Why Does a File of the Form TFTPxxx Try to Run at Startup?

A file of the form TFTPxxx (where xxx = numbers) attempts to run at system start and Windows does not know how to do that. Why does it happen?

The Windows Trivial File Transfer Program is a small file transfer client provided with Windows (this differs from the FTP commonly talked about and is not a substitute for it — see the references below). When run, that program sometimes leaves behind a file of the form TFTPxxx in whatever directory was default when the program runs. The files are harmless; they are just left over from the Trivial FTP program running. That explains where the file comes from. Now we need to backtrack a bit…

On 16 July 2003 Microsoft released a patch to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. Without the patch, computers were vulnerable to crackers or programs which could enter a vulnerable computer and run arbitrary code on that vulnerable computer. Unfortunately, most people either did not know about or ignored the patch. A description of the vulnerability and links to the patch are on the Microsoft site…

http://support.microsoft.com/?kbid=823980Web Link

About a month later, a modified form of the Blaster Worm was released which specifically targeted this vulnerability. While the worm did little damage to an infected computer it did run the Windows Trivial FTP client to send itself to other computers and, in the process since it used the Startup directory as the default, caused that program to drop TFTPxxx files into the Startup directory. The next time Windows started it encountered these files and did not know how to run them. Windows then asked users to specify a program or search the Internet. Many picked the second option and ended up at the FILExt site, leading eventually to this FAQ which is also posted on the FILExt site.

What should you do?

If you have not already, download and IMMEDIATELY install the Windows patch described above. This will stop further incoming attacks.

Once you have done that, you need to get rid of whatever caused the problem. For this you really should have updated anti-virus software. By scanning your system it should find and handle the appropriate files for you. Computer Knowledge makes no specific recommendation. A list of the major anti-virus software vendors can be found here as part of the CKnow Virus Tutorial.

You can further help yourself by installing a firewall of some sort between you and the Internet. There are a number of software firewalls that work just fine. CKnow takes no position on which firewall you should use. It’s your choice but you should make the choice and use something. If you have a continuous connection to the Internet instead of dial-up you should strongly consider getting a hardware firewall.

Finally, the TFTPxxx files appear in the Startup Group in Windows. You should be able to see them by choosing Start | Program Files | Startup and they should therefore be in the folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ for Windows XP or the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup for Windows Vista.

Delete these files (they may be read only and, if so, you may have to right click the file, select Properties, and uncheck the ReadOnly attribute). As indicated above, these files are not dangerous. They just clutter up the Startup directory and cause Windows to pause to ask you about them during Startup.

Then, keep your firewall and anti-virus software up to date at all times.

Install Windows security patches when released.

Added note: Other malware has started to appear and use the Trivial FTP program and, therefore, leave TFTPxxxx files on systems. Some of these files can contain signatures of the malware and can be tagged by anti-virus software as being infected. The solution is the same as the above: make certain you have all the latest Microsoft Critical Updates and delete the leftover files. The anti-virus software should remove the malware itself or their Website should have a program that will do the removal.

More Information

Why Can’t I Add a Small File to a USB Drive?

Problem: You are trying to copy a small file to a USB device with lots of room on it but can’t. Why not?

The most likely answer is that the root directory of the USB device is full. USB devices are typically formatted using the FAT file system to allow for maximum compatibility. When originally designed, the FAT file system had file names consisting of eight character names with three character extensions, the so-called 8.3 format. When Windows 95 came out, Microsoft wanted to have it handle longer and more descriptive file names but was basically stuck with the FAT file system. So, they came up with VFAT where, by using a trick, they could put long file names into the directory by taking up several directory entries for a single file name.

But, this causes some unexpected problems with FAT devices. The number of directory entries in a FAT file system is limited in the root directory of the device. This table shows the limits…

Type of Storage Max Root Directory Entries
360 kB 5.25″ Floppy Disk 112
720 kB 3.5″ Floppy Disk 112
1.2 MB 5.25″ Floppy Disk 224
1.44 MB 3.5″ Floppy Disk 224
2.88 MB 3.5″ Floppy Disk 448
Hard Disk 512

In general, USB devices would be considered hard disks under this system and be limited to 512 root directory entries. But, that doesn’t mean you can put 512 files in the root directory of the device. Remember the VFAT that uses a trick for long file names? Well, the trick is to use multiple spots in the directory for the longer file names and the longer the file name, the more directory entries it uses. So, if you have enough long file names in the root directory of the device, even though you have not reached your 512 file maximum, the root directory can still be full and not able to accept more files; no matter how much free space there is on the device.

