Hacking the company's laptop

This articles talks about hacking and other activities which may seems to be illegal and will certainly get you into trouble if you are caught doing it. I would advise you read it as a form of entertainment and treat it as entirely fiction without any truth in it. Ok, let’s set this imaginary environment.

WE all had laptops for a long, long time that I did not even remember the days where laptop did not exist. Due to special considerations, my department had always had the privilege of admin rights on our laptop due to the work we do. We are required to install software, run privilege tasks etc on a daily basis. We never imagine the day that this would end. We never had the problem of facing this. Until now.

Due to new firm requirement, we are required to upgrade to a new version of the laptop OS with some enhancements as well as a new set of software for our work. This time, the top management came down on us hard and decided that we should not have administrative rights to the corporate laptop because we are supposed to perform our privileged task on another laptop. Ok, let’s leave that out of our story. The fact that we may be caught out in the field for weeks, it does not seems logical that we do not have access to our email and other corporate information systems. Therefore, we NEED to have administrative rights to the laptop. SOMEHOW.

Let’s pause for a minute if you feel that we need to discuss the moral and legal issue here. Like I said, its an imaginary environment. By all rights of standard, we should never have to ask for any thing and everything is given. However, this does not actually happen in the real world or for that matters, this imaginary world of our. So, someone needs to be the hero. Someone need to break some rules. Someone will have to do it. Yes, I know, that would be me.

Ok, lets come back to the story. So, many of us find that we cannot even insert a thumbdrive (oops, sorry, flashdrive) without triggering an administrative prompt. Life has been hell since the upgrade and it seems like the end of days is just about to begin. Unknown to most, a few of us are already beginning to work on this “problem”. The intention is just to be able to have enough rights to perform some of our installations etc without having to tear the laptop apart. Of course, in the process, we would not want to trigger any alert or alarms as well. Hackers get caught. Good hackers DON’T get caught.

So, we narrowed down our options. One of the endgame objectives would no doubt be the administrative rights. A more direct answer would be the administrator password. And inside our laptop, there is the local administrator account, which is used by the IT support department to roll out updates and perform installation on our laptop. This seems like the very object we want.

Usually before I go about the hard way, I try the easy way. In fact, the easy way usually works. I tried a few passwords. No luck. In fact, I was very caution to ensure that password lockout was not enable on this account. For very obvious reasons, if this account is lockout, it will be difficult to recover the system. I always wonder if this is the reason why everyone wants to attack the admin account, beside than knowing it has the rights of god on the machine. So, it does not use a simple password.

Another very direct way to recover a system is to wipe the password. This is more effective than you can imagine. I had broken tons of laptop whose owner does not want me to enter their system by simply rebooting into my boot CD and wiping off the administrator password. However, we have a problem here. This system is protected by a disk based encryption. When we boot up from a foreign OS, the encrypted partition simple will not mount. In fact, this was one problem I was dying to crack. Anyway, wiping the password is not the way to go.

Another approach is to extract the password hash. We all heard of rainbow tables and LCP. I guess this would be easy. I had extracted lots of passwords hashes in the past using PWDump or FGDump. One obstacle lies ahead. Antivirus. The antivirus is switch on to the maximum mode which simply detect and delete anything and everything it feels is dangerous. This includes some of our tools which we use for work as well. Nasty. The question is : Do I want to break the antivirus as well? Antivirus firm has spend millions on R&D to ensure their solution works and works well in a corporate environment. I am sure they had figured out that someone will want to disabled or uninstall their product in the corporate. Secondly, I also do not want to trigger some alarm if I had my antivirus off.  

In the above detail, I mentioned how easy it was for me to obtain my administrator’s right simply by social engineering the IT support department. However, that doesn’t not solve ALL the problems we have. It is good to have a laptop with an additional local admin account, but it is not enough to simply have that. There are still other helpless laptops out there. Ultimately, what I wanted was the admin account so that I can help them out too.

While I have my admin rights, it’s easy and simple to just change the password of the admin account to whatever I like, but that’s not my aim. I also realized that in order to push my hacking tools onto the laptop to extract the password hash, I will probably have to disable or uninstall the antivirus system because it is basically blocking and deleting my software whenever I copy it in.

