Sponsoer by :

Sunday, June 26, 2011

Techradar

Sponsored

Techradar


Tutorial: Hacking tools you can use to protect your PC

Posted: 25 Jun 2011 05:00 AM PDT

What tools do security professionals and hackers rely on? It's a question whose answer changes as quickly as the online threat landscape, but there are some favourites in the current toolkit that never go out of fashion.

Far from being major, comprehensive attack platforms, these utilities usually do one obscure thing quickly and reliably. Their developers simply keep updating them to add new facilities and, crucially, to make them easier to use.

Some of these utilities are online, while others can be carried on a USB pen drive. The common factor is that they're available to anyone. While every security researcher and hacker typically carries a small armoury of such tools, they have their own ways of using them to assess security or mount attacks.

Dig services

Dig

The first step in mounting an attack or securing an online information resource is to assess what is visible to others over the internet. For large organisations, more than just the mail and web servers will be visible. Sometimes this is a mistake on the part of the network administrator, but sometimes it's done for misplaced expediency.

However, both these reasons can lead to a full-scale exploit of the internal network. The best and safest way to assess what's visible is to use a public Dig service.

Dig stands for 'Domain Information Groper'. Such services interrogate the global DNS system for details about a target. Using a Dig service, you can uncover several classes of information, including the local DNS servers, web servers and mail servers (mail exchangers in DNS speak). It's sometimes also possible to uncover plenty of addresses of computers that really shouldn't be online, but which someone has added to DNS in the mistaken belief that others won't know they're there.

This goes against the maxim that 'security through obscurity is no security'. One such Dig service is provided here. To get started, enter the name of a domain (without the 'www.') and click the button marked 'Dig'. Depending on how much information DNS holds about a domain, Dig's output can be very comprehensive, and gives a good overview of the parts of a network that can be seen from the internet.

The most important part of this information begins after the line containing the words 'ANSWER SECTION'. This gives the fixed IP addresses of any internet-facing servers. For a website hosted by a third-party company, this will be the IP address of the shared server on which the site resides.

You can focus the information returned by selecting the 'Type' dropdown menu. 'Network addresses' will return only the IP addresses of any server that can be contacted directly. You can also return only information about the mail exchangers and the domain's authoritative DNS nameservers.

Most Dig services let you try something called a zone transfer. This shouldn't be possible these days, but back when network administrators were less focused on security than keeping internet connectivity going, zone transfers were possible from many DNS nameservers.

A zone transfer is a transfer of authoritative domain information. It's meant to occur only between nameservers, but poorly configured nameservers will let anyone request one.

A zone transfer contains a long list of computers and their IP addresses, which, while not listed in DNS, have a direct connection to the internet and are vulnerable to attack. This information is ideal for hackers, who need to scan a range of IP addresses to build a list of targets without tripping any intrusion detection systems.

NMap

Zenmap

The next step is knowing which hosts are available on a network, and what ports they have open. The great granddaddy of port mappers is NMap.

It's grown into an essential tool for anyone interested in online security. NMap was originally a Linux command line tool, but it's been ported to Windows and given a snazzy GUI front end called Zenmap. The underlying NMap has a huge number of command line options, but Zenmap makes it considerably easier to use. Get the Windows version here.

The installer includes the WinPcap driver software that forms the special packets needed to probe the TCP/IP stacks of remote hosts, and gain information identifying the OS running on that host.

Once installation is complete, run Zenap and the user interface should appear. Enter the IP address of a computer on your own network in the 'Target' box, and select 'Quick scan' on the 'Profile' menu. Click 'Scan'. This produces an overview of which ports are open and listening on the target PC. This includes the MAC address of the target's network card, which Zenmap uses to determine the manufacturer.

This is the kind of information that a hacker will use to look up exploits that may grant him access or the ability to create mayhem due to bugs in the firmware on the network card. For a more comprehensive view of the machine, select 'Intense scan, all TCP ports' and click 'Scan'.

This fires a large number of packets at all 65535 ports on the target PC. It also interrogates the machine, revealing clues about its running OS. This information is vital in determining the next course of action to penetrate the system.

One of Zenmap's particularly useful features is the ability to scan an entire subnet for targets, which it then interrogates for details. Simply substitute the last number in the IP address for an asterisk ('192.168.0.*' for example). This is also a great way to see if anything has been connected to your network secretly.

