CARBANAK : BANK ROBBERY LIKE NEVER BEFORE

1.  As recent as a week back Carbanak, an APT-style campaign targeting financial institutions has been claimed to have been discovered by the Russian/UK Cyber Crime company Kaspersky Lab who said that it had been used to steal money from banks.The malware was said to have been introduced to its targets via phishing emails and is said to have stolen over 500 million dollars, or 1BN dollars in other reports, not only from the banks but from more than a thousand private customers.The criminals were able to manipulate their access to the respective banking networks in order to steal the money in a variety of ways. In some instances, ATMs were instructed to dispense cash without having to locally interact with the terminal. Money mules would collect the money and transfer it over the SWIFT network to the criminals’ accounts.The presentation brings out the executive summary of Modus Operandi of the Malware as analysed by Kaspersky.

 

2.   Carbanak is a backdoor used by the attackers to compromise the victim's machine once the exploit, either in the spear phishing email or exploit kit, successfully executes its payload.Carbanak copies itself into %system32%\com with the name svchost.exe with the file attributes: system, hidden and read-only. The original file created by the exploit payload is then deleted.

How to detect CARBANAK

One of the best methods for detecting Carbanak is to look for .bin files in the
folder:

..\All users\%AppData%\Mozilla\

The malware saves files in this location that will later be sent to the C2 server when an internet connection is detected.BAT script for detecting infections(Source : here) is given as follows :

@echo off
for /f %%a in ('hostname') do set "name=%%a" echo %name%
del /f %name%.log 2> nul
if exist "c:\Documents and settings\All users\application data\
mozilla\*.bin" echo "BIN detected" >> %name%.log
if exist %SYSTEMROOT%\System32\com\svchost.exe echo "COM
detected" >> %name%.log
if exist "c:\ProgramData\mozilla\*.bin" echo "BIN2 detected"
>> %name%.log
if exist %SYSTEMROOT%\paexec* echo "Paexec detected"
>> %name%.log
if exist %SYSTEMROOT%\Syswow64\com\svchost.exe echo "COM64
detected" >> %name%.log
SC QUERY state= all | find "SERVICE_NAME" | findstr "Sys$"
if q%ERRORLEVEL% == q0 SC QUERY state= all | find
"SERVICE_NAME" | findstr "Sys$" >> %name%.log
if not exist %name%.log echo Ok > %name%.log xcopy /y %name%.log
"\\\logVirus

Quantifying your WEB SECURITY

This small presentation will sail through a set of questions for any web/Internet user and will mark for every question as the user decides to answer.The safety score as it ends up lets the user know of where he stands in terms of IT SECURITY on the web!!!!

Officially Keylogged : Welcome to Microsoft Windows 10 Preview

1.   Though an avid loyalist of Linux for last about a decade,I always keep a tag of what’s happening in the world of Windows......and recently when Windows 10 preview was launched I started reading various reviews pan web....and I came across this startling and surprisingly criminal revelation regarding inbuilt key logging in the OS available for download.See the screen shot below straight from the Microsoft and you read it for your self highlighted...  

(Click to Enlarge)

2.     This is actually too much in the name of Data Collection wave by various companies as a genuine and legal move putting across mostly naive users at complete risk since anyone is hardly interested in reading the Terms & Conditions of any application.A google search on this gives surprising concerns as bought out by various reviewers across as seen below :

(Click to Enlarge)

3.   Few interesting statements below from Terms and Conditions :

"Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage."


"We may collect information about your device and applications and use it for purposes such as determining or improving compatibility" and "use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing."
The killer statement says, "If you open a file, we may collect information about the file, the application used to open the file, and how long it takes any use [of] it for purposes such as improving performance, or [if you] enter text, we may collect typed characters, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features."

4.     Thanks Microsoft :-)

Concluding XP getting Stronger by the Day @ Banks & ATMs still swear by it.

1.   Microsoft XP...the OS that was a milestone and turning point for the Microsoft company in many ways was given 8 Apr 2014 as the last date of survival ie after about 14 years of being in business, support for Windows XP will end on April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system. After April 8, 2014, Microsoft will no longer provide security updates or technical support for Windows XP. So PCs running Windows XP after April 8, 2014, should not be considered to be protected...but is it that easy for a typical user to just see off XP and take on a newer OS?....leave aside the typical user ...would it be possible for the corporates to do it so easily???...alass!!! NAAA....

