool paint the mask portion of the blur layer black. Be extra careful not to paint on the actual blurred layer. The image should go back to its original resolution without the blur and the mask on the blur layer should go from white to black. Essentially you have just painted the window completely black on the blur layer so you can’t see any of the blur effects.

Now we are going to paint in white on the layer mask the areas where we want the skin to be blurred. Grab a big fuzzy brush with white as the foreground color. Be sure that the mask is selected and not the blurred image layer. Now paint anywhere there is skin that you want to make smoother. You can grab a smaller brush to reach some of the more detailed areas and if you make a mistake you can just paint over it in black and try again.

Sometimes if the blur effect was too strong you can regain some of the detail of the image by adjusting the opacity of the blur layer.

An interesting view of what the mask you have just created can be viewed by hiding the other layers.

Finally here we have the finished product.

I hope you enjoyed this tutorial. Thank you to Mr. Medd for volunteering to be in this tutorial.

All three parts will be available at the following links:
Part 1 – Creating the Soft Blur Effect
Part 2 –  Silky smooth skin in photoshop
Part 3 – Increasing the background blur in macro photography

Part 1 – Creating the Soft Blur Effect

This effect is commonly used in wedding photography to give your images a whimsical and dreamy feel to them and its really quite simple to accomplish.

Today I am going to be using a picture of my wife on a fairy on London River Thames.

Start by duplicating the layers of whatever image you are going to work with.To duplicate the layer simply right click on it from the layers window and select duplicate.

Now select your new layer and apply a Gaussian blur to it. To do this select the filter menu from the top menu, then choose Blur -> Gaussian Blur.

The amount of blur you apply to this image will depend on the quality of the image. My image was taken on a digital slr at the highest quality setting so my images are all quite large. For lower quality images you would apply less blur. Play around with the sliding scale until you have a enough blur to slightly blur your image without loosing to much of the detail.

After you blur the image should like pretty fuzzy. From here we are going to blend the blur effect with the original layer. To do this simply adjust the layer opacity to anywhere from 40-60% or until you get your desired effect.

Finally here is the finished image. Some editors add additional blending options to the blurred photoshop layer but I am not going to get into that with this tutorial.

Resizing Image for Print

When you are ready to print an image you need to make sure that the physical dimensions of the image are the size you want. An important thing to note is that any time you resize an image you risk reducing or compromising its quality.

Note: If you every have to increase the size of image you will always diminish its quality and if you are trying to resize an image smaller then its original size any extreme measures of scaling will reduce the overall image quality.

To resize an image for print in photoshop go to image – > image size.

The Image Size window that pops up contains all the features needed to resize your image.

The goal when resizing an image for print is to maintain the highest possible image quality or resolution (displayed in pixels/inch or sometimes dots/inch). Most standard printers either print in 150 or 300 dots per inch and a common practice is to give the printer twice as much resolution as it can handle. To do this insure that the the resample image is not checked and that then proceed to set the width or height of the desired print image. With the constraint proportions box checked the image will automatically maintain its original aspect ratio as to not distort the image. When you typed in the desired width or height of the image ensure that the resolution is still higher then 150 pixels per inch, any less than that and you will begin to be able to notice poorer image quality in your prints.

Resizing for web

If you’ve ever received an image via email from someone who hasn’t properly resized it you may have been surprised to find out that the image takes up more then your entire screen or the image takes to long to load. The reason for this issue is that most cameras are set to take images in the highest possible setting (which is what you want) however this results in image resolutions higher then that of your monitor.

An important thing to remember when resizing an image for web is that you are in fact reduce the images quality. There isn’t much of escaping this fact.

To resize an image for web or email simply go through the same process as above except this time ensure that the resample image is checked. In this case however rather then modifying the physical dimensions of the image we will be modifying the pixel dimensions as the image would be displayed on screen.

A typical monitor’s screen width is betten 1000 and 1500 pixels wide so if you want your image to be about half of someones screen you could resize the image to have a width of between 500 and 750 pixels.

When you have finished applying this image resize if you zoom to 100%. This is the size/quality as it will appear when you send it to a friend or put it online on a typical monitor

Photoshop has so many features that can be explored from photo touch ups, to drawing with the various brushes, and using some of the many photo filters. Today we will be starting with simple image adjustments and maybe some effects.

