Luketan/computer security

This service provides disposable one-time passwords for the following services gmail, microsoft hotmail, yahoomail, gmx, myspace and web.de

The idea here is that on a secure computer (your own!), you register with the service to generate a list of one-time passwords (maximum 40).

When you want to logon on a public computer, you don't trust, all you need to do is to go to kyps.net and logon using one of the one-time passwords.

The nice thing is, even if your password is captured, it cannot be re-used.







A nice touch is that you don't really need to trust kyps with your password at least not until you want to use it.

"Not providing your password: If you choose to not provide your password on the KYPS registraton page, then, on the next page, a Java applet is provided "

"This applet asks for your password and generates your one-time codes for you. Note that the applet generates your codes as ordinary text. You will have to copy-paste the codes into a text editor in order to print them.

If you would like to convince yourself that the applet does not leak your password, you may disconnect your computer from the network before providing your password to the applet. You are encouraged to select this method if you would not like to disclose your password to the KYPS server at registration time. However, keep in mind, that, if you use KYPS for logging into a website, the KYPS server will recover your password using the code you supply. Nevertheless, this mode of registration allows you to postpone your decision on whether or not to trust the KYPS server with your password until the time you will actually want to login from an untrusted computer."

Technically what the service does is to generate random pads (one for each disposable password you desire) of 144 bits. Your password is xored against these pads to form the disposable passwords. This last step can be done locally on your own computer using a simple java applet.

The server itself stores only the one-time pads but does not have your password. Only when you enter your disposable password, *then* the password can be reconstructed.


More technical details here and here

Malwarebyte's Anti-Malware is a promising new antispyware, developed from the guys at malwarebytes.org [malwarebytes.org] . This is a well known organization in the antispyware circles, that has produced reputable tools like rogue remover (a application that targets rogue antimalware).

Despite what it says on some download sites, it is freeware (not shareware) with zero time limitations, though like most antispyware you only get real time protection by registering.

I'm not a user of this. But it is by a fairly reputable company (Pctools own spyware doctor). And one of the relatively few freeware firewalls that work in vista. New version 3.0.0.52 was just released. My pick

Past versions were weak against leak tests. But the just released PC Tools Firewall v3.0.0.52 has anti-leak capabilities and application protection that should improve results in this area.

See Change log for Pctools firewall 3.0.0.52

Beta tool, to analyze EULAs. Similar to Eulaylzer by Javacool

Yet another online scanner. This one uses Hitman pro which itself is a shell for managing several malware scanners. It has a limit up up to 8mb. The main engine appears to be McAfee and NOD32.

Blog

From the page: "The ESET Online Scanner is an easy-to-use, free service that runs in web browsers. It provides people with a tool to remove malware without having to install an anti-virus program on their computers. The ESET Online Scanner uses the same engine and signatures as ESET NOD32 Antivirus, and is always up-to-date."



New!

From the page: "on is ON, your Windows system is running on a virtual partition meaning that every single change in the system partition actually takes place in memory. Therefore, all data and modifications will be lost after your system reboots. By restarting you PC, Returnil will discard all attempted changes made to your System Partition while Protection is ON.When the Returnil Protection is OFF, you can install or remove any programs"

Very interesting, these shadow type software seem to be falling out of the sky for free these days.

Like PowerShadow, Shadow Surfer, Windows Steady State , this virtualizes your system partition ,so that on reset all changes are gone.



I was somewhat confused at first between the options "Sesson Lock" and "System Protection". but essentially, when you turn on System Protection (see screenshot below), it will force a reboot, and from then on (until you turn it off), it will always start in virtual/shadow mode.



On the other hand, if this feature is off, you will start windows in normal mode as usual, but by selecting "session lock" you go into virtual/shadow mode immediately without the need to reboot.

The main drawback of this type of software is that *every* change you make is gone. This isn't a problem if you can save changes in a seperate disk partition or on a USB drive, but a lot of people only have one partition.

Returnil solves this little problem, by offering to mount a virtual Z drive, where you can store files that will not be removed. See screenshot



Returnmil claims to be safer than its rivals because all temporary changes are kept in memory as opposed to being written on the hard-disk as well as helping to extend the life of the hard-disk. I'm not qualified to address these claims, but I can report that performance wise, if anything Returnnil is actually better than Windows SteadyState! Even on a Virtual machine that is allocated only 256 Mb of Ram (system requirements states 128MB for XP), there is no appreciable load at all!

Currently it is my favourite