Touching the antivirus is probably not where I want to go. Basically, messing with the antivirus may trigger some audit alarms which will not look nice on me. Secondly, I may not be able to properly uninstall or install the antivirus back because it may have a secondary password or some required files for the group policy. Enterprise level antivirus usually has all these additional stuffs. Destroying the antivirus will be a last resort for me.

Just to recall in the first article, the hard disk has a disk based encryption and that is why I am unable to use a boot disk or boot CD to extract the password hash.  In short, I am pretty screw if I continue in this path to try to extract the password hash. In a separate thread, I did manage to break one of these systems using a floppy boot up, but that’s another story. I had another thought. That is to install the system console and boot that up. But the chances that I will be able to run or do anything else in that restricted shell is quite close to none. So, what will be better than the password hash? Answer : The password itself.

So, how can one get the password? Let’s backtrack this a bit. How does the IT department upgrade and change all our passwords? Typically if you work smart, you will either push it down a GPO or use some sort of batch processing, maybe even SMS or WUSS. Now, being such a huge enterprise, I would guess they would use at least one of these. I strike GPO off because the admin account is a local account. So, what I will do is to find out how they changed the password (in batch).

I do not know why, but my IT department like to leave a link to their software repository around on their desktop. I guess that’s probably the root of corporate piracy if any happens here. In any case, this is the place I would start. Looking through the folders, I basically had gone through these times to times for other reasons, so pretty much know which are the new stuffs, or simply just sort them by date. Then from the new folders, I found another link to another server which contains the new software sets for this upgrade. Now, this will contains the binaries for the antivirus. I almost thought that I would reconsider breaking the antivirus and reinstalling it back using these binaries. Until I saw a very obvious file in the root directory.  It sound like jackpot. In fact, there is even a file call “ChangePasswordforXXX.exe” lying around there for the picking. Bingo.

So, this is a exe file. I would like to break it apart using IDA Pro or other debugger, but just throwing at a long shot, I thought I would start with a text editor instead. Based on my experience, most people do not encrypt or even obfuscate their binary. I had been able to break many applications and website basically because the binaries is not protected. Again, this enables me to accomplish what I did. By looking through the binary file, I notice this is a simple WISE installation binary. Yes, actually I already knew that when I saw the icon. They did not even bothered to change it. WISE has tendency to leave some of the configuration in clear text even when it is compiled into a binary. That is the reason why I saw the things I saw without even the use of a debugger. Somewhere in the file, I saw the password I was looking for. In fact, I did not even really take a look at the file, I simple do a search for “password” and I am brought to that offset in the file.

The password was long, complex and consists of alphanumeric with upper and lower case and symbols. But it is just another password hacked by me today.

As an added bonus, I even got hold of an additional password in the file just right below it. It is the encryption password for the harddisk. I haven’t figured out how I could use it, but I guess it will probably be useful, someday.

Who Reset My Password

Today I am going to talk about yet another simple and effective hack. This time, we are going to go into the scenario of grabbing password from forums, portals etc. Imagine this scenario. You are user A and you want to get into user B's account. We can safely assume that User B's email is inaccessible, otherwise, we all know we do not have a problem then.
Suppose as A, I decide I wanted to go reset my password instead. More often than not, it will be sent to A's email address, a link that enable user A to reset my password. In other times, they may even allow other means as well such as mobile phone or messenger, but the concept is still pretty much the same, except it just complicate the trace hiding part sometimes.
Now, after A check the email and a link will appear. If the link is embedded in HTML, uncode it and look for something like this:

uid=12314800&uname=xxxxxxxx&mail=yyyyyyyy

Now. isn't that cute. But what we are interested is the UID most of the time. And I don't need to point finger at what sort of program usually have this type of parameters. Now comes the interesting part. I have a link for A to reset A's password, but what if I CAN reset B's password instead? OK, this is where the complication may or may not help. Basically what you are interested is to obtain B's UID. To my surprise, it's something more easy than you think. Some portal, you will even be able to get that from the "reset password" page, while others, its just a matter of keying in the password incorrectly once on the login page.

