Subscribe:
    Subscribe Twitter Facebook

    Saturday, August 29, 2009

    Show or Verify Asterisk Password Field Hidden Value with View Passwords Bookmarklet

     Show or Verify Asterisk Password Field Hidden Value with View Passwords Bookmarklet

    When entering a password credential into a password secret field on web page or form, normally the password is masked as asterisk so that no other people that happens to be around the computer will be able to read or view the password entered. So how to make sure and verify that password typed is correct? There are various programs to reveal the hidden asterisk password, however, View Passwords Bookmarklet proves to be easier.

    View Passwords Bookmarklet is a JavaScript (JS script) that can be saved as a favorite or bookmark, or directly enter into address bar or location bar to show the contents of password fields. The bookmarklets support viewing actual real values of multiple asterisk masked fields.

    View Passwords Bookmarklet is especially if user user web browser or third party application such as Gator to save and autofill in the user name and password for various web services and Internet applications. Although the password manager will auto fill in the password, it’s still been masked as asterisks in the password field. So when user want to switch browsers, upgrade to a new computer, or simply want to record down the password, View Passwords Bookmarklet can retrieve and display the password covered behind asterisked text on screen.

    To use View Passwords Bookmarklet, simply add the following link as bookmark or favorite, and click click on the bookmark or favorite when require to reveal and view the actual text contents of password fields, or simply copy and paste the JavaScript code into the browser’s address bar or location bar. There are two similar View Passwords bookmarklets available, with differences explained.

    View Passwords

    JS Code: javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j

    Above View Passwords bookmarklet will display the passwords of all masked fields including password values in a dialog box. Have problem detecting actual text in fields on IFRAME pages though.

    View Passwords

    JS Code: javascript:void((function(){var%20a,b;b="<"+"html>%5CnPasswords%20in%20this%20page:

    %5Cn";(function(c){var%20d,e,f,g,h;for(d=0;d
    %5Cn";}}})(top);b+="%5Cn%5Cn";a=window.open("","","width=200,height=300").document;a.open();a.write(b);a.close();})())

    Above View Passwords Bookmarklets will display detected passwords in a new web page, so make sure that pop-up blocker is not active or is not blocking the domain with password fields to be revealed. Can detect correctly passwords and asterisked values in IFRAMEs.

    View Passwords Bookmarklets work in Internet Explorer (IE), Mozilla Firefox (FF), Opera, Netscape, Safari, Konqueror and almost every other web browsers.

    The bookmarklet view password hack do not crack the Windows, Linux, Unix, Mac OS X or other operating system log on password. So physical security control still applicable. For user who wants to secure the passwords from this hack, do not ever let web browser save the password when offered to remember the login information, especially when using shared computer.

    Workaround to Disable and Remove OGA Office Not Genuine Notifications (Uninstall KB949810)

    Workaround to Disable and Remove OGA Office Not Genuine Notifications (Uninstall KB949810)
    After installing Office Genuine Advantage (OGA) Notifications (KB949810) from Windows Update, OGA Validation will perform genuine test on installedMicrosoft Office XP, Office 2003, Office 2007 and Office 2010software. If Office product is validated as not genuine, “This copy of Microsoft Office is not genuine” notification message will be displayed on notification area (system tray), at splash screen during Office program (i.e. Word, Excel, PowerPoint, Outlook) startup, and at Office’s toolbar or ribbon with extra “Get Genuine Office” tab or element.

    KB949810 OGA Notifications update is designed so that end-user cannot uninstall or removed the update using “Add and Remove Programs” or “Program and Features” in the Control Panel, in a bid to encourage end-usersto buy genuine Microsoft products. But, if you’re a legit Office users, and the OGA validation has returned false-positive result, use the one of the following hacks to disable and remove Microsoft Office not genuine notification messages displayed by OGA Notifications.

    Note: Hack below simply remove and disable OGA Notifications so that no notification message about Office not genuine is not displayed, and works on most versions of OGA Notifications. It doesn’t crack or patch OGA Validation component, OGACheckControl.dll, which does the validation process to determine if the Office product is genuine or not.