2.  Microsoft though had given early warnings as early as 2007 about the end of life support for XP OS, but in fact the surprising fact coming up vide various sources is that currently most bank machines (95% of ATMs in the world) use Microsoft XP (OS) in their cash machines and with the date nearing fast it seems like herculean to replace all as per the time line.So after repeated request from across the globe from leading bank vendors including big UK banks such as Barclays, HSBC, Lloyds Banking Group, Royal Bank of Scotland etc ,Microsoft has agreed to provide antimalware signatures for the operating system through July 15, 2015 and just for info that’s not the same as software patches, but does help consumer and business security programs identify malware on the system. The original end of support date of April 8, 2014 still stands. Even for this the banks might pay up to $100 million (KES. 8.5 billion) each to keep their Windows XP support, combined with the costs to upgrade their ATMs to a more recent version of the OS. Microsoft does offer what it calls “Custom Support” for large business that includes updates for legacy programs....

3.   Thus XP , though will be soon bidding bye for all home users but the fact is that it has proved it self yet again in terms of the swollen dependency that too pan global...that only proves yet again that XP still has a large large following.....

New Laptops without Windows 8 @ Rare

1.   Strange it may seem but the current availability of Laptops for sale in the market show a peculiar sad state of specs...ie they are available only with Windows 8.There are rare options on few sites that offer New laptops for sale without Windows OS.I have been planning to buy a laptop with i3/i5 processor and in my search over various sites I came across this sad but surprising stat.

2.  Infact leading online shopping retails in Dubai have got NIL option to buy a laptop without Windows 8.I checked up at the following sites :

- www.sharafdg.com/‎

- http://www.carrefouruae.com/

- http://www.ic4uae.com/

3.   Even the options without Windows 8 on leading retails in India have much lesser options then with Windows 8. Checked up at Flipkart, snapdeal,timesofindia shopping to mention a few.

 

 4.   Given these facts...it looks like Microsoft has put in rigorous and vigorous marketing efforts to increase there sales graph for Windows 8.For those guys who wish to buy Windows 8 laptop and then attempt removing the windows and install some Linux flavour...it is equally surprising that unlike till Windows 7 wherein it was relatively a matter of deleting Windows and installing Linux...it is complex removing Windows 8 so the user has to be content with a dual boot option wherein he has to compromise with wastage of space dedicated to Windows....

5.  Thus there is a kind of binding that comes along with these laptops with Windows 8 that you cannot mov to another OS.....:-(

XP still Continues though "eXPired"

1.    XP has now got the authorized prefix and suffix to get renamed as "eXPired" since it has been now officially announced by Microsoft as discontinued and has advised XP and Office 2003 users to migrate to Windows 7 and Office 2010 and thus systems are left vulnerable to new forms of malware. No further support to XP...no patches to update...no updates by Microsoft.....but certainly it will take time for XP to get disowned by more then a decade old loyal user population most of whom made their first PC experience with a XP machine...for a home guy who surfs net...it will be difficult to make him/her understand about how vulnerable he/she is now....actually very difficult.

2.    But what about the corporates and govt sector offices? I am sure private sector will make a fast change since it may adversely effect their business model in case of a undesired info leakage or a hack!!!Only recently I made a visit to a post office in Delhi for doing a speed post...wherein the dedicated  loyal postmaster was using a xp machine connected to Internet.I informally asked him about any upgrades in OS planned in their department to which he replied confidently that it's not required since it is working fine.Today the Indian postal department is slowly getting online.Today thanks to vision implementation of the government(though late) that we are able to locate the movement of a speed post letter...what time it was opened..whats the location and when it got delivered...etc etc..but all this can go waste and get a setback if the backbone nodes are not updated and monitored....more so if the staff handling all the machines are low on security aspect.

3.   Well...this postal department is one of the examples cited here since I just interacted with one of them today...but the risk stakes are high when we see this at national level...all the online-governance machines located in remote areas...have they been ensured removed of XP?....if it has not been done....this can be just on the lines of zero day exploits...in this case there must be millions of machines thrown open to hacking....and invasion to classified information.