Now, lets UID replace. Note that if the site uses some sort of hash check on the URL, this is probably not going to work. But then again the hash is usually going to be a combination of the parameters plus some unique identifier, with some luck, you might even be able to break the hash. In one case I encounter, the hash is basically the whole URL excluding the hash=ZZZZ parameter right at the end.

Assuming its not, replace B's uid with A's uid and you are sent to the password reset page. Go ahead and don't be shy about it. After which, go back to the login page and log into B's account successfully. And B may or may not even know the password had been changed.

You may laugh and think the hack is silly. 10 sites I saw and 10 I entered within last 3 days is not so laughable. If you maintain a portal, I think you should re-look at your password reset workflow seriously.

DVDFab and BD-RE

I had just recently gotten a Blu-ray write finally. Now, say goodbye to my DVD writable, or so I thought. While Data and other files has absolutely no problem with a BD-R or BD-RE (Yes, I do not know why, but they decided BD-RW doesn't sound good), it becomes a complication when it comes to the media like music and movies.
Lets leave the AudioCD part out of these, since its still in the legacy CD format. Take a look at DVD. I had always used DVDFab to "squeeze" DVD9 into DVD5 and it works like a charm. Lose some sound quality, but the video is usually 100% well kept. (Yes, don't we all hate the FBI notice delay and ads and to be honest, I think DVDFab should sell this as their prime point. Not sure if the FBIs are so happy about it though.
OK, this is where I am finally going to talk about why we can't do without DVDFab for Blu-ray. I had check out many (Yes, about 10 or so) who claim they can squeeze a Blu-ray without (much) loses. WEll, before that, let me stress that most Blu-ray out there simply are dual layers. Well, not that you get great quality or something, there are usually about 29GB (Single layer only houses 25GB) and I can't help thinking, they had done it on purpose so that people cannot copy it 1-1. And for me. BACKUP is a must. Especially when you own a Blu-ray, you would share with friends (and god knows, maybe even their dogs) all over. I do not want to have to pay almost USD40 and then, well own a very expensive coaster. So I insist on backing up my Blu-ray.
Well, why not buy a BD-RE DL? Yes, why not? It's just about 8X the price of the single layer! This is where DVDFab comes in. In most of my "test" (I own the Blu-ray by the way!), most of the "Extra" bytes comes from the previews or additional language tracks. And in Blu-ray, audio track is crazily large, especially when they are in 7.1 Digital or something. It's crazy! And I don't really care about the Russian language, for example. So these goes and all done nicely by DVDFab. In fact, I do not really even need to give up on quality on most of the movies. So its like 1080p, without some audio and definitely without FBI warnings and previews (by the time I watch these preview, the show is probably out anyway). And all this via DVDFab.

The current DVDFab comes with 2 major version, version 9 comes with the newer interface, but I prefer the old interface more like the above. There is a trial version which you can try for 30 days and decide for yourself if you want to buy it.

Check it out at:

http://www.DVDFab.com

Last, but not least, DVDFab does not require AnyDVD or other decrypter to decrypt the content of the DVD or Blu-ray! So, that's a bonus!

Well, I do not work for DVDFab in case you are wondering and there is no referral bonus or anything from my link.

Windows Update Unlocked and Manual Trigger

Ever seen this before? Well, this is an old version of Windows, but it would look somewhat similar when you have policies that preset and prevents you from doing a Windows Update. Usually there is nothing you can do about it and hope that you will eventually get the patch, thanks to your company, but if you are the owner of this machine and has admin rights, then read on.

Usually this is caused by GPO or similar policies preventing you from updating. Or you are not in the administrator group. To solve the GPO, you will need to fire up regedit.

1. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU. 
2. Delete the keys AUOptions and NoAutoUpdate.
3. Go to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate.
4. Delete the key DisableWindowsUpdateAccess.

Alternatively, you can also use the Group Policy Editor. 

1. Fire up GP Editor by running "gpedit.msc" in command prompt.
2. Go to Computer Configuration\Administrative Templates\Windows Components\Windows Update.
3. Set "Configure Automatic Updates" to "Not Configured".
4. Got to User Configuration\Administrative Templates\Windows Components\Windows Update.
5. Set "Remove Access" to All  and "Windows Update features" to Not Configured.

