How To Get Top Ranking, Search Engines

The tutorial is all about getting your site listed on top in Search Engines i.e Search Engine Optimization

First thing you need to do is find the keywords you want to optimize for.

There is great tool by Overture (/http://inventory.overture.com/d/sea...ory/suggestion/)

But I would suggest using this free tool called GoodKeywords (/http://www.goodkeywords.com/products/gkw/)

This one does the same job as Overture does but it also supports other Search Engines (Lycos and Teoma etc..)

For example if you want to optimize for the keyword "tech news", just search for the keyword in any of the tools specified above... It would show you keywords related to that and not of the searches..

Pick the keywords which are related to your site.

For example when you search for "Tech News" you'll see the following results:

Count Search Term
11770 tech news
351 itt news tech
191 high tech news
60 news tech texas
49 computer tech news
42 bio news tech
34 in itt news tech
30 news tech virginia
29 asia news tech
25 hi tech news
25 sci tech news

Now see what other terms are related to your keyword technology news

Do couple of searches like that and note down around 15-20 keywords.
Then, keep the keywords which are searched most on the top.

Now you need Title Tag for the page.

Title tag should include top 3 keywords, like for "tech news" it can be like :

"Latest Tech News, Information Technology News and Other computer raleted news here."

Remember that characters should not be more than 95 and should not have more than 3 "," commas - some search engines might cosider more than 3 commas as spam

Now move on to Meta Tags

You need following Meta Tags in web page

<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META name="keywords" content="keyword1,keyword2,keyword3">
<META name="description" content="brief description about the site">
<META name="robots" Content="Index,Follow">


No need to have other meta tags like abstract, re-visit and all, most people dont read it.

Now...

<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

This tag is tells content type is html and character set used it iso-8859-1 there are other character sets also but this is the one mosty used..

<META name="keywords" content="keyword1,keyword2,keyword3">

This one should have all your keywords inside starting from keyword with most counts...

keyword tag for our example would be something like :

<META name="keywords" content="tech news,technology news, computer technology news,information technology,software news">

Remember to put around 15-20 keywords max not more than that. Dont repeat keywords or dont put keywords like, "tech news", "info tech news", "latest tech news" and so on...

<META name="description" content="brief description about the site">

Provide short decription about your site and include all the keywords mentioned in the title tag.

Decription tag should be:

<META name="description" content="One Stop for Latest Tech News, Information Technology News, Computer Related and Software news.">

It can be upto 255 characters and avoid using more than 3 "," commas

<META name="robots" Content="Index,Follow">

This is used for search robots..following explanation will help you :

index,follow = index the page as well as follow the links
noindex,follow = dont index the page but follow the links
index,nofollow = index the page but dont follow the links
noindex,nofollow = dont index page, dont follow the links
all = same as index,follow
none = same as noindex,nofollow

Now move on to body part of the page

Include all top 3 keywords here,
I would suggest to break the keyword and use it...

For example

YourSiteName.com one stop for all kind of Latest Tech News and Computer Related information and reviews.................

Include main keywords in <h#> tags <h1><h2> etc..
and start with <h1> and then move to <h2> <h3> etc..

<h1> tag will be too big but CSS can help you there, define small font size in css for H1,H2,... tags

When done with page copy, then you need to provide title and alt tags for images and links.

Use some keywords in the tags but dont add all the keywords and if not neccessary then dont use keywords in it, basically it should explain what is image all about.

Remember to add Top keyword atleast 4 times in the body and other 2 keywords thrice and twice respectively.

Now move on to Footer Part
Try to include top keywords here and see the effect, use site keywords as links i.e.

<a href="news.php">Tech News</a> <a href="software-news.php">Software News</a> etc..

Now finally, you need to read some more stuff..may be you can all it as bottom lines...

Site Map - This is page where you need to put all the links present in your site, this is will help Search Engines to find the links easily and also provide link for site map in footer, as search engines start scanning the page from bottom.

Robots.txt - This file contains address of directories which should not be scanned by search engines.. more info can be found here : /http://www.robotstxt.org/wc/exclusion.html search engines line google, yahoo ask for robots.txt file.

Valid HTML - Your code should have valid html and doc type, Its kind of diffucult to follow all the standards but you can atleast open and close all the tags properly, you can check your page's html online here : /http://validator.w3.org/ or you can use this free software called HTML Tidy : /http://tidy.sourceforge.net/

All done now, you just need to check your site with this script, its called SEO Doctor : /http://www.instantposition.com/seo_doctor.cfm

It'll show you the report of your site with solution.

Now, correct the errors and start submitting the site :

Start with google : /http://google.com/addurl.html
then yahoo : /http://submit.search.yahoo.com/free/request
then move to altavista,alltheweb and other search engies..

Also submit your site to direcories like /http://dmoz.org , /http://jayde.com etc...
Dmoz is must, as google, yahoo and may more search engines uses same directory

And remember, dont try to SPAM with keywords in these directories, dmoz is handled by Human Editors

Submitted the sites, but still i cant see you site on top?

Wait for sometime may be a month or so but keep an eye on your search term, use /http://GoogleAlert.com - this will show whenever google updates for your keywords, it will mail you the new results.

And also check whether your site is listed on google..
use this tool called Google Monitor, it can be downloaded for free from : /http://www.cleverstat.com/google-monitor.htm

6:02 PM | 0 comments | Read More

Anonymity of Proxy

The exchange of information in Internet is made by the "client - server" model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, ...)
IP-address of a client
Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

According to how environment variables "hided" by proxy servers, there are several types of proxies
Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies

These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!

5:47 PM | 0 comments | Read More

How to find a remote IP?

Method 1

To view someone's IP# when they send you hotmail email do this:
1) Click "Options" on the upper right side of the page.
2) On the left side of the page, Click "Mail"
3) Click "Mail Display Settings"
4) Under "Message Headers" select "Full" or "Advanced"
5) Click ok

Method 2
reg a dydns account and install the ip pointer, so each time you ping the host name you regestored

for example:
you regestor the host name myhost.dydns.com, then you keep a little software running on the target host. The little software will keep update your IP to dydns.com server.

so at your pc just start cmd, and ping myhost.dydns.com, it will give you the most updated ip address.

Method 3
neverender, what doesn't work for you? Simply type in nc -vvv -l -p 80 on your box, which will set it to listen in verbose mode on port 80. Then give them a link to your IP address (for example: 111.111.111.11) and tell them to type it in their browser. The browser should resolve the address as well as append port 80 automatically. Just make sure that your friend is not very computer literate.