NBTEnum

NBTEnum

Once we know what targets are available to a hacker who has penetrated our defences and can see our network, the next task is to try to discover what facilities each machine offers for exploit. This is important because, even if the hacker can't exploit them directly, they may well be able to interrogate them to produce much more useful information.

NBTEnum, originally written by Reed Arvin, is a very old utility that is now difficult to find, but don't let its age or obscurity fool you. NBTEnum can uncover shockingly large amounts of information from an unprotected Windows PC just by asking for it. You can currently download NBTEnum from the Packet Storm security website.

Open the ZIP file and move the contents into a new folder. NBTEnum is a command line utility, so open a command prompt and navigate to its directory.

To run enum, enter the command NBTEnum -q , substituting the address of a Windows PC on your network where appropriate. If the target accepts connection requests via its NetBIOS service, NBTEnum will create a web page detailing what this shockingly indiscrete service tells it.

Open this in a browser and you should, at minimum, see that NBTEnum has enumerated the shares (if any) that the target says are available for remote mounting. If you know a username and password on the target computer, you can reveal a huge amount of information.

Enter NBTEnum -s , making the necessary substitutions. NBTEnum generates more verbiage, but the resultant web page can offer masses of detail.

NBTEnum can also recover the open shares, users and groups, whether accounts are enabled, their lockout threshold and on Windows 7, a full list of services including which ones are currently running. This is all still possible because so many people insist on having no password, one that is simply guessed, or one that is the same as their username.

When I was a network security consultant, finding a network populated by targets running older versions of Windows usually meant a day running NBTEnum against them with a username of 'Guest' and no password. By default, the guest account was enabled and unprotected - perfect to shock network administrators into disabling such accounts.

InSSIDer

InSSIDer

We live in an increasingly wireless world, but the nature of a wireless signal means the information it carries is broadcast over a wide area. There are a large number of tools that can be used to survey the local Wi-Fi landscape, but one of the best is the Windows port of InSSIDder 2 by Metageek. You can download InSSIDer here.

When run, InSSIDer begins discovering and enumerating the Wi-Fi networks in range. The top half of the interface fills with details of the networks, including their security level. Those with 'none' are wide open for anyone to log in and look around. Those using the older WEP protection are potentially vulnerable to attack, because the algorithm has weaknesses that can be exploited.

In the average neighbourhood, there could be as many as three dozen networks in range, some without any protection. InSSIDer's also displays the Wi-Fi channel used by each router within range.

Change yours to a channel not used in your area and you could see an improvement in overall data transfer speeds.



Tutorial: How to overclock the GTX 590

Posted: 25 Jun 2011 03:00 AM PDT

Nvidia's GTX 590 is not a card that needs to be overclocked for gaming performance. Two GF110 GPUs, as found on the GTX 580, working in unison will kick any game's behind, and the idea of being short of frames with the card's stock clock settings is wild and preposterous.

What's intriguing about the spec sheet of the 590 though is that each GPU has been down-clocked significantly to sit safely on the same bit of circuit board (any lisping readers are invited to read that last part aloud).

While a big performance increase is evident from single to dual-GPU cards, the 590 doesn't produce twice the performance of the 580. That means there's potentially some untapped power in the 590.

Obviously the clock settings have been tamed for the sake of power and temperature. After all, there's only one fan lying between the two chips, and it'd be an awful shame to overheat the card and damage so much expensive circuitry.

Why risk it?

Well, firstly it's a lot safer to mess around with clock settings since Nvidia implemented a core voltage limit in their latest v267.91 driver release. The default 0.938V is now locked down.

Okay, that's slightly less headroom for overclocking, but voltage is unwise to mess with unless you're really sure what you're doing. There are already fables of people exploiting the previously unlocked voltage control and blowing up their 590s. Remember to update your drivers before you start tweaking, eh?

The biggest motivation for this overclock though, is simply to push graphics card performance to the limit. The GTX 590 is currently not only the fastest but also most expensive graphics card out there. Anyone who owns one does so to own the best of the best. So what if the best can get a bit better?

Number crunching

Heaven

The best thing about overclocking your graphics card is that you can do it all in Windows - being able to push the numbers up and check stability without constantly restarting and going back into the BIOS saves a lot of time.

Using MSI Afterburner allows you to not only alter shader/core and memory clocks and fan speeds, but also monitor temperature too. The reference GPU core clock is 607MHz on a GTX 590, and 772MHz on the 580, and the processor clocks match up 1,215MHz to 1,544MHz.