On server, you may be able to run "gpupdate /force" to restart the policies, but a reboot is one sure way to get it done.

Next, we sometimes wants to fire up Windows Update and do a on demand update. But in a company wide deployment, often you will get a no access page at Microsoft because the Windows Update Server is set to local. So, here is the way to get it done, via script of in command prompt.

You can skip this steps sometimes, but I find that the sure way to trigger the update is sometimes to shutdown and restart the Windows Update Service like this:

net stop wuauserv

net start wuauserv

After this, you can start the actual trigger to Windows Update:

wuauclt /detectnow

This should make the yellow shield at the tray pops up. You may want to see a update status by:

wuauclt /r /ReportNow

This will communicate with the update server and takes a few minutes. 

And when something does crap out, there is always a very detail log in %systemroot%/WindowsUpdate.log. You will find all your problems inside be it wrong server, connection timeout etc.

Now, the above can definitely be put into a script to be run by schedule and you have your own "Automatic Update" so to speak. Have fun updating Windows (and other Microsoft Products)

FLV to MP# Convertor

Today, I transferred approximately 200 music files into my mobile phone, but when I tried to play them, only 30-35 files were showing up in the media player.  After a quick check, I found that the player in my mobile phone can only play WAV and MP3 files.  When I looked at the files, they were mostly in FLV format. 

 

 So, quickly done a search on the Google and found this tiny tool, which is just 500KB.  It is really an amazing tiny application, which took less than half a minute to install and only few seconds to convert all the 170 FLV files into MP3.  Quality remained intact.

Download FLV2MP3 converter (on Ziddu), install it, and when you run it a small window will appear.  Just drop your files onto it and it will convert it to MP3 and stores in the same directory with the same file name.

How to restore the Windows XP bootloader

I have searched the Internet if there is any solution and what everyone was to use the Windows XP CD to repair it. Once we boot into the XP CD, we need to type “fixmbr” into recovery console to repair it. So, I digged the net to see if there is a simple solution and came with this. It worked for me great and there is no need to have XP CD. Follow these steps and you are done.

• Right click on “My Computer” and click “Properties” which is at the end of the menu.
• Select the “Advanced” tab from the list of tabs. Then, click “Settings” button in the “Startup and Recovery” section at the bottom.
• It will open up a new window and then click “Edit” button, which will load boot.ini in notepad where you can edit it.

A normal boot.info file look like this:

[boot loader] timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional”/fastdetect

Though I have uninstalled the Ubuntu, the boot.ini was looking like this:

[boot loader] timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional”/noexecute= optin/fastdetect

c:\wubildr.mbr=”Ubuntu”

I have just copied the normal boot.ini code into the boot.ini, saved it, and restarted. Voila…..I got rid of the nagging dual boot window.  Below are the screenshots to guide you visually.

Free mobile video converter – XMedia Recode

last week, I was downloading and testing few best mobile video converters available on the net. After a day of testing, I found that XMedia Recode is the best video converter that can convert videos for almost all mobiles. It has a list of mobile brands and models to select and it will convert the video compatible for that model. Best of it, it is a free software.

 

Once you installed it, click open file and select the video to be converted for your mobile. Then, in “Profile,” select the brand of your mobile and in the below list, select the model of your mobile. Then, click on the “Add Job” button in toolbar. Then, the “Encode” button will active and click it to convert. It also has an option to shut down the system automatically when the conversion completes.

You can also use it for normal video conversions. Choose the profile name “Custom” and you can see more than 20 types of formats you can convert your video into.

It can convert for Acer, Apple, Archos, Asus, BlackBerry, Cowon, Creative, Elson, Epson, Garmin-Asus, Hauppauge, HTC, Hyundai, Intenso, iRiver, LG, Loewe, Motorola, Nikon, Nintendo, Nokia, O2, Palm, Phillips, Pocket PC, Samsung, SanDisk, Sony Ericsson, Sony, Sony PlayStation 3, PSP, Toshiba, T-Mobile, Vodafone, Western Digital TV Box, Xbox, Zune, and YouTube (as of version 2.2.4.2).