Method 4
Just download a very simple server such as this one and install it on your comp. Then run it and give your ip to the person you want and tell them to connect to it through a browser. Your server will log their connection and you will get their IP.

link:http://www.download.com/Abyss-Web-Server/3000-2165-10283992.html?tag=lst-0-6


Other Ways
-www.imchaos.com and make a "spy poll" to put in ur profile, this will tell u the IP of anybody who answers ur poll
-originalicons.com there is a page for doin it (i dont like it, but it works)
-or irc


Here is a more detailed tutorial about using NetCat.

http://www.onlamp.com/pub/a/onlamp/2003/05/29/netcat.html

Windows users can download NetCat from here:

http://www.atstake.com/research/tools/network_utilities/

4:14 PM | 0 comments | Read More

Burning Questions

When Good Discs Go Bad

Ever wonder what makes a disc bad? Here's why they vary in quality, and why you should worry about the discs you've entrusted with your data.

Burning CDs and DVDs is the easy part.

Knowing your data will be there when you go back to it days, months, or even years later--well, that's a bit harder. Not all discs are created equal, as Fred Byers, information technology specialist at the National Institute of Standards and Technology, can attest.

Byers is part of a team heading up an independent study of DVD media quality. Based on the first wave of testing results, the situation is murky at best.

"We've found the quality varies, depending upon the type of dye used to make the write-once discs and [on the] the manufacturer," reports Byers. Even discs from the same manufacturer, with the same brand, can test differently, Byers adds. "But there was more of a significant difference when you compared discs between manufacturers," he explains.

DVD Media Quality: The First Tests

In the first phase of testing, completed late last year, NIST focused on the most popular media: write-once, single-layer DVD-R and +R discs. Rewritable discs will be tested in the second phase, slated to start this fall. An interesting footnote to the study's methodology: NIST uses media purchased off store shelves and via Web sites; and while researchers are tracking the media by brand, they are not tracking the specific factory source of the media tested. For example, a given manufacturer's discs could originate from different production lines, which could account for a variation in disc quality by the same manufacturer.

Hearing that there's a difference between the generic, unbranded 100-spindle value-pack of media purchased online and the branded offerings you might find on a Best Buy store shelf is not surprising. After all, as David Bunzel, president of the Optical Storage Technology Association, points out: "With a generic product, there's no consumer recourse. It's buyer beware."

If a disc isn't properly manufactured, the consequences can be dire. At best, the disc will fail immediately during the burn process; this is a best-case scenario because then you know from the start that the disc is faulty. At worst, you may get an abundance of errors during the burn process. These errors won't interrupt the burning process, and since write-once and rewritable DVD media have built-in error correction to compensate for scratches and other abnormalities on the disc (as do their CD cousins), any errors will be virtually invisible to you. You'll only know they're there if you use a disc diagnostics program, such as those offered by Ahead Software or Plextor. Nor will these errors affect the playback of the disc--initially.

Down the road, however, such invisible-to-the-eye errors can reduce the effectiveness of a DVD's built-in error correction so that if some other issue develops on your disc, such as a scratch, you could end up with an unreadable disc when you go back to it months or years later.

But what would cause such a wide disparity in media quality between branded discs from the same vendor?

"We don't know why it's different--it could be a different dye, it could be a different manufacturing process," notes Byers. "Manufacturers are constantly trying to improve their dye formulas--in theory improving the disc."

Nonetheless, at the same time, competitive forces are driving manufacturers to find ways to economize on production costs. And cost-cutting measures can result in discs that don't perform as well as those generated during an earlier production run, either in terms of failing outright or not burning at the maximum possible speed on a given DVD drive. "It varies over time, as the output changes," Byers says.

Brand Disparity

As for the disparity between brands that NIST found, the distinguishing factors come down to quality control and the dyes used in disc production. Declining to name names, Byers points out that "some manufacturers make their own discs, and some purchase them from someplace else--which opens you to variations in the manufacturing plant, or changes in the source [of that media]."

Vendors like Maxell and Verbatim manufacture discs on their own production lines, as do Asian manufacturers CMC Magnetics, RiData, Taiyo Yuden, and others; other name brands contract with a third-party manufacturer to produce discs to their own specs; and still others just buy third-party-produced media wholesale, without imposing their own set of quality controls on the media production.

The intricacies of disc production and quality control aren't the only variables that seem to affect media. More surprising is the number of discs that seem to have a propensity for specific hardware.

"One thing we've found in compatibility testing [of DVD-R and +R media] is that it's a relationship between a specific brand of media and the manufacturer of the hardware," observes Byers. "There was no one drive that played every single type of compatible media, and there was no one media brand that played perfectly in every drive."

And, he adds, sounding as frustrated as any consumer might, "You can't say there's a clear, delineated set of reasons as to why."

A Grading System?

One of the most common questions I hear is, "What's a good brand of media to buy?" DVD and CD media are so commonplace nowadays that it's easy to forget the complexities that go into producing them. And if anything in that production process is off, it could, in time, affect the integrity of the data you've burned to a disc.

"It's very tough to answer that kind of question, because there are so many variables," says Byers. "You don't get 100 percent yield when you manufacture these discs. We can talk about the materials that produce a good disc, but it also has to do with the manufacturing process. So, just to say the materials to look for doesn't necessarily relate to it being a better disc." The same is true vice versa.

So how can you know that the media you're using will last you for the duration, so those archived photos will still be there when you go back to a disc 20 years from now--or more?

For the moment, you can't. All DVD and CD vendors make vague claims about disc life expectancy being somewhere between 60 and 100 years--when the discs are treated with care and stored properly.

But NIST's Byers is seeking to change that. At an OSTA meeting in San Francisco this week, Byers is proposing an industry-wide grading system to indicate disc quality.

Byers is motivated by the desire to see a uniform mechanism in place to guide institutions and individuals who'll be storing data, music, videos, and images for long periods of time. "They need to be confident in their purchasing, so they can plan for their strategies in storing their information," Byers says. "Long-term storage has different meanings: For some, 30 years might be enough. For others, 50 or 75 years might be archive, or long-term, quality."

Longevity

Under Byers's proposal, a series of tests would be developed to determine whether a DVD would last for a given number of years. "If you were to purchase a disc in a store with a grade that indicates it has passed a test to last X number of years, it removes a lot of uncertainty for the consumer, and it can save some expense in premature migration [to a new storage technology], or loss of data because they waited too long [and the disc was no longer playable]," he says.

Although some archivists--both individual and professional--are concerned about whether today's digital storage mediums will be readable 50 or 100 years from now, Byers believes the bigger concern for users will be when to migrate their data to the next technology, "before the existing technology is obsolete."