There's also a 300MHz down-clocking of the memory clock as well. Those huge gaps makes it tempting to ramp up the clocks by large imcrements immediately (using the logic that it's the same GF110 chip) but it's quite simply impossible to match the 580's spec.

Don't see that as the final objective. Instead, bump up one individual core in 10MHz increments, leaving the cores you're not overclocking at stock levels.

That said, Afterburner allows the core and shader clock adjustments to be synced, which is recommended as manipulating these cores independently can lead to unnecessary instability rather than heat or voltage holding you back, these cores simply don't operate properly when one's hugely overclocked and the other isn't.

Slow and stable

Rig

Moving up in such minute amounts sounds slow and painful, but you'll soon see if your system's stable by running a benchmark like Unigine's Heaven. If it crashes, your system's not stable…

The reference fan attached to that GTX 590 is mild-mannered at low speeds, but at 100 per cent it's a hair dryer from hell. In order to get the biggest overclock, it will need to be running at full speed. We wait with baited breath for some aftermarket coolers with a fan for each GF110 chip, but until that day, it's just the noisy old reference fan chugging away.

Once you've found the tipping point for each core, it's time to overclock multiple cores. It really helps to run a benchmark that gives you minimum, maximum and average frames per second as this will show which cores are boosting performance the most, and as such which are worth trying together.

Again, don't expect miracles, log every benchmark result and crash.

Hitting the heights

Afterburner

Overclocking results will never translate directly from one machine to another, particularly with different PSUs: there are too many variables. However, we managed to get the core clock running at a stable 687MHz with no other cores overclocked, and again the individually overclocked memory core running at 1957MHz without any tantrums.

When both GPUs are overclocked together, core and memory clocks run stably at 657MHz and 1,857MHz respectively. And, give or take a few megahertz here and there, most systems with a decent PSU should be able to handle similar settings.

That's a respectable step-up in raw numbers and adds a few extra frames to the games it already blitzes. But then, it was never about improving gaming performance, was it?

The GTX 590 is a graphics card for reaching extremes, and those extremes are that little bit more satisfying for having reached them yourself.

Technical analysis

The final stable core and memory clock settings offer yet more surplus frames to the most demanding graphical tasks out there.

It's worth noting factory overclocked versions of the GTX 590 will enter the market sporting clock settings that can be approximated, if not matched, by some simple software tweaking with the reference card.

Tech labs

DirectX 11 performance

Heaven 2.5: Frames per second: Higher is better

Stock: 59.4
Overclocked: 63.9

DirectX 11 gaming performance

Just Cause 2: Frames per second: Higher is better

Stock: 66.39
Overclocked: 67.18

AvP: Frames per second: Higher is better

Stock: 80
Overclocked: 85

Load temperature performance

Load: Degree Celsius: Lower is better

Stock: 79
Overclocked: 85



Review: Bowers and Wilkins DB1

Posted: 25 Jun 2011 03:00 AM PDT

Bowers & Wilkins 800 Diamond Series loudspeakers deserve to be partnered with an equally high-end woofer. Which is why the Brit brand designed the DB1 – a 2 x 12-inch driver behemoth fed by a 1,000W amp.

The enclosure is sealed and sits upon a square plinth that houses the DSP system. If you turn the woofer over, you find you can disconnect some bolts, swivel the base through 90˚ and thus change the alignment of the woofer drivers with your room (you might want to go along a wall), while still keeping the display of the subwoofer showing. Neat.

B&W supplies a lovely set of bits with the DB1. For a start, there's a soundcard dongle for a laptop, then a microphone on a gooseneck and wires to connect them. Owners should use this. I can attest that, while the sub sounds fabulous un-tuned, (I tried it that way for a while) what happens when it has run the test tones is wonderful.

Fully room-applied equalisation, with response down as low as a snake's belly, results in tight, taut control and astonishing hi-fi-like experiences from a good source.

Chopin on fire

As well as the movie selections that I played with, one of the most amazing and revelatory demos in a very long career was a Chopin piano piece in stereo, recorded in a church. Through a pair of stand-mounted speakers it was pleasant, tinkly, very posh, but with no bass at all.