How It is possible to make Inkjet printing cheaper and cost-effective

Everybody knows that cartridges are very costly. Keeping that in my mind, I have started doing homework before purchasing one. Went to eBay and searched for compatible cartridge prices of different brands (they are cheaper than original cartridges). Cannon and Epson had cheap compatible cartridges.

While searching on eBay, I came across a listing of refillable cartridges for Epson. That listing instantly attracted me. It costs around Rs.600 for four cartridges (CMYK) and all comes with plastic lids, which you can open and fill the ink “n” number of times. eBay also has a listing of CISS (Continuous Ink Supply System) for various printer models of Epson, which makes printing cost dirt cheap.

Looking at these options, I settled down with Epson. I then did my research for an Epson All-in-one model, which is cheap. Epson Stylus TX121 was the cheapest and better one. Then, visited all the online e-commerce sites and found that IndiaPlaza offer is lowest. After applying a coupon code, I got it at Rs.2600 (MRP Rs.3999).
If you are using original cartridges, color print costs anywhere from 4-8 rupees for an A4 print (photo), black costs Rs.1-3 (depends on the brand). If you are using compatible cartridges, you can cut the price to half.

Refillable 73N cartridges with four color bottles of 100 mL each cost Rs.1050 on eBay. Only ink costs Rs.700, which you can use to fill all the cartridges 10 times. Assuming that one fill prints 300 prints (black and color), it will give a total of 3000 prints, which makes the cost per print 24 paise. If you are only printing black, then it becomes very, very cheap.  

You might have doubt that these inks will damage the printer head, but think, two or three sets of original cartridges cost is equivalent to your printer. I have already experimented with my printer and the quality of print is same as that of original ink. What all you need to keep in mind is to purchase products from eBay Power Sellers and seller with good feedback. They tend to sell good products to maintain their feedback.

PS: Epson Printer with Ink Tank System is available at Rs.6800 on eBay.

How to stop Telemarketing Calls

I hope you have enjoyed my previous post on funny telemarketing calls.  This post will guide you on stopping telemarketing calls.   After I got the credit card, these annoying calls have increased in number. I was aware of “National Do Not Call Registry,” but never tried it. As the calls increased to 4-5 a day, I registered for NDNC and surprisingly never received a marketing call thereafter. 

What is “National Do Not Call Registry” ?

The NDNC Registry is a database having the list of all telephone numbers of the subscribers who do not want to receive Unsolicited Commercial Communication (UCC). Telephone subscriber (Landline or mobile) who does not wish to receive UCC, can register their telephone number with their telecom service provider for inclusion in the NDNC or directly as mentioned below. Telecom Service Provider shall upload the telephone number to the NDNC within 45 days of receipt. The telemarketers will have to verify their calling telephone numbers list with the NDNC registry before making a call.

How to register for it?

 
Dial 1909 or SMS to 1909 with message ‘START DND‘ (remove quotes).

Register for it and get rid of annoying telemarketing calls.

Do Not call Registry of other countries:

Do Not Call Registry is also maintained by several other countries.  Below is a list of countries and their websites to help the international visitors/subscribes of my blog.

USA: https://www.donotcall.gov/
Australia: https://www.donotcall.gov.au/
Canada: https://www.lnnte-dncl.gc.ca/index-eng
NewZealand:http://www.nzma.simplicitycrm.com/editors/content.aspx?config=NRR_DoNotCall
UK: http://www.mpsonline.org.uk/tps/

How to know from where the junk SMS has come from..

I always wondered what those two letters added to the sender name of a bulk/junk SMS refers to, like TD-ICICIBANK, BD-FORTUNE, etc. These days, the junk SMS has become a pain and I get unsolicited spam SMSes from Vastu consultant, Astrologer, Real Estate agents, LIC agents, which I have not opted to receive. Today, an article in Times of India says that these junk SMSes have reached an astounding number of 100 million a day sent throughout the country. As the SMS cost has become so cheap, it has become a low-cost marketing trick to reach the targeted customers. 