The Disc Rot Myth

Media obsolescence isn't the only thing people fear after committing a personal library's worth of data to CDs and DVDs. But some worries--namely, fear of disc rot--are not fully warranted.

Like a bad seed, the myth of disc rot self-perpetuates, cropping up every now and again as a sudden and mortal threat to your copious collection of prerecorded and self-created discs.

The myth was once rooted in fact. It is true that back in the 1980s, with the first generation of prerecorded audio CDs, the edges of the discs were not always sealed properly, which allowed moisture to get into the disc. Replicated, prerecorded discs use aluminum for the reflective layer; when moisture came into contact with the aluminum on prerecorded discs, explains Byers, it in turn oxidized, causing the aluminum to become dull. "That's where the term 'rot' started," he says.

But that problem was quickly identified and overcome. "The manufacturers learned what was going on, so now the edges of discs are sealed with a lacquer," according to Byers. Though the problem is typically associated with CDs, Byers notes that the potential for interaction with oxygen is the same with both CD-ROMs and DVD-ROMs.

The so-called rot issue does not apply to recordable discs. For one thing, recordable optical media do not use aluminum; instead, they use silver, and very rarely gold, or a silver-gold alloy, for the reflective layer. "If the silver comes into contact with sulfates [i.e., pollution, or high humidity], it could affect the silver, but the likelihood of that is less than the likelihood of moisture coming into contact with the aluminum on prerecorded discs," says Byers.

Enduring Myth

The term rot has persisted, however inaccurately, as a means of identifying a plethora of problems with optical discs. "If you get a faulty disc and see a problem that you can visually see, you call it rot, but it could be the way the disc was manufactured," says Byers. "Or if it was subjected to extreme moisture and that moisture came into contact with the aluminum, it could be that the reflectivity has changed. It's not really rot, it's oxidation of aluminum. It should be a rare event on a disc, unless it's defective."

Beyond the realm of defective discs, improper handling can cause otherwise good discs to go bad. Since there's little protection between the label side of a CD and the data layer itself, "scratches on the label side can scratch the metal, and that will ruin the data," says Byers. It's not an issue for DVDs, though, since the dye layer is sandwiched between two plastic layers.

Byers observed a similar problem occurring with press-on labels: "For long-term storage, we recommend not using press-on labels on CDs; when these start to dry up, they can peel the metal right up, damaging data."

4:10 PM | 0 comments | Read More

COMMUNICATIONS PRIVACY ACT

             THE ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986

                              A LAYMAN'S VIEW

                                     by
                             Michael H. Riddle

(Copyright 1988, Michael H. Riddle.  This article may be further reproduced
and disseminated provided that no fees are charged beyond normal
reproduction costs and further provided that the following disclaimer is
included.)

DISCLAIMER: The author is not an lawyer.  This article represents one
layman's views of the background and contents of PL 99-508, the Electronic
Communications Privacy Act of 1986.  Anyone needing legal advice should
consult with the attorney of their choice.


Those of us who remember life before the Pepsi Generation can attest to the
change brought into our lives by advances in electronic technology.
Starting with the widespread use of the transistor, and continuing into the
integrated circuit, the large scale integrated circuit, the very large
scale integrated circuit, etc., electronic "miracles" have become
commonplace and cheap.  Perhaps the single best illustration of that change
is in the field of "information technology."  The advent of the personal
computer, the blurring of the lines between telecommunications and
computing, the breakup of the Bell system, and the growing technological
awareness of the general population have caused what can only be called a
revolution in the way we communicate with each other.  Not too many years
ago, we learned of world events from newspapers--today from television and
radio.  Not too many years ago we exchanged personal messages by mail--today
we telephone.  Not too many years ago, businesses in a hurry would send mail
special delivery--today they use overnight express or facsimile.  And,
increasingly, businesses and individuals use computer communications instead
of or in addition to these other means of passing information around our
society.

Anytime someone passes what they hope to be a private communication to
another, they expect that their fellow citizens will respect its privacy.
Not only do the customs of society enforce this expectation, statute laws
have been enacted to insure it.  Thus, everyone knows, or should know, not
to tamper with the mail.  Everyone knows, or should know, not to
electronically eavesdrop ("bug") someone else's telephone calls.  And
everyone knows, or should know, not to do likewise with computer
communications.

Alas, not everyone knows that.  If everyone did, we wouldn't need laws to
protect what ought to be our reasonable expectations of privacy.  Not too
long ago, the Congress of the United States passed PL 99-508, the Electronic
Communications Privacy Act of 1986.  In doing so, Congress was recognizing
the way technology has changed society and trying to react to that change.

The Act contains two main parts, or Titles.  Title I--Interception of
Communications and Related Matters, merely updates existing laws to reflect
what I've said above.  Where the law used to say you can't bug private
telephone communications, it now says you can't bug private computer
communications.  Where it preserved your right to listen in to public radio
transmissions, it preserves your right to "listen in" to public computerized
transmissions (here the Congress particularly was thinking of unencrypted
satellite television, although the law is written in more general terms).
It allows the "provider of electronic communication service" (sysops, to
electronic bulletin board users) to keep records of who called and when, to
protect themselves from the fraudulent, unlawful or abusive use of such
service.

Title II--Stored Wire and Electronic Communications and Transactional
Records Access, is the section that has caused the biggest concern among
bulletin board system operators and users.  Unfortunately, while a lot of
well-intentioned people knew that a law had been passed, most of them
started discussing it without taking the trouble to read it first.  As a
result, there has been a lot of misinformation about what it says, and a lot
of reaction and overreaction that was unnecessary.

The first thing we need to realize is that Title II adds a new chapter to
Title 18 of the United States Code (USC).  The USC fills most of two shelves
in the Omaha library.  It covers in general detail virtually everything the
federal government does.  In many places it gives departments and agencies
to pass rules and regulations that have the force of law.  If it didn't,
instead of filling two shelves it would probably fill two floors, and
Congress would be so bogged down in detail work it would get even less done
that it does now.  Of all the USC, Title 18 deals with Crimes and Criminal
Procedure.  That's where PL 99-508 talks about electronic communications.
It makes certain acts federal crimes.  Equally important, it protects
certain common-sense rights of sysops.

Under the Act, it is now a federal offense to access a system without
authorization.  That's right.  Using your "war-games dialer," you find a
modem tone on a number you didn't know about before and try to log on.  From
the way I read the law, you can try to log on without penalty.  After all,
you might not have used a war-games dialer.  You might just have got a wrong
number.  (Don't laugh, it's happened to me right here in Omaha!)  At the
point you realize its not the board you think you called, you ought to hang
up, because at the point where you gain access to that neat, new, unknown
system, you've just violated 18 USC 2701.