Then, the woofer was fired up. Suddenly, just like the time I was sat in front of the Steinway Model D £150,000 speakers, I could feel the acoustic space the piano was recorded in. There was no bass, no lows at all, but there were large chunks of the acoustic signature of the church. Sub-sonic swells and lumps of soundwaves bounced around with huge wavelengths that all added up to the awesome, sepulchral acoustics of a house of God.

For a fat reviewer who thought he knew it all, it was quite revelatory. With other material, the sheer totality of grip and accuracy that B&W's flagship woofer could muster, and the effortless melodic tracking of bass in music, was impressive – the DB1 is capable of acts of incredible delicacy and grace, like an elephant picking up a single blade of grass with the tippy-ends of its trunk. But like the elephant, it can make the ground quake, and with the action movies I screened it could lift you out of your seat.

Engineering excellence

It might seem absurd to some people that a high-end subwoofer should cost so much and be so very powerful, but this is still a triumph of compact engineering. The same cone area, or rather more, than one of the mighty-sized 15-inch or even 18-inch woofers of this world has been used, with a very big, yet not megalomaniacal, amplifier.

And with its shiny cabinet and a dozen super-strong Neodymium magnets holding the neat plastic and cloth grilles over the twin drivers, it looks very sexy indeed.

B&W's DB1 is fit to partner the finest of speakers, and (with a sorry nod to Eclipse TD) may just be the finest, most accurate subwoofer in the world.



Review: Samsung UE40D7000

Posted: 25 Jun 2011 02:30 AM PDT

Like its UE55D8000 sibling reviewed previously, the UE40D7000 is a mighty stylish TV, with a bezel that's so slender (barely a centimetre) that it's barely there at all.

Moreover, the slimness is emphasised by the fact that most of the frame is transparent. The design is perhaps not quite as opulent as that of the D8000 series, with its more metallic finish, but many people might prefer the D7000's more subtle approach.

The main remote control you get as standard is a pretty likeable affair, sporting a sensible layout and nice finish, although it's not as fashionable as the TV itself.

The D7000's spec sheet quickly reveals a welcome surprise: apparently the set's features don't differ in any significant way from that of the D8000 series, and the only aspect that separates the two ranges is the latter's higher build quality. It's rather nice to think that you can save yourself £100-£150 or so by getting the D7000, while only having to compromise on design.

Heading up the screen's features is, of course, its 3D playback. This uses active 3D technology, with one pair of active shutter glasses thrown into the package. This is more than you get with Panasonic's GT30 3D series, but well short of the seven free pairs of (polarised) glasses you get with LG's passive 3D TVs.

Samsung has now shifted to Bluetooth technology for its 3D glasses, believing this delivers a more stable connection with the TV's transmitter. The brand has also created some optional designer glasses, which are intended to prove that active shutter glasses don't have to be cumbersome and heavy.

Staying with the set's 3D features, it carries a 2D to 3D conversion process that works using five different visual depth 'cues' versus the two or three used by other brands' 2D-3D converters. This really makes a difference, too, as a combination of more depth and less depth errors help Samsung produce the best upconverted 3D image yet.

Samsung ue40d7000

The set's other party trick is its Smart TV functions. Essentially, this is a big upgrade of Samsung's 2010 Internet@TV online service, introducing loads more new 'apps', an open internet browser and a brilliant new interface.

Starting with this interface, Samsung has essentially designed a new 'home page' for the D7000 that presents you with icon-driven leap-off points to nigh-on all your sources, be they an AV input, material streamed from your DLNA PC, content stored on USB sticks or HDDs (you can also record to HDDs from the Freeview HD/Freesat HD tuners), and Samsung's latest bank of online content delivery platforms. There's even a universal search tool on this 'home page', which enables you to browse all your available sources, including the web, for particular TV shows or files.

Samsung's online features include the best part of 40 apps (this will inevitably increase), covering everything from games through to news, information, social networking and video sources. Among the best of the apps are LOVEFiLM, Yahoo, Skype, Acetrax, Facebook, Twitter, the BBC iPlayer and Googlemaps.

Balancing act

Picture tinkerers will find plenty to keep them busy on the D7000, including a healthy degree of colour management, all manner of processes for boosting colours, contrast and black level and, best of all, lots of flexibility and control over the motion processing.

Dubbed Motion Plus, and backed up by Samsung's '800CMR' system, you can adjust the amount of processing applied to its judder and blur components, a level of flexibility that proves immensely helpful in achieving a balance where motion looks cleaner without the picture looking processed.