As per TRAI, every bulk SMS must have 2 letters as initials: the 1st letter stands for the service provider sending SMS and the 2nd for location eg, TD is Tata Delhi, BD is BSNL Delhi, etc.

This is the complete chart:
 

Service Provider	Code
Aircel	D
Airtel	A
BSNL	B
BPL Mobile	L
Loop Telecom	L
Idea Cellular	I
MTNL	M
Reliance Comm	R
Reliance Telecom	E
Spice Comm	P
Tata Teleservices	T
Vodafone	V

So, now you can find out the origination of bulk SMS using the above chart. If you are getting huge number of bulk SMS daily, register for National Do Not Call Registry and see if it can be of help.

Adobe Reader direct download

I already dumped Adobe Reader for Foxit Reader as it is tiny in size, runs fast, and consumes less system resources. Today, I was checking a mutual fund consolidated statement, which was not opening in Foxit as it was intended to be opened only in Adobe Reader. So, I went to Adobe Reader website to download it. I was browsing through Firefox. It downloaded a plugin called “Adobe DLM” to download the reader. It asked me to restart the Firefox and then started downloading McAfee Scanner without my permission, installed it, and then started downloading Adobe Reader. It looked to me nonsense. Why the hell we need the plugin and a virus scanner just to install the Reader.

So, I did a search on the Internet and found the direct FTP link to it. I thought it would post this direct link for the people to download easily without going through the hassles of plugins and scanners. Here you go:

Go to ftp://ftp.adobe.com/pub/adobe/reader/

Click on your respective operating system. Hint: win for Windows. Then, select the latest version. At the time of this writing, the latest version is 9.x. Then, the latest release. Again, at the time of this writing, the latest release was 9.4.0. Click on that and then, select you language. For English, select en_US. You can download either EXE file or MSI. EXE is smaller in size, so it will be the best option.

I have Deep Freeze installed in my system, so after installing Adobe Reader and reading the Adobe-only Mutual Fund Statement, I just restarted my system and it went back to its earlier state making it Foxit Reader-Only system

free Audio File Joiner and Converter

Today, I had to join around 20 .wav audio files into one. I have downloaded few free software and tested. The best one I have chosen is All Free mp3 Joiner with lots of options. It can convert files between various formats. Even, you can merge audio files of various formats and convert them into one format at a click. It can export the files into .wav, .ogg, .mp3, .wma. You can also change channels, sample rate, and bit depth. You can drag the files up or down to rearrange the order.

Get it here: http://www.allfreevideoconverter.com/freemp3joiner/index.html

TXT to RTF and HTML Converter

Found this tiny (600KB) piece of software that can convert TXT files to RTF and HTML files. It is called Docfrac. It is an Open Source, free software. It can converter a single or a batch of files at a go. It also has the ability to converter vice versa too.
Conversion Formats

• RTF to HTML
• RTF to TEXT
• HTML to RTF
• HTML to TEXT
• TEXT to RTF
• TEXT to HTML

I came across number of bulky software costing anywhere from $30 to $150 before landing on this open source project. Thanks to the developer
Get it from the SourceFourge project page: http://sourceforge.net/projects/docfrac/ or Click Here.

Increase system volume - Free

I have been noticing that one of my systems’ volume is very low compared to the other. I have checked all the settings to increase it, but in vain. Then, done a search for the freeware tools to increase the volume and found this little software, which found that I am using only half of the volume of my system. The volume controls were showing wrongly as full.

This software is called VolumeTouch, which primarily aims at increasing and decreasing the system volume using the keyboard and mouse. You can assign a specific key combination to initiate the control and then using arrow keys or mouse scroll, you can control the system volume.

But, the interesting thing was when I double clicked the tray icon of VolumeTouch, it opened Master Volume showing the exact volume I was using.  So, if you think your system’s volume is low, you can try this software and see whether it is the maximum you can get.