A lot of us are users of systems with "levels" of access.  In the BBS world,
levels may distinguish between old and new users, between club members and
non-members, or sysops from users.  In the corporate and government world,
levels may protect different types of proprietary information or trade
secrets.  Section 2701 also makes it a federal offense to exceed your
authorized access on a system.

What about electronic mail, or "e-mail?"  E-Mail has been the single biggest
area of misinformation about the new law.  First, section 2701 does make it
a federal offense to read someone else's electronic mail.  That would be
exceeding your authorization, since "private" e-mail systems do not intend
for anyone other than the sender or receiver to see that mail.  But, and a
big but, sysops are excluded.  Whoever staffed the bill for Congress
realized that system operators were going to have access to information
stored on their systems.  There are practical technical reasons for this,
but there are also practical legal reasons.  While the Act does not directly
address the liability of sysops for the use of their systems in illegal
acts, it recognizes they might have some liability, and so allows them to
protect themselves from illegal use.  Sysops are given a special
responsibility to go along with this special privilege.  Just like a letter
carrier can't give your mail to someone else, just like a telegraph operator
can't pass your telegram to someone else, just like a telephone operator
overhearing your call can't tell someone else what it was about, so sysops
are prohibited from disclosing your e-mail traffic to anyone, unless you (or
the other party to the traffic) give them permission.

Common sense, right.  So far all I think we've seen is that the law has
changed to recognize changes in technology.  But then, what about the
police?  If they can legally bug phones with a court order, if they can
legally subpoena telephone records, what can they do with bulletin boards?
Pretty much the same things.  The remaining sections of the Act go into
great detail about what the police can do and how they can do it.  The
detail is too much to get into in this article, and I would suggest that if
a sysop or user ever needed to know this information, that would be a case
when they ought to be seeing their attorney.  I will give a couple of
details, however:  if a sysop is served, they can be required to make a
backup copy of whatever information is on their system (limited, of course,
to that listed in the warrant or subpoena).  They must do this without
telling the persons under investigation.  They do not at this point,
generally, give the police the records.  They just tell the police that its
been done.  Then, the courts notify the user that this information has been
requested and the user has a chance to challenge it.  Eventually, after it
all gets sorted out, the information goes to the police or is destroyed,
whichever.  Again, if a sysop or user ever finds themselves in this
situation, don't rely on this article--see your lawyer.  And, see him/her
soon, because the Act imposes time limits.

If the Act makes all of this stuff federal crimes, what penalties does it
establish?  Again, generally, there are two cases.  The first is the one
most BBS operators and users will be concerned with.  "A fine of not more
than $5,000 or imprisonment for not more than six months, or both."
Actually, in the law, that's the second case.  The first is where businesses
were conducting industrial espionage--"for purposes of commercial advantage,
malicious destruction or damage, or private commercial gain."  In this case,
"a fine of not more that $250,000 or imprisonment for not more than one year,
or both, in the case of a first offense," and "a fine or imprisonment for not
more that two years, or both, for a subsequent offense."

What all this has said is that the federal criminal code now protects
electronic communications the way it previously protected written ones.  It
understands that mailmen, physical or electronic, have access to the mail
they carry, so it tells them not to tell.  It sets up some hefty penalties
for those who don't take privacy seriously enough.   And finally, it sets up
procedures for the contents of bulletin board and other electronic systems
to be sought for official investigation.  This is, of course, one layman's
opinion.  As long as the reader doesn't have criminal intent or hasn't been
served with some type of request for system records, it's probably adequate.
If, however, the reader finds him/herself confronting the law "up close and
personal," then this article should be noted for one and only one piece of
advice: see a lawyer, and soon!

4:04 PM | 0 comments | Read More

DirectX explained

Ever wondered just what that enigmatic name means?

Gaming and multimedia applications are some of the most satisfying programs you can get for your PC, but getting them to run properly isn’t always as easy as it could be. First, the PC architecture was never designed as a gaming platform. Second, the wide-ranging nature of the PC means that one person’s machine can be different from another. While games consoles all contain the same hardware, PCs don’t: the massive range of difference can make gaming a headache.

To alleviate as much of the pain as possible, Microsoft needed to introduce a common standard which all games and multimedia applications could follow – a common interface between the OS and whatever hardware is installed in the PC, if you like. This common interface is DirectX, something which can be the source of much confusion.

DirectX is an interface designed to make certain programming tasks much easier, for both the game developer and the rest of us who just want to sit down and play the latest blockbuster. Before we can explain what DirectX is and how it works though, we need a little history lesson.

DirectX history
Any game needs to perform certain tasks again and again. It needs to watch for your input from mouse, joystick or keyboard, and it needs to be able to display screen images and play sounds or music. That’s pretty much any game at the most simplistic level.

Imagine how incredibly complex this was for programmers developing on the early pre-Windows PC architecture, then. Each programmer needed to develop their own way of reading the keyboard or detecting whether a joystick was even attached, let alone being used to play the game. Specific routines were needed even to display the simplest of images on the screen or play a simple sound.

Essentially, the game programmers were talking directly to your PC’s hardware at a fundamental level. When Microsoft introduced Windows, it was imperative for the stability and success of the PC platform that things were made easier for both the developer and the player. After all, who would bother writing games for a machine when they had to reinvent the wheel every time they began work on a new game? Microsoft’s idea was simple: stop programmers talking directly to the hardware, and build a common toolkit which they could use instead. DirectX was born.

How it works
At the most basic level, DirectX is an interface between the hardware in your PC and Windows itself, part of the Windows API or Application Programming Interface. Let’s look at a practical example. When a game developer wants to play a sound file, it’s simply a case of using the correct library function. When the game runs, this calls the DirectX API, which in turn plays the sound file. The developer doesn’t need to know what type of sound card he’s dealing with, what it’s capable of, or how to talk to it. Microsoft has provided DirectX, and the sound card manufacturer has provided a DirectX-capable driver. He asks for the sound to be played, and it is – whichever machine it runs on.

From our point of view as gamers, DirectX also makes things incredibly easy – at least in theory. You install a new sound card in place of your old one, and it comes with a DirectX driver. Next time you play your favourite game you can still hear sounds and music, and you haven’t had to make any complex configuration changes.

