Children today are far more ‘exposed’ to technology than once their parents were. Along with the benefits of the internet, more and more websites pop up each minute that could get them in trouble. Pornography, contact with strangers, Social networking addiction and games are just a few of them. With the curiosity of a kid he likes to know ‘what it is?’. So I am starting a series of posts on parental control and internet security.
Sometime back I did a post on how to control the time users can log in to Windows XP. Since I added “Parental Control” to the title, there had been many visits to the article. This actually made me feel like I was cheating all those visitors. These people were coming here,expecting to find a way to prevent their children go the wrong way on the internet. And what was I giving them? A rather geeky and crappy way of controlling the log in times. That’s why after a long long time I decided to write some real and not so geeky ways of implementing a parental control.
In this article I am going to tell you some good points to note before you setup a full parental control.
- Educate your children about the bad of getting addicted to internet, games,porn etc
- Put the PC with internet access in a common area, so that you can always have a look
- Make the modem setup such that it connects to the internet only on request rather than always on.
- Its better if you can put a router in between the computer and modem.
- Be strict about ‘when’ kids can use the computer
There are some plug-ins available for almost all browsers that will make surfing rather safe. One such plug-in is the Web Of Trust Plug-in. It is available for FireFox, Internet Explorer as well as Chrome. But the problem with all these plug-ins are that they can be overcome by some way. although the procedures can be complex, they can still be overcome. That’s why we need a much stronger method for parental control. From the third article in this series onwards I will be discussing methods by which parents can actually implement strong website filtering on their computers.
You can get anybody’s internet account password, if you have Mozilla Firefox browser with an add-on named HTTPFox installed.
HTTPFox sits in between the network and FF browser and captures all the traffic in between. You can view the Requests and Responses going in between. When you enter an information into a form on a web page like a login page and click the submit button you are sending the information either as a GET or as a POST request to the web server. Example of a GET request is what you enter in a Google Search box. When you click search you can see that the results page will have a URL like :- http://ww.google.com/search?q=SEARCH QUERY (it may have some more creepy stuff like your browser info or your language preference but the basic structure is this) You can see that the part you entered is visible along with the URL.
POST requests are different in that you can’t see the data as part of the URL. An example would be any login information you enter on a website.
Follow these steps : (Checkout this Screenshot for detailed instructions)
1. Install HTTPFox extension for FireFox.
2. Restart Firefox, now you will see a small green and blue icon on the lower right side of the status bar.
3. Click on the icon to expand HTTPFox pane and go to any login page.
4. Click Start to start the capture. Enter the login information (username, password) and click Submit (or hit enter)
5. You will seethe data transfer in a categorised and formatted way here. Look at the 5th column named Method. Most of it will be GET. Click on it to bring the POST ones on top. Select a post transfer by clicking on it and then Click POST Data tab on the lower pane of HTTPFox. Here select Raw radio button. check for the sername somewhere in the string shown. Near to the username will be the password. Before each variable (password username etc) you can see an = symbol)
6. This is the password you need. To make this a stealth operation 😉 , after Start minimise the HTTPFox window. And whe nobody is arround open the window stop the transfer and look for the password.
As you get familiar with this it will be a lot easier to findout the password from the RAW data. For any webpage use all caps testusername and teastpassword approach shown in the screenshot to locate the password field.
If you have any questions or doubts contact me or leave a comment.
There was a small introduction on how files are recovered from magnetic media in the last post. In that post I had said about using repeated overwrites to render a file unrecoverable. Sdelete is a command line utility that can wipe off a file and its traces completely from your hard disk without leaving a chance for recovery. If you have some data that you don”t want others to know about, you can “securely delete” it using sdelete.
sdelete is a tool from sysinternals to erase data from Disk drives completely. It can delete data from USB drives, floppy drives, or hard disk drives. sdelete can also cleanup the freespace avilable on any drive with zeros and delete directories recursively.
You need to download the zip file from sysinternals site, extract it to C:WINDOWS or C:WINDOWSsystem32 folder (or you can add the folder you are extracting to the PATH variable in Windows environment). so that it can be directly accessed from command prompt.
sdelete [-p passes] [-s] [-q] <file or directory>
sdelete [-p passes] [-z|-c] [drive letter]
||Zero free space (good for virtual disk optimization).
||Specifies number of overwrite passes.
||Don’t print errors (quiet).
||Cleanse free space.
sdelete is free, light and installation free. You can control the number of passes (overwritings) that has to be done and moreover previously deleted file data can also be cleaned using the free space cleaning facility.
Download sdelete(free) (47Kb) , Visit sdelete webpage on Sysinternals
On the last article we have discussed about seeing all the files that are part of Windows. Now lets see whether we can directly access these folders. As it turns out Windows by default will not grant you permission to the folder System Volume Information.
Thats because the folder contains important System Restore Point informations. So what do you do when you can’t touch your own property. well it is there that the Windows file sharing comes into play. It may sound a little weird at first but it is true. Lets see how.
Step 1 : Go to Tools>>Folder Options and select View tab.
Here scroll down to the bottom, you can see a check box named Use Simple File Sharing (Recommended), UNCHECK the box, click APPLY and OK. Now you are done with the settings part. So just take the Properties (ALT+ENTER) or RIGHT CLICK>>PROPERTIES) of System volume Information you can see a new tab named Security here. You can see that there will be a user named SYSTEM there and it has full permission (refer picture).
You need to add your User account as a user here and give full permission to your self in order to gain access. Click Add button and type in your user name and click Check Names your user name will be filled along with the computer name automatically.
Click OK. now just click on user name of yours and check Full control. Click Apply, OK and you are done.
You can get access to files that return an “Access Denied” error by using this method. are some Files and Folders which need some more work to open I’ll discuss it in next post. Till then try this and figure out what all were hidden from you.