Best IT SECURITY INFO & NEWS SItes

1.         IT Security enthusiasts guys/girls always keep looking forwards to discovering new sites that keep them enriched with latest happenings in the buzzing IT SECURITY world...I am listing out a list of sites that I keep abuzz with.These are not necessarily in the order of my preference or have any kind of ratings or ranking....but a whole lot of enriching info is available for every cyber security guy!!!

http://www.schneier.com/

http://thehackernews.com/

https://www.privacyrights.org/

https://www.owasp.org is specific to web application security subjects

http://www.itsecurity.com/

http://technet.microsoft.com has more of MS related aspects

http://csrc.nist.gov/

http://www.sans.org/

http://www.securityfocus.com/ : by Symantec

http://www.cert.org/

http://www.scmagazine.com/

http://www.securityweek.com/

http://nakedsecurity.sophos.com/

http://www.darkreading.com/

....surf few of them and enrich your self!!!!all the best

Windows 8 and Live USBs & CDs at logger Heads!!

1.  One feature of Windows 8 launched recently has been disabling the option to boot from a Live CD/DVD or a USB right at the beginning.....recently got hold of a Windows 8 laptop of a friend and being in the habit of recommending opensource software's I tried showing him a live DVD of Ubuntu 13.04 but was surprised that every time it booted I could never see the option of selecting option of where to boot from?...that was it...i had no option but to Google and got the answer....the option to boot any windows PC with a live DVD is passe with Windows 8....now the user has to be specific of selection of boot device only once he is inside the OS interface.Bad...Bad...Bad......that's SECURE BOOT by terminology of Microsoft

2.   Dedicated Linux users and communities are the once who immediately start getting irritating owing to this feature that has no choice as on date.The purpose of Secure Boot is to put an end to computer viruses that sneak between the hardware and the operating system. These bootkits work by getting themselves before the OS is loadde, then they make changes to the operating system while it lies defenseless on disk, and then they load the now defenseless operating system and have their way with it. Secure Boot counters the bootkit by ensuring the hardware verifies the identity and authenticity of the software that sits between the hardware and the operating system - the bootloader, and also the software embedded in hardware devices like network and graphics adapters.Although going by the past threats Secure Boot sounds like a smart solution to the bootkit problem but this would be a problem for the majority of users in long run who rely solely on pirated copies of Windows OS.!!!!

3.  This is because today most of the vendors dealing in piracy or the users using pirated DVDs of OS have a option of formatting the PC and then reloading a new OS if the present OS has some issues....and this was possible since he/she would simply choos the BOOT FROM DVD option in the beginning...but now what?If some thing goes awry with your Windows 8 OS,there is no way to access your windows or at the best you need to run to your MS maintenance site.....so there is one good aspect that it is certainly going to curb piracy....but what about the security professionals ???

4. No denying the fact that a LIVE DVD is one of the prized possession of every IT security professional that has a plethora of advantages...so does windows 8 mean an end to all those advantages!!!!its a land lock situation for windows users.I am sure this is not going to last long...may be by windows 8.1 they do something about it!!!!

HIT WICKET & OUT- Microsoft Genuine Patch crashes WINDOWS 7

1.     This is some news from the corridors of Microsoft.A genuine MS patch released for Windows 7.The patch in the dispute is "Microsoft Security Bulletin MS13-036"

2.  Redmond from Microsoft's Security Response blog blamed the glitch on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download centre.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

3.   That means Windows 7 users should uninstall the security patch Microsoft issued on Tuesday because some PCs failed to restart after applying the update.....:-).Microsoft has advised users of Win 7 and Windows Server 2008 R2* to roll-back the patch.

4.   More about the patch here.Thanks http://www.theregister.co.uk/security/

MALWARE via SUDOKU via EXCEL SHEET

1.  Sudoku is good for you brain....but it may compromise your PC if you have downloaded one of the excel files with embedded malicious script inside that offers you to play the subject game. Peter Szabo from SophosLabs has identified a piece of malware that resides behind a Microsoft Excel-based Sudoku generator. The Malware developed in Visual Basic requires macros, a scripting language that allows users to create equations based on values in different columns and rows. Microsoft – Malware behind Microsoft Excel-based Sudoku generator.