Originally, DirectX began life as a simple toolkit: early hardware was limited and only the most basic graphical functions were required. As hardware and software has evolved in complexity, so has DirectX. It’s now much more than a graphical toolkit, and the term has come to encompass a massive selection of routines which deal with all sorts of hardware communication. For example, the DirectInput routines can deal with all sorts of input devices, from simple two-button mice to complex flight joysticks. Other parts include DirectSound for audio devices and DirectPlay provides a toolkit for online or multiplayer gaming.

DirectX versions
The current version of DirectX at time of writing is DirectX 9.0. This runs on all versions of Windows from Windows 98 up to and including Windows Server 2003 along with every revision in between. It doesn’t run on Windows 95 though: if you have a machine with Windows 95 installed, you’re stuck with the older and less capable 8.0a. Windows NT 4 also requires a specific version – in this case, it’s DirectX 3.0a.

With so many versions of DirectX available over the years, it becomes difficult to keep track of which version you need. In all but the most rare cases, all versions of DirectX are backwardly compatible – games which say they require DirectX 7 will happily run with more recent versions, but not with older copies. Many current titles explicitly state that they require DirectX 9, and won’t run without the latest version installed. This is because they make use of new features introduced with this version, although it has been known for lazy developers to specify the very latest version as a requirement when the game in question doesn’t use any of the new enhancements. Generally speaking though, if a title is version locked like this, you will need to upgrade before you can play. Improvements to the core DirectX code mean you may even see improvements in many titles when you upgrade to the latest build of DirectX. Downloading and installing DirectX need not be complex, either.

Upgrading DirectX
All available versions of Windows come with DirectX in one form or another as a core system component which cannot be removed, so you should always have at least a basic implementation of the system installed on your PC. However, many new games require the very latest version before they work properly, or even at all.

Generally, the best place to install the latest version of DirectX from is the dedicated section of the Microsoft Web site, which is found at www.microsoft.com/windows/directx. As we went to press, the most recent build available for general download was DirectX 9.0b. You can download either a simple installer which will in turn download the components your system requires as it installs, or download the complete distribution package in one go for later offline installation.

Another good source for DirectX is games themselves. If a game requires a specific version, it’ll be on the installation CD and may even be installed automatically by the game’s installer itself. You won’t find it on magazine cover discs though, thanks to Microsoft’s licensing terms.

Diagnosing problems

Diagnosing problems with a DirectX installation can be problematic, especially if you don’t know which one of the many components is causing your newly purchased game to fall over. Thankfully, Microsoft provides a useful utility called the DirectX Diagnostic Tool, although this isn’t made obvious. You won’t find this tool in the Start Menu with any version of Windows, and each tends to install it in a different place.

The easiest way to use it is to open the Start Menu’s Run dialog, type in dxdiag and then click OK. When the application first loads, it takes a few seconds to interrogate your DirectX installation and find any problems. First, the DirectX Files tab displays version information on each one of the files your installation uses. The Notes section at the bottom is worth checking, as missing or corrupted files will be flagged here.

The tabs marked Display, Sound, Music, Input and Network all relate to specific areas of DirectX, and all but the Input tab provide tools to test the correct functioning on your hardware. Finally, the More Help tab provides a useful way to start the DirectX Troubleshooter, Microsoft’s simple linear problem solving tool for many common DirectX issues.

3:48 PM | 0 comments | Read More

Direct Link To Any Page You Want To In Hotmail

Direct Link To Any Page You Want To In Hotmail

This tutorial is for people that don't know how to direct link to .php pages on the web. If you are on a private computer, and don't mind auto-logging in, you will be able to access your folders much faster than going straight to hotmail.com

You will need a bit of information. Log into the hotmail main page. You will see a web address similar to the following:

http://by211.bay211.hotmail.msn.com/cgi-bin/hmhome?fti=yes&curmbox=00000000%2d0000...


It won't be exactly the same but it will be similar.

It's time to shorten this up. The only bit of information you really need is the direct web address to the server that contains your particular account. In the above example, you would just need:

CODE
http://by211.bay211.hotmail.msn.com/cgi-bin/


Just copy this section from your particular server addy in your browser's address bar.

Now that the explanation is over, these are the commands you can append to the above example to reach specific pages.

'hmhome' - MSN Hotmail - Today
'HoTMaiL' - Inbox
'HoTMaiL?&curmbox=00000000-0000-0000-0000-000000000005' - Junk E-Mail
'HoTMaiL?&curmbox=00000000-0000-0000-0000-000000000004' - Drafts
'HoTMaiL?&curmbox=00000000-0000-0000-0000-000000000003' - Sent Messages
'HoTMaiL?&curmbox=00000000-0000-0000-0000-000000000002' - Trash Can
'compose' - Compose Message
'addresses' - Address Book
'options' - Options, Duh
'options?section=mail' - Mail Options
'options?section=personal' - Personal Details
'protect?screen=filter' - Junkmail Filter
'options?section=contacts' - Contact Options

------------------------------------------------------------------------------------

Remember, you just need to place these commands directly after 'http://.../cgi-bin/' without spaces.

If you have never tried this before, it works on many websites. So, if you don't like navigating websites, and would rather do that through your web-browser, go ahead and do it.

3:43 PM | 0 comments | Read More

REVERSE CODING

----------------------
REVERSE CODING
----------------------
-----------

---------------------------
---Introduction----------

Welcome to my Reverse Coding tutorial! In this paper, you will
learn how to crack and modify your own software. I'll try to get
into as much detail as possible, yet also dumb it down a bit. =)
------------------------------------------------------------------------------------------------------
---Disclaimer------------

All information is purely for educational purposes only! The author
cannot be held responsible for any (ab)use of this information.
USE AT YOUR OWN RISK!!!
------------------------------------------------------------------------------------------------------
---Hexadecimal----------

To begin, I'm going to teach you about hexadecimal, so if you already
know it, then move on. Even if you do already know it, I suggest
sticking around for a refreshment of your memory.=)

Hexadecimal, or hex as it's more commonly known, is a base 16
numbering system. Base 16 meaning that it consists of 16 numbers:
0-9 and A-F. Each of these numbers (A-F=10-16) have a value of 4 bits
and are also called nibbles. In representing a hexadecimal number, one
would write an "0x" before the actual bit set. 0x is simply a tag put
before a hex number to let programmers know that it is in fact, hex.
When writing hex, you will not need to use this prefix.