Software: VolumeTouch Site URL: https://notendur.hi.is/antoni/volumetouch/ (showing “Not Found” error at the time of writing) Download: Click Here

I see a lot of newbie webmasters asking how to know whether a link is DoFollow or NoFollow in the webmaster forums.  Some people say just see the source code to see whether there is a “NoFollow” attribute to the link.  If it is not there, it is a DoFollow.  But what if you are checking a group of websites for link building.  It is tedious and time taking task, right!'

 

What is DoFollow attribute?
It is a hyperlink attribute which tells search engines not to pass any significance or value to the outbound links.  If your site has a Google Pagerank (PR) of 5 and a DoFollow link goes to another site, which has zero PR, it is going to get some PR when Google updates the Pagerank.  NoFollow also prevents spammers spamming the high PR sites with their spam links.

So, what is the easy way to check whether a site is DoFollow or NoFollow easily?  Here comes the tiny Firefox plugin, NoDoFollow, which makes it pretty easier.  Get the plugin here: https://addons.mozilla.org/en-US/firefox/addon/5687

Once, it is installed you can see the option of “NoDoFollow” in the right click context menu.  Now launch a webpage, right click, and select the option.  That’s all, the plugin will turn all the DoFollow links to light blue and NoFollow links to light red.  It is so simple.  Isn’t it!

Saving Private Hard Disk

Today I am going to talk about something which gives us nightmares. Yes, even with the most sophisticated preparation, it is still bound to happen sooner or later - Hard Disk Failure. Let start this a few weeks back. While slipstreaming a XP Disc, I found that my hard disk was particularly slow. In fact, it even stalled at some point. I know I had a WD Green HDD which is not really state of the art in terms of speed, but I should not be expecting the HDD to stall anyway.
So, I check my SMART statistic via my Hard Disk Sentinel. While this program doesn't fix anything, it does tell you what happened on your HDD on the hardware level. In this case, I see a huge number of bad clusters detected and there had been a lot of relocation as a results. This is a good tell tale sign the HDD is going to fail or at least you will lose data if you do nothing about it.
If you are interested in getting Hard Disk Sentinel, it can be purchased here: http://www.hdsentinel.com/
Now, I am going to talk about 2 tools which I have in mind. They are :

1. Spinrite 6 ( http://www.grc.com/spinrite.htm )
2. HDD Regenerator 1.7.1 ( http://www.dposoft.net/ )

Spinrit 6 is the latest version, but for HDD Regenerator, there is a 2011 version which actually works in Windows. Since I did not have that, I have to fall back to the good old DOS version 1.7.1. The main differences for these programs are as follows:

1. Spinrite can process ONLY your data area and leave those empty spaces alone. This is good enough if you want to recover the data and go RMA / Exchange the HDD.
2. HDD Regenerator processes ALL of the HDD area including empty spaces. This is good if you plan to KEEP the HDD since checking the empty space will preempt any possible failure in the future in those area.

I prepared for the worst and go for option 2 anyway although it took much much more time. Also considering that HDD Regenerator saved my ass once in:

http://nemesisv.blogspot.com/2006/12/hd-regenerator-vs-spinrite.html

HDD Regenrator will take a considerable time, but here is where paying for a Raptor pays out. The RAW speed of your HDD is what counts here. It is also rare that HDD Regenrator cannot read out and relocated the data unless the HDD is really gone BAD in a very bad way. In which case, you should savage whatever you have and RMA the HDD. 

Needless to say, the HDD was saved, and the bad cluster counted also return to normal as checked in SMART. It could be just magnetic retention problem. But I guess I was lucky. But in this case, maybe using Spinrite would had saved me some time. 

I would know many readers will think that it is really expensive considering they cost about USD$80-100 raw. And I also know that there are many so called "cracked" editions of these software floating around. You know that I do not encourage piracy and I won't here. Think about this. It is your data which matters. Will you trust a "cracked" version of the program which may have a chance that it is damaged or even worsed trojanized. Instead of saving your data, it can corrupts it or send it out somewhere. I think I will not take the risk even if it is slim. When it comes to data, I will deem it as priceless, so USD$100 is nothing compared to it. Well, if you really want to be cheap about it, you can share it with a friend or even better, buy a different one each so that you can compare. 

These tools are life saver when shit happens. And all we can hope is that day does come (too often).