CLICK TO ENLARGE

2.   Although by default the macros are disabled in any Microsoft Office application....but any one who downloads the excel file would eventually enable the macros that run the script to play the game...so he can keep playing the game while the script in the background sets up the malware and establishes contact with its master bot.....so like always the updated Antivirus on the system will keep sitting without catching up anything.....so comes the importance of packet analyzers like Wireshark....ethreal etc...but then it becomes slight technical which in most cases would be out of purview for a common user.

MSE : Loosing Shine

1.   Since last few years any one who asked me on recommending a Antivirus for his/her PC...I would always say if you have a original Windows...then leave your worries to MSE...thats Microsoft Security Essentials ie MS's own antivirus or may be I would recommend Kaspersky PURE in few other cases who were not happy with MSE.

2.  I had been using MSE for my own system as well...and I found it worked pretty fine...light on use and had no major compatibility and configuring issues since it worked mostly in the background.But there has been some decline in recent time and efforts by Microsoft in keeping with the pace of the hackers and cyber criminals!!!

3. The AV-TEST Institute,the leading international and independent service provider in the fields of IT security and anti-virus research.It uses state-of-the-art methods and research work to carry out AV-TESTs to  directly detect the latest malware, to analyse it  and to inform web site visitors top-quality results obtained.So the latest results showed MSE being given 1.5 out of 5 maximum ratings.The screen shot from the link http://www.av-test.org/en/tests/home-user/windows-7/sepoct-2012/ is shown below :

Click on image to Enlarge

4.   And to me, that's a huge concern considering how Windows 8 itself draws on a lot of MSE for its own in-built security....:-)

Operation b70 : Microsoft Disrupts the Emerging Nitol Botnet Being Spread through an Unsecure Supply Chain

In continuation with the last post, here is more from Microsoft.Please go through this brave but honest confession from Microsoft.......ummmm!!!!I would not say confession but actually Microsoft's attempt to save millions of innocent users...must read for info at

http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx

Operation b70 : New OS from Mall comes preloaded with Malware

1.   For last few years since Cyber Crime has been making news,it has been always discussed that all free stuff on internet comes preloaded with some kind of malware or spyware or some kindda ware!!!Here's about a one month old news worth a share that defies this logic....it actually says that Malware comes inbuilt to the OS from the mall showroom from u where u made the purchase!!!!!!!!

"Microsoft’s Digital Crime Unit (DCU) has recently made this astonishing announcement.DCU conducted a study to get a sense of how much of the counterfeit software available is preloaded with malware.  Microsoft researchers purchased 20 new computers from PC malls.  These systems had counterfeit software preinstalled on them by the distributor. DCU examined the files on these PCs and found malware on four of the 20 computers that were purchased, a 20 percent infection rate.Several types of malware were pre-installed on the computers purchased from the PC mall.  This malware enabled the attackers to perform a range of actions including DDoS attacks, creating hidden access points onto the systems, keylogging and data theft.

The researchers also identified one type of malware found on these systems attempting to connect to the command and control servers of a known botnet.  The ensuing study uncovered that attackers were building this botnet by infecting digital products, like computers or software, that were then distributed through an unsecure supply channel.  The malware was also designed to spread via flash drive memory sticks. The subdomains that hosted the botnet’s command and control servers link to more than 500 different types of malware.  Some of this malware is capable of turning on cameras and microphones connected to infected systems."

4.   More on the story here. uuuuhh!!!!isn't it scary...a fresh piece of digital device that you buy comes with an inbuilt spy to spy on you and your data...... In fact it is a bold step and brave announcement by the Microsoft DCU...it could have been hidden but they found it ok to declare it open so that the user gets braver on its use...!!!

5.   DCU took legal action to disrupt the malware hosted in the subdomains, in Operation b70.  You can read more about Operation b70 and the DCU’s efforts here: http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx

6.   Thanks Microsoft and http://blogs.technet.com

Cloud Threat : Malicious Insiders

1.   A lesser known fact but a serious threat comes in form of a malicious insider ie the people who work for the organisation delivering the cloud services.In a typical organisation,one malicious insider can put the company in serious trouble and embarassment unless all are monitored by placing strict access controls and policies.Thus the threat multifolds in capacity of doing damage in case of companies who offer cloud models as service since all services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance.To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. 