If you haven't already noticed, the 0x prefix looks similar to that of exponential
notation. Actually this is where 0x has been derived, seeing as how
hex is simply a number that has been raised to a power of 16.
This means 10 in hexadecimal represents the value 16+0, or 16. So check
out this example:

0xB3 (hex)= 2*16(squared)+11*16(to the 1st power)+3*16(to the power of 0 )
=2*256+11*16+3=691 (decimal)

Yeah, you could do all of that, or you could be lazy and use an automated
program that does it all for you. Why do you need to know hex? Because
it's used by every piece of software and hardware. How? Memory based address
allocation. Here's an example:

When you clicked on your browsers icon to launch it, the click triggered a "call"
(an asm function that will be discussed more in depth in later chapters.) which
went back to the programs memory with the "click in it's hand." It finds the
address where the code is that makes the program launch and executes it. The
address is written in, you guessed it, hex. An example of an address would be
something like this:

101c5018

5108 would be the actual specific address and 101c would be the sector
of RAM were the address is located. Those are the basics of Hexadecimal
You should probley read this chapter againbecause getting a firm grasp on hex
is essential to cracking and moding programs.
----------------------------------------------------------------------------------------------------------
---RAM and ROM--------

In this section we are gonna learn about RAM and ROM. Many people kno about
the hardware part of RAM and ROM and that's gonna be very useful to you......
just not in this tutorial. =) We are about to learn about the "software" side. I use the
term software loosly in that software tends to have a GUI (Graphical User Interface)
and this does not. BUT, there are ways to access and modify the behavior of it that
I will talk about in this chapter, as well as in the next. To start off, I'll answer some
common questions:

What is RAM?

RAM (Random Access Memory) is basically memory and the process of accessing it.
The term "Random Access Memory" was approprietly given to this memory unit because
when executing a command, the CPU doesn't have to scroll through all the memory on
your PC until it finds the right address. It "randomly" whips out the addy from it's back
pocket and serves it up.This process is both quick and efficient. Learning this process
will help you understand the ASM functions in the next chapter.

How does RAM work?

When a command is issued and the memory is pulled from file, it must first go through
what is called a "vector". A vector is a "gateway" or a "sector" of RAM where the address
of the function is stored with others of it's own kind. An example of a vector would be
something like this:

8c0000b4-8c00ffff

This means that all "addressii" (hehe) that are between those values are stored in that
sector of RAM. A vector acts as a gateway in that, first, pass through a vector to get to
address. Your average program probley has about 30 to 40 main vectors, sectioning
off from boot until exit. Knowing the vector of an addy or a function will greatly reduce
your headache when you start searching for it.

ROM. ROM is a part of memory that doesn't change. (Although we can change it.=) )
Boot ROM for instance, follows the same plan of action it is called upon. ROM also has
vectors, just like RAM. ROM is not that important when it comes to cracking to we will
leave it alone for now.

Back to RAM. Believe it or not, but addressii (there I go again, I'm such a g33k.)
actually follow certain formats or syntax's for certain functions. Take hot keys for
example: In the under ground, we call them "Joker commands". By pressing a certain
combonation of keys, a program will run, close, be stupid, whatever. The syntax for a
Joker command is as follows:

0d-aaaaaf
000zvvvv

Let's examine this format a little closer.

0d= The proclemation of a specifyed format

aaaaa= The address of the function

f= The float or remainder; "Floating point number" ; decimal

000= "NOP" No operation

z= The "Booleon" as we the C++ programmers call it. A booleon is an "IF, THEN" statement.
"IF this is true, THEN do this." Value 0= equal; 1= different; 2=less than; 3=greater than.

vvvv= The combonation of hex values (The values of the keys pressed) used to execute the "CALL"

Say the "A" key had a vlaue of fffb and the "B" key has a vlaue of fffd. You would then add both
values using a hex calculator and get fff9 as the sum. The output on you calculator would
show 1fff8. Add the first value and the last value to find the fourth byte segment. So say
we've found the address of the Joker function (usually in the boot ROM sector) commonly
called the "Maple address" and we are ready to program in some hex code. Our code may
look like this:

0d7ae671
0000fff9

This means that IF the value of fff9 (A and B) is equal (0) to the address (aaaaf) of the function,
THEN execute it. See? Easy isn't it? You'll need to know things like this when modding programs
as a use of executing of your arbitrary code in certain parts of your program at a certain time.
Joker commands are also reversable in that if you enter the same code except with a 1,2, or 3,
in the z slot and by changing the button combonations. Reversable meaning terminating the
function or other functions that were started. A good use for this is for firewalls and babysitting
programs. Are you on a college machine and can't download stuff because of that pesky firewall?
Crack it open and program in some Joker commands so you can turn it on and off at will
WITHOUT the administrator's password!
--------------------------------------------------------------------------------------------------------------
---ASM-----------------------

To start off with our small and to the point ASM section, I'll warn you in advance, after reading this,
you'll need to go take a shower cause this is disgusting! Here we go!

To begin, I'm gonna define for you some functions that you'll be seeing alot of, and be using. Here they are:

.:Hex:. .:ASM:. .:MEANING:.

75,0f85 jne jump if not equal
74,0f84 je jump is equal
eb jmp jump directly to
90 nop no operation
77,0f87 ja jump if above
0f86 jna jump if not above
0f83 jae jump if above or equal to
0f82 jnae jump if not above or equal
0f82 jb jump if below
0f83 jnb jump is not below
of86 jbe jump if below or equal
0f87 jnbe jump if not below or equal
0f8f jg jump if greater
0f8e jng jump if not greater
0f8d jge jump if greater or equal
0f8c jnge jump if not greater or equal
0f8c jl jump if less
0f8d jnl jump if not less
0f8e jle jump if less or equal
0f8f jnle jump if not less or equal

The easy thing about most of the functions in ASM are that they sound like what they mean.
Jump, means of coarse, to Jump from one thing to another. Example:

"jmp 00401744" would mean to jump directly to the address 00401744 once the code
hits the function.

Let's look at "CALL". Call is a function that is used to "call" a certain task, string, address, whatever.
Take a look at this example:

"Call 0040ccc2" this would of coarse call the address 0040ccc2 and use it. Those are the functions
you'll be using.