Unleashed on both a recent 3D football match on Sky and the 3D Green Hornet Blu-ray, the D7000 proves a very good stereoscopic performer. The amount of detail in its 3D pictures is particularly excellent, leaving the Green Hornet disc looking as crisp and textured in 3D as it does in 2D.

It has to be said that this resolution advantage of active 3D over passive isn't as pronounced on the D7000's 40-inch screen as it is on the much larger 55D8000, but it's certainly there.

The football match, meanwhile, as well as bright scenes on the Blu-ray, such as the Black Beauty burial sequence, look impressively punchy and dynamic, reminding us that Samsung's LED 3D TVs suffer less from dramatic brightness reductions in 3D mode than most active shutter televisions.

Shadow play

Samsung ue40d7000

A handy knock-on effect of this 3D brightness is that there's more shadow detail in dark parts of the picture than you usually see. This is particularly evident in the apparent depth of the backgrounds of the night time Green Hornet scenes, such as the decapitation of his father's statue in the park.

There's hardly any crosstalk during dark scenes, either, marking a big improvement from last year's Samsung 3D LED TVs. There is, however, minimal crosstalk during very bright scenes, and more than I saw on the latest Panasonic TX-P55VT30.

Given that 3D will only occupy a small amount of your viewing time, it's all the more important that the D7000 is also a great 2D performer. It upscales standard-definition material with real aplomb, adding detail and sharpness, while simultaneously suppressing noise without compromising colour tones.

HD footage, meanwhile, enjoys immense sharpness and clarity, underlined by one of the most expansive contrast performance I've seen from a 40-inch LCD TV. What's more, provided you don't leave the backlight level set too high, the backlight illumination looks pretty even; there are some minor patches of extra brightness in the corners of the picture, but they're hardly distracting, even during very dark scenes.

Motion is quite clear and smooth even without Motion Flow in play, and, in fact, many people will probably prefer to leave it off, as it can cause a few processing side-effects. But as noted earlier, it's got the flexibility to be adjusted to suit your tastes, so don't be afraid to tinker with it at least.

Colours are explosively rich and punchy in 2D mode, too, yet their extreme saturations don't prevent the TV from delivering subtle shifts in tone or looking natural.

Tech labs

Power consumption: Watts

White screen: 77W

With our standard 100IRE full white display, power consumption is less than you would expect for a set of this size.

Test footage: 70W

Typical movie footage and full volume sound and the consumption drops from the 100IRE test screen.

Contrast ratio:

Claimed: *not officially stated*

Standard Mode: 230,700:1 (0IRE: 0.00fL/100IRE: 67.3fL)
After claibration: 231,900:1 (0IRE: 0.00fL/100IRE: 67.7fL)

There's no quoted contrast ratio, but at over 230,000:1 the measurement after calibration is pretty stunning.

Colour accuracy:

Presets: In addition to the range of picture modes of which Movie is the closest, there are four CT presets, and a manual RGB mode which delivers a perfect 6500K.

1. Standard: 8,600K
2. Dynamic: 10,200K
3. Natural: 8,400K
4. Movie: 6,300K
5. Standard Mode with Colour Tone set to 'Warm2': 6,600K

Notes:

While the Movie mode was pretty close to the ideal 6,500K colour temperature, even closer was Standard picture mode with the Colour tone setting in the Picture options sub-menu changed to the Warm 2 preset.

Full adjustment is available from the advanced menu to get the 6,500K exact. Advanded options offer two 'Expert Patterns' though they will not prove all that useful except for the black and white pattern for adjusting the contrast/brightness.

Interestingly, while adjusting the contrast to our test pattern the setting was maxed out while it seemed it should be adjusted slightly higher. However increasing the contrast reduced the red luminance and the colour temprature increased by roughly 300K.

Audio asset

Accompanying the D7000's excellent pictures is some surprisingly decent audio. Samsung's slim, edge LED TVs have traditionally struggled to sound credible, but the set's audio is clean, reasonably dynamic and quite punchy, though more bass extension wouldn't have gone amiss.

Overall, the UE40D7000 is another hugely desirable TV from Samsung. There's room for improvement where 3D crosstalk is concerned, but it's still a very good 3D performer, while its 2D pictures are outstanding. All wrapped up in a to-die-for body.



No comments:

Post a Comment

My Blog List