Today we are going to start with a common problem for photographers. You take a photo and because of whatever camera settings or light available the image dosen’t quite come out the way you like it.

For todays exercise lets see if we can improve on the quality of this image of warwickshire castle from my recent trip to England.

There are a few key photoshop tools we will use to accomplish this task.

Lets start out with some of the image adjustment tools.

You can use many of these tools to adjust the look of the image be careful however not to distort the image too much or you will reduce the quality of the image. Reducing the quality of the image could be in the form of reducing the sharpness of it, the amount of colours or the exposure. Some of the key tools to use are the Brightness/Contrast, Levels, Curves, Exposure, Vibrance, and Hue/Saturation. Some of these tools I would recommend only for finishing touches while others can apply drastic transformations to your image.

Starting with Brightness and Contrast This tool can be used to shift the colours and image data. If done correctly no image quality needs to be lost to apply a linear shit to the entire document. Here you can see the Brightness and contrast tool in action.

1 problem that arises with this tool however is that the light gray colours that were the clouds, almost completely disappeared. It did make the castle look brighter and nice but it made the sky too light. So maybe I need a tool that will lighten the dark colours without lightening the light colours.

For this I go to the curves tool. With the proper technique rather then performing a linear shift for the entire image to the light or dark side you can perform more of a quadratic shift where the extremes of dark and light are not brightened or darkened as much as the rest of the document. The one problem with this tool is that if its done too drastically it can significantly reduce the amount of colours and contrast that your image has.

To lighten the image using an arc transformation rather then a linear transformation use the curves tool as follows.

To darken the image if needed simply drag the curve to the bottom right of the screen.

Some time when working with an image you want to make the dark areas darker and the light area’s lighter adding more depth and light contrast to your image. You can also do that with the curves tool by using what’s called the “flat S” approach.

For this image however the flat S does quite the opposite of what I would like to accomplish so I will try it with the reverse of a flat S. I have to be careful however not to over do it or it will really reduce the quality of my image.

Here you can see I was able to keep the contrast in the sky while lightening the castle gets pretty close to my desired result. The one draw back from this as you may be able to see is that there is a bit of graininess in the image that was there before but is just now more obvious. I may be able to fix that later on down the road.

Getting rid of grain involves a little bit of cheating with the photoshop images filters. Its definitely one of the harder image flaws to correct and its almost always better to start with an image without grain but I will be posting ways to deal with image grain in a later tutorial.

In March 2010 my school board announced that it would be spending 13 million over 3 years on new technology initiatives. During the same period of last year, this year, and next year, the school board is also cutting the number of teachers it has on staff through redundancies. They are also not hiring new teachers. This year the school board has also made additional cuts to the number of Custodians, Secretaries, and Educational Assistants at each school. There is even speculation that the board will announce that it is closing a secondary school in September 2012. [Source DurhamNews.com]

The plan for the 13 million dollars is for it to be divided between the following areas:

• 5 million dollars for teacher laptops and student net books
• wifi access points to be installed throughout every school in the board
• more projectors and smart boards to be installed across the board

With seeing how the 13 million dollars is being spent, it causes one to wonder what impacts this will have on the education of our students. The belief is that spending this money on more technology will improve the quality of education provided. Is this the case?

The age demographic of the teachers in our board is quite old. In the past few years very few new teachers have been able to find permanent employment in this board. Not to sound discriminatory to those that are older, however there is a very strong correlation  between one’s comfort level with technology and one’s age. There is a clear divide in technological abilities at most schools, between those growing up using technology and those coming to it late in the game. If the school board is going to spend 5 million dollars on giving a computer to each teacher, what percentage of teachers will use these computers to their full potential? What percentage of teachers will rarely use their laptop at all because they are too afraid of it?

When I first heard that we would be getting wifi in our school I was really excited and thought that it would be a great addition to my teaching practices, but if it comes at the cost of my job I could probably do without it.

This past semester I had the unique opportunity to work within a youth correction facility as a High School Teacher. I was also responsible for:

• Taught computer skills to students within a closed custody youth correction facility
• Administered the local computer network consisting 50 Mac computers .
• Ensured the integrity of the network while preventing students from accessing the Internet and maintaining many confidential files, personal information, and user accounts.
• Provided tech support for all other teachers as they experiment with various ways to integrate technology in their classrooms

Not my image – photo source - http://rippledthoughts.com/cynthia-martone/