The reason why I'm not going into loads of detail in this chapter is because when
cracking software, not an extensive amount of knowledge of ASM is needed. If you want
to know more or need help with something, e-mail me at the address provided at the end of
this tutorial. This chapter wasn't so nasty was it? Nah, it was easy =)
------------------------------------------------------------------------------------------------------------------------
---Needed Programs----------------

The programs you will need are as follows:

WDasm 8.9 or Higher
Hiew 6.1
Softice for win9x v3.24
SubmitWolf(demo)v4.01 (http://www.trellian.com/swolf)
Programming Language (C,C++,Pascal,ASM whatever you would like) Prefably C for this tutorial!
And a brain (no seriously)
--------------------------------------------------------------------------------------------------------------------------
---Cracking-----------------------------

Ok, here we go! The first thing you need to do is to open up SoftIce and then swolf32.exe which is the name given to our
target program. Go to the help menu and select register. Here's where your brain will come in, start to look
for how the protection is running by entering some random crap into the blank space. Don't press the OK button yet though.
Instead, press CTRL-D to bring up SoftIce. What we are gonna try to do is define a breakpoint, using BPX hmemcpy.
Hit CTRL-D again and it will bring you back to the program. Click OK on the box and SoftIce will again pop up. Now press F12
and it will bring you to the target program code. Scroll down a few lines and find:

:004167D9 8D4C2410 lea ecx, dword ptr {esp+10}--;ecx=the random crap you typed in.
:004167DD 8D94290000000 lea edx, dword ptr {esp+00000090}-;edx=name
:004167E4 51 push ecx
:004167E5 52 push edx
:004167E6 E8B5450100 call 0042ADA0----;this is the call which calculates the serial
:004167EB 83C410 add esp, 00000010--;
:004167EE 85C0 test eax, eax----;and return eax=1 if true (booleon =) )
:004167F0 0F8596000000 jne 0041688C----;jump to registered
:004167F6 8D442408 lea eax, dword ptr {esp+08}
:004167FA 8D8C2488000000 lea ecx, dword ptr {esp+00000088}
:00416801 50 push eax
:00416802 51 push ecx
:00416803 E868470100 call 0042AF70----;this call tests our serial
:00416808 83C408 add esp, 00000008---;
:0041680B 85C0 test eax, eax----;for v3.XX one.
:0041680D 7433 je 00416842;jump is equal

The call that we want to focas on is at 004167E6. This call tests wether our serial is for the correct version or not.
Let's trace the call 004ADA0:

*Referenced by a CALL at address:
:0042ABFC
:0042ADA 83EC30 sub esp, 00000030
:0042ADA3 55 push ebp
:0042ASA4 56 push esi
:004ADA5 57 push edi
:0042ADA6 8B7C24444 mov edi, dword ptr {esp+44}--;edi=our fake serial
:004ADAA 85FF test edi, edi
:004ADAC 0F4A7010000 je 0042AF59----;die if empty
:004ADB2 8B6C2440 mov ebp, dword ptr {esp+40}--ebp=our name
:0042ADB6 85ED test ebp, ebp
:004ADB8 0F849B010000 je 0042AF59---;die if empty
:004ADBE 8A07 mov al, byte ptr {edi}--;compare 1st byte of serial with 'p', die
:0042ADC0 3C50 cmp al, 50----;
:0042ADC2 0F8587010000 jne 0042AF4F----;if not equal
:0042ADC8 807F0134 cmp byte ptr {edi+01}, 34--:compare byte of serial with '4'
:004ADCC 750C jne 0042ADDA----;
:0042ADCE C70500C8430000000000 mov dword ptr {0043C800}, 00000000
:0042ADD8 EB1C jmp 0042ADF6

As we can see by the above, the code tells us that the first value of our serial will
be 'p' and a cycle of a four byte algorythm. I could go on and on about all of the internals
of all this stuff but that would be going beyond the scope of this tutorial. The idea was to show
how to crack this pro, and thats what I'm going to do. Based on the information I've given you, and the
information that you can deduce from reading the code, I've written a small key generator in C.
If you know C, then you'll be able to tell where i got the algorythms to write it. So here it is:

#include
#include

int main(void)
{
long code=555583,count1,count2;
char name[25],cod[5],type='0';
clrscr();
textcolor(14);
printf("This is a simple key-generator written by k33t of CYBNET Security Group");
printf("=================================================");
text color(10);
printf("SubmitWolf(demo)ver4.1 cracked by k33t");
textcolor(14);
printf("%c%c%c",0x10,0x10,0x10");
textcolor(12);
printf("Yup")
prinf("-November 2002");
prinf("'\n\nSelect Edition PRO(0) or Enterprise(1) (0/1)=");
scanf("%c",&type);
if(type=='1')code=557283;
getchar();
prinf("Enter Registration Name=");
scanf("%[^\n]",name);
for(count1=0;count1<=3;count1++ cod[count1]=name[count1]; for(count=1;count1=3;count1++){ for(count2=0;count2<=3;count2++) cod[count2]=cod[count2]*(code%100); code=code/100; } for(count1=0;name[count1]>0;count1++);
for(count2=0;count2<=3;count2++) cod[count2]=cod[count2]^(name[count1]+3); for=(count1-3;count1>=0;count1--){
code=code+(cod[count1]&0xFF);
if(count1>0)
code=code*0x100;
}
if(code<0)code=-code; for(;code<10000;) code=code*10; for(;code>999999;) code=code/10;
printf(Your Serial Number=P%c4-%ld",(type=='1')? 'E':'4'code);
return ;
}

Ok! So! An overall conclusion of this code is:

1.First two characters of the serial must be either 'PE' or 'P4'.
2.Multiply every first four characters or our name with every byte of our serial before '-'
3.XOR every four byte with every byte of our name.
4.Convert to positive number if<0.
5.Convert to number between 10000 and 1000000.

Forgive me if this code is buggy as I wrote it very quickly in the little spare time I had.

-----------------------------------------------------------------------------------------------------------

12:46 PM | 0 comments | Read More

Bypass BIOS Passwords

BIOS passwords can add an extra layer of security for desktop and laptop computers. They are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a password. Unfortunately, BIOS passwords can also be a liability if a user forgets their password, or changes the password to intentionally lock out the corporate IT department. Sending the unit back to the manufacturer to have the BIOS reset can be expensive and is usually not covered in the warranty. Never fear, all is not lost. There are a few known backdoors and other tricks of the trade that can be used to bypass or reset the BIOS

DISCLAIMER
This article is intended for IT Professionals and systems administrators with experience servicing computer hardware. It is not intended for home users, hackers, or computer thieves attempting to crack the password on a stolen PC. Please do not attempt any of these procedures if you are unfamiliar with computer hardware, and please use this information responsibly. LabMice.net is not responsible for the use or misuse of this material, including loss of data, damage to hardware, or personal injury.


Before attempting to bypass the BIOS password on a computer, please take a minute to contact the hardware manufacturer support staff directly and ask for their recommended methods of bypassing the BIOS security. In the event the manufacturer cannot (or will not) help you, there are a number of methods that can be used to bypass or reset the BIOS password yourself. They include:

Using a manufacturers backdoor password to access the BIOS

Use password cracking software

Reset the CMOS using the jumpers or solder beads.