2.   Recommendations by CSA are put up below :

-  Enforce strict supply chain management and conduct a comprehensive supplier assessment.

-  Specify human resource requirements as part of legal contracts.

-  Require transparency into overall information security and management practices, as well as compliance reporting.

-   Determine security breach notification processes.

3.   Thanks CSA

Cloud Threat : Unknown risk profile

1.    The best thing all of us like and promote about cloud is that we have very little and reduced investment in software and hardware and also that the cloud user is able to focus on his core business.Like for a bank he should not be worried about what server should he buy or what storage should he provision...the bank should be able to focus on how to improve the banking procedures and profits.So this way the distraction is less for the prime user.But at the same time these benefits must be weighed carefully against the contradictory security concerns which are complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security requirements and musts.Would ever the Bank,in an case example,bother to know the Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design ?I am sure no bank would do that once they have outsourced their worries to the Cloud.Details and Information with whom the same infrastructure is being shared becomes critical.One loose hole and u get compromised.Although this is not so easy....but we should know that the cyber criminals and hackers work more then us to keep all of us on toes and if successful then on Knees:-)

2. An old, 2009, real case example exploiting this specific threat is available at http://www.pcworld.com/article/158038/heartland_has_no_heart_for_violated_customers.html

3.  Recommendations by CSA :

-  Disclosure of applicable logs and data.

-  Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.).

-  Monitoring and alerting on necessary information.

4.  Thanks https://cloudsecurityalliance.org

Cloud Threat : Insecure Interfaces and APIs

1.    How does a typical cloud user interacts,manages and configures his cloud ? This interaction is achieved with Cloud Computing providers exposing the user to a set of software interfaces or APIs.Thus the overall demand,settings,managing and all configuration is achieved using this interface and APIs only.Thus comes the aspect of security of handling and designing these interfaces and APIs.The security and availability of ANY cloud service is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.Not only this,but all the third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API.The recommended remediation's vide CSA are mentioned below :

- Analyze the security model of cloud provider interfaces.

- Ensure strong authentication and access controls are implemented in concert with encrypted transmission.

- Understand the dependency chain associated with the API

2.   Thanks CSA : CLOUD SECURITY ALLIANCE

Cloud Threat : Shared Technology Issues

1.   When a computer processor is designed/manufactured...viz core 2 Duo or quad-core processor or for this purpose any processor,the processor doesn't know what will it be finally used for....I mean it may be used as a standalone machine or a server machine!!!Here's the issue..ie this processor was not meant to be used for cloud....but how does this matter?This matter because from the security point of view this processor was meant to support strong ISOLATION properties which is not the case in routine manufacturing.Only dependent on the hypervisors for the regular interface as discussed at an earlier post here.In cases of cloud we have to handle two platforms ..one is the OS running like windows or any other OS which comes along with inbuilt and already exploited vulnerabilities that keep getting patched(what about Zero day???) and the other is hypervisor vulnerabilities(just google on hypersvisor vulnerabilities and u see what's in store to get surprised).Both of these combined together would be deadly if not taken care of...because in the cloud world, reacting to a damage would be like taking some one to hospital after an accident or a bomb blast whereas it should be the other way round....remove all possibilities of the accident and ensure 100% secure Areas....latter being too tough to imagine in current environment.

2.   I read about this few years back when I was not very much clear on Cloud Computing concepts(though still naive but better then past!!! :-),there was an incident involving a hypervisor breach that was not widely publicized.Now if u know about XBox 360(is a video game console developed by Microsoft that competes with Sony's PlayStation 3 and Nintendo's Wii),it has an embedded hypervisor (surprisingly not Hyper-V),so it was some time in 2007, that there was a documented buffer overflow vulnerability in this hypervisor which could be exploited to gain access to the hypervisor mode and thus, to the entire system. Microsoft immediately released a patch for this.Now unlike regular Windows OS Option, patches are not optional for Xbox users. Thus,the patch was applied the next time a user connected to Xbox Live or installed a new game. Proof of concepts quickly appeared that exploited the hypervisor vulnerability as well as online documentation on how people have used the Xbox “hypervisor exploit” to crack their systems.(...got this info from http://blogs.gartner.com/neil_macdonald/2009/02/20/hypervisor-attacks-in-the-real-world/)

3.   Thus arises a need for strong secured compartments to ensure that the individual cloud users are not compromised in a manner that would ensure unmanageable losses in monitory terms as well as brand devaluation.The CSA gives the following point wise remidiation format for designing the policy boundaries to counter Shared Technology Issues : 

-  Promote strong authentication and access control for administrative access and operations.