    Hack 1: Disable OGAAddin.dll from Loading with Office Applications

    OGAAddin.dll (and OGAVerify.exe) is a few files that been installed by OGA Notifications. OGAAddin.dll allowed OGA Notifications to install as an add-in toapplications in Office productivity suites to display not genuine reminder message to illegitimate and illegal copy of Office. By stopping the OGAAddin load behavior and preventing OGAAddin.dll from loading, the Office Genuine Advantage Notifications message can be suppressed.

    1.    Run Registry Editor (RegEdit.exe).
    2.    Press Ctrl-F to open search box, and search for OGAAddin.connectregistry key.
    3.    In the right pane, right click on Load Behavior and select Modify.
    4.    Change the value data from 3 to 0.
    5.    Repeat for each and every OGAAddin.connect found.
    With this hack, Windows still treat OGA as installed, and will not prompt user to install again.

    Hack 2: Disable and Remove OGAAddin from within Office Applications

    1.    Run one of the Office app such as Word, Excel, PowerPoint, Outlook, Publisher and etc as administrator.
    Note: Open Windows Explorer, go to %SystemDrive%\Program Files\Microsoft Office\Office12 (may be different depends on version of Office installed and x64 OS uses Program Files (x86) folder), and right click on Office app executable, e.g. winword.exe, excel.exe, powerpnt.exe and etc to run as administrator.
    2.    Go to Options (at the bottom of menu triggered by Office button) ->Add-Ins.
    3.    Select COM Add-ins under Manage drop menu list, and click Go.

    4.    Disable or remoev the OGAAdmin.
    5.    Repeat above steps for each and every Office applications installed.

    Hack 3: Delete and Remove (Uninstall) Office Genuine Advantage Notifications Components

    Although Microsoft does not allow OGA Notifications to be uninstall, but that does not mean that individual file components of OGA Notifications cannot be deleted, removed or uninstalled manually.
    To disable OGA Notifications and uninstall KB949810, close and exit from all Office applications (including Outlook, Word, Excel, PowerPoint, OneNote, Publisher, Visio and etc.), and search for the following files in%SystemDrive%\Wndows\System32 folder and%SystemDrive%\Windows\SysWow64 folder (for 64-bit OS x64 only).
    OGAVerify.exe
    OGAAddin.dll
    Delete the above files. It’s also possible rename the files so that system cannot find them.

    Hack 4: Remove OGAAddin.connect Registry Key in System Registry

    Pretty much similar to method 1 and 2, but it’s quicker and will complete remove trace of OGAAddin.connect from registry. Unlike hack 1, Windows Update may prompt you to install again.
    1.    Run Registry Editor (RegEdit.exe).
    2.    Go to each and every of the following registry keys, and any other which contains OGAAddin.connect registry value sub-key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Excel\Addins
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Powerpoint\Addins
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins
    3.    Delete the OGAAddin.connect registry value.

    Hack 5: Properly Uninstall KB949810 OGA Notification via OGANotifier.msi


    Easy to uninstall. Just follow these steps:
    1.    Go to C:\Windows\SoftwareDistribution\Download\8998da55d52b36c0e98ba016ddd50de0\ folder.
    Note: The directory may be different, so if not found search for OGANotifier.cab.
    2.    Extract OGANotifier.cab with WinRAR (or using the Expand command at command line) to get a file named OGANotifier.msi.
    3.    Right click on OGANotifier.msi, and select Uninstall.
    4.    Remember to block the update from been installed again in WU.
    With any one of the hacks above, no more Office Genuine Advantage notification message will be displayed and showed on system, regardless of genuine status of the Office software, unless of course, end-user chooses to reinstall KB949810.

    Friday, August 28, 2009

    10 Fast and Free Security Enhancements

    Before you spend time on security, there are many precautions that you have take to protect yourself against the most common threats.

    1. Check Windows Update and Office Update regularly (http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

    2. Install a personal firewall. Both SyGate (http://www.sygate.com) and ZoneAlarm (http://www.zonelabs.com) offer free versions.


    3. Install a free spyware blocker. Our Editors' Choice ("Spyware," April 22) was SpyBot Search & Destroy (http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.

    4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

    5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

    6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

    7. Buy antivirus software and keep it up to date. If you're not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., http://www.grisoft.com). And doublecheck your AV with the free, online-only scanners available at http://www.pandasoftware.com/activescan and http://housecall.trendmicro.com.

    8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

    9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

    10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."

    Bidvertiser