Removing the CMOS battery for at least 10 minutes

Overloading the keyboard buffer

Using a professional service

Please remember that most BIOS passwords do not protect the hard drive, so if you need to recover the data, simply remove the hard drive and install it in an identical system, or configure it as a slave drive in an existing system. The exception to this are laptops, especially IBM Thinkpads, which silently lock the hard drive if the supervisor password is enabled. If the supervisor password is reset without resetting the and hard drive as well, you will be unable to access the data on the drive.


--------------------------------------------------------------------------------

Backdoor passwords

Many BIOS manufacturers have provided backdoor passwords that can be used to access the BIOS setup in the event you have lost your password. These passwords are case sensitive, so you may wish to try a variety of combinations. Keep in mind that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards. Laptops typically have better BIOS security than desktop systems, and we are not aware of any backdoor passwords that will work with name brand laptops.

WARNING: Some BIOS configurations will lock you out of the system completely if you type in an incorrect password more than 3 times. Read your manufacturers documentation for the BIOS setting before you begin typing in passwords

Award BIOS backdoor passwords:

ALFAROME ALLy aLLy aLLY ALLY aPAf _award AWARD_SW AWARD?SW AWARD SW AWARD PW AWKWARD awkward BIOSTAR CONCAT CONDO Condo d8on djonet HLT J64 J256 J262 j332 j322 KDD Lkwpeter LKWPETER PINT pint SER SKY_FOX SYXZ syxz shift + syxz TTPTHA ZAAADA ZBAAACA ZJAAADC 01322222
589589 589721 595595 598598

AMI BIOS backdoor passwords:

AMI AAAMMMIII BIOS PASSWORD HEWITT RAND AMI?SW AMI_SW LKWPETER A.M.I. CONDO

PHOENIX BIOS backdoor passwords:

phoenix, PHOENIX, CMOS, BIOS

MISC. COMMON PASSWORDS

ALFAROME BIOSTAR biostar biosstar CMOS cmos LKWPETER lkwpeter setup SETUP Syxz Wodj

OTHER BIOS PASSWORDS BY MANUFACTURER

Manufacturer Password
VOBIS & IBM merlin
Dell Dell
Biostar Biostar
Compaq Compaq
Enox xo11nE
Epox central
Freetech Posterie
IWill iwill
Jetway spooml
Packard Bell bell9
QDI QDI
Siemens SKY_FOX
TMC BIGO
Toshiba Toshiba

TOSHIBA BIOS

Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot

IBM APTIVA BIOS

Press both mouse buttons repeatedly during the boot


--------------------------------------------------------------------------------

Password cracking software

The following software can be used to either crack or reset the BIOS on many chipsets. If your PC is locked with a BIOS administrator password that will not allow access to the floppy drive, these utilities may not work. Also, since these utilities do not come from the manufacturer, use them cautiously and at your own risk.

Cmos password recovery tools 3.1
!BIOS (get the how-to article)
RemPass
KILLCMOS

--------------------------------------------------------------------------------

Using the Motherboard "Clear CMOS" Jumper or Dipswitch settings

Many motherboards feature a set of jumpers or dipswitches that will clear the CMOS and wipe all of the custom settings including BIOS passwords. The locations of these jumpers / dipswitches will vary depending on the motherboard manufacturer and ideally you should always refer to the motherboard or computer manufacturers documentation. If the documentation is unavailable, the jumpers/dipswitches can sometimes be found along the edge of the motherboard, next to the CMOS battery, or near the processor. Some manufacturers may label the jumper / dipswitch CLEAR - CLEAR CMOS - CLR - CLRPWD - PASSWD - PASSWORD - PWD. On laptop computers, the dipswitches are usually found under the keyboard or within a compartment at the bottom of the laptop.
Please remember to unplug your PC and use a grounding strip before reaching into your PC and touching the motherboard. Once you locate and rest the jumper switches, turn the computer on and check if the password has been cleared. If it has, turn the computer off and return the jumpers or dipswitches to its original position.


--------------------------------------------------------------------------------

Removing the CMOS Battery

The CMOS settings on most systems are buffered by a small battery that is attached to the motherboard. (It looks like a small watch battery). If you unplug the PC and remove the battery for 10-15 minutes, the CMOS may reset itself and the password should be blank. (Along with any other machine specific settings, so be sure you are familiar with manually reconfiguring the BIOS settings before you do this.) Some manufacturers backup the power to the CMOS chipset by using a capacitor, so if your first attempt fails, leave the battery out (with the system unplugged) for at least 24 hours. Some batteries are actually soldered onto the motherboard making this task more difficult. Unsoldering the battery incorrectly may damage your motherboard and other components, so please don't attempt this if you are inexperienced. Another option may be to remove the CMOS chip from the motherboard for a period of time.
Note: Removing the battery to reset the CMOS will not work for all PC's, and almost all of the newer laptops store their BIOS passwords in a manner which does not require continuous power, so removing the CMOS battery may not work at all. IBM Thinkpad laptops lock the hard drive as well as the BIOS when the supervisor password is set. If you reset the BIOS password, but cannot reset the hard drive password, you may not be able to access the drive and it will remain locked, even if you place it in a new laptop. IBM Thinkpads have special jumper switches on the motherboard, and these should be used to reset the system.


--------------------------------------------------------------------------------

Overloading the KeyBoard Buffer

On some older computer systems, you can force the CMOS to enter its setup screen on boot by overloading the keyboard buffer. This can be done by booting with the keyboard or mouse unattached to the systems, or on some systems by hitting the ESC key over 100 times in rapid succession.


--------------------------------------------------------------------------------

Jumping the Solder Beads on the CMOS

It is also possible to reset the CMOS by connecting or "jumping" specific solder beads on the chipset. There are too many chipsets to do a breakdown of which points to jump on individual chipsets, and the location of these solder beads can vary by manufacturer, so please check your computer and motherboard documentation for details. This technique is not recommended for the inexperienced and should be only be used as a "last ditch" effort.


--------------------------------------------------------------------------------

Using a professional service

If the manufacturer of the laptop or desktop PC can't or won't reset the BIOS password, you still have the option of using a professional service. Password Crackers, Inc., offers a variety of services for desktop and laptop computers for between $100 and $400. For most of these services, you'll need to provide some type of legitimate proof of ownership. This may be difficult if you've acquired the computer second hand or from an online auction.

12:42 PM | 0 comments | Read More