-  Monitor environment for unauthorized changes/activity.

-  Enforce service level agreements for patching and vulnerability remediation.

-  Implement security best practices for installation/configuration.

-  Conduct vulnerability scanning and configuration audits.

Internet Explorer : Vulnerable as always!!!

1.   Microsoft IE vulnerability CVE-2012-1889 is the latest to generate interest amongst avid cyber security readers. The special thing about this vulnerability is that it focusses on users using Gmail, MS Office and Internet Explorer. And the sad thing is that this is still a ZERO day exploit...... Rapid 7,Security software company,explains the vulnerability as follows:

“This is an uninitialized memory bug found in MSXML. According to Microsoft, such a component can be loaded from either Internet Explorer and Microsoft Office. This vulnerability is rumored to be “state-sponsored”, and what makes it really critical is it’s still an 0-day hijacking Gmail accounts. That’s right, that means if you’re using Gmail as well as Internet Explorer or Microsoft Office, you’re at risk. We expect this vulnerability to grow even more dangerous since there’s no patch, and it’s rather easy to trigger.”

2.    Whatever may say...majority of the users still by default keep using IE across the globe....when I see my own blog stats,about 60 % of the visitors use IE...and as we all keep seeing the exponential growth in the users of internet across the globe....but sadly the awareness level of how vulnerable they all are is unknown and is growing at a similar rate!!!

3.    Got the reference from here.Thanks https://community.rapid7.com.

Zoomit : Incredibly Useful Tool from Microsoft

1.     In any of the presentations or on screen visuals on projections system to a live audience we invariably require sometimes to let the audience get focused on something we would like them to see only on the screen......I mean zooming on a portion of screen without getting into the practise of coming out of ppt or ur application and running magnifier or some similar third party application.....here's what zoomit does free for you without any major installation worries!!!

2.   ZoomIt is screen zoom and annotation tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. I wrote ZoomIt to fit my specific needs and use it in all my presentations.ZoomIt works on all versions of Windows and you can use pen input for ZoomIt drawing on tablet PCs.

3.  Download and start using it .....from http://technet.microsoft.com/en-us/sysinternals/bb897434.aspx

POWERFUL THAN ADMINISTRATOR ACCOUNT : SYSTEM LOGIN

1.  So here is something unheard to those who thought that ADMINISTRATOR was the king of the respective PC account.So for those who think so...ever thought why r u unable to fiddle with system files when u r the owner... that's because there is a SYSTEM account over and above the administrator who can delete the administrator account!!!!yes u read it right....so how do u get to the system account.I am giving it a step by step attempt here with screen shots!!

2.  Firstly...get to your desktop and see ur user name...mine is windowsxp ie a user account with admin priveleges as shown below :

3.    Secondly,get to the command prompt and create a schedule to run cmd.exe as follows :

at 14:51 /interactive “cmd.exe”

*** The time mentioned here can be a minute or two ahead of whats the time u doing this action.

 4.   You can check schedule by typing “at“ and hitting enter after the above step.

5.    Now Wait for the time you set for the schedule and u see that cmd.exe would be launched at the specified time and a subsequent command prompt windows will open automatically.

6.    Now go to ur desktop without closing any window and reach the task manager and kill the explorer.exe file under the process tab.

7.    Close the first cmd window and not the second one.

8.    Reach the root directory by pressing cd\

9.    Type start explorer...thats it...now u logged in as the System.....as shown:

 10.   Point to note :

- This is only for educational and info pupose.
- Never attempt it on a live system.
- Always do it on a virtualbox or Virtual machine or virtual PC.

11.   Thanks http://alieneyes.wordpress.com