The extra directory entries are tagged as read-only, hidden, system, and volume label attributes. This combination is generally ignored by DOS as it is non-standard but, at the same time, the markings tell DOS that the directory entry is occupied. This is a very unusual solution to a difficult problem and therefore sometimes causes unanticipated problems. One of these is the root directory full problem described here.

OK, how do you fix it? Well, you can’t fix the basis of the problem; that’s written into the file system. However, you can work around it. Subdirectories do not have the limits of the root directory as they expand as needed. So, the workaround is to remove at least one file from the affected device and then create a subdirectory (folder) on the device. Copy all new files (and maybe some or all of the old files) into the subdirectory. Problem solved and you can now fill the device as full as you can with files.

More Information

What are the Official HTML Color Names and Hex Codes?

HTML colors can be specified in a number of different ways. The most common is to use hexidecimal notation but the HTML specification allows the use of specific names.

Names and numbers are case insensitive. Names are shown here in mixed case and hex numbers in upper case for clarity. You can use any format that meets your specific needs. Note also that use of HTML tags such as FONT has been depreciated. All color specifications on a page should use CSS notation. For example, the SPAN element can be used to specify text in a given color: <span style=”color: #0000ff;”>Example</span> = Example

The following 16 color names are the names that should be common to all browsers. Some early browsers may only respond to these specific names:

  • Black (#000000),
  • Silver (#C0C0C0),
  • Gray (#808080),
  • White (#FFFFFF),
  • Maroon (#800000),
  • Red = (#FF0000),
  • Purple (#800080),
  • Fuchsia (#FF00FF),
  • Green (#008000),
  • Lime (#00FF00),
  • Olive (#808000),
  • Yellow (#FFFF00),
  • Navy (#000080),
  • Blue (#0000FF),
  • Teal (#008080), and
  • Aqua (#00FFFF).

To be safe, you should consider using only the hex notation as all color values from #000000 – #FFFFFF (16,777,216 colors) should be valid. You can see in the table below if your browser works with color names. The last column uses color names instead of hex values so if you see something different from the Sample (third) column then you know your browser does not recognize that particular color name.

The official names and their hex equivalents are shown on this page along with a block example of the color and text in the color shown on both white and black backgrounds. Colors are shown by color name in alphabetical order. The final column tests your particular browser’s display of the color names.

Please also keep in mind that various displays will display colors differently. There is a CKnow article about this which concentrates on CRTs but applies to LCD and Plasma displays also.

Color
Name
Color
Hex
Sample Text
on White
Text
on Black
Test
AliceBlue F0F8FF   AaBb..123 AaBb..123  
AntiqueWhite FAEBD7   AaBb..123 AaBb..123  
Aqua 00FFFF   AaBb..123 AaBb..123  
Aquamarine 7FFFD4   AaBb..123 AaBb..123  
Azure F0FFFF   AaBb..123 AaBb..123  
Beige #F5F5DC   AaBb..123 AaBb..123  
Bisque #FFE4C4   AaBb..123 AaBb..123  
Black #000000   AaBb..123 AaBb..123  
BlanchedAlmond #FFEBCD   AaBb..123 AaBb..123  
Blue #0000FF   AaBb..123 AaBb..123  
BlueViolet #8A2BE2   AaBb..123 AaBb..123  
Brown #A52A2A   AaBb..123 AaBb..123  
Burlywood #DEB887   AaBb..123 AaBb..123  
CadetBlue #5F9EA0   AaBb..123 AaBb..123  
Chartreuse #7FFF00   AaBb..123 AaBb..123  
Chocolate #D2691E   AaBb..123 AaBb..123  
Coral #FF7F50   AaBb..123 AaBb..123  
CornflowerBlue #6495ED   AaBb..123 AaBb..123  
Cornsilk #FFF8DC   AaBb..123 AaBb..123  
Crimson #DC143C   AaBb..123 AaBb..123  
Cyan #00FFFF   AaBb..123 AaBb..123  
DarkBlue #00008B   AaBb..123 AaBb..123  
DarkCyan #008B8B   AaBb..123 AaBb..123  
DarkGoldenrod #B8B60B   AaBb..123 AaBb..123  
DarkGray #A9A9A9   AaBb..123 AaBb..123  
DarkGreen #006400   AaBb..123 AaBb..123  
DarkKhaki #BDB76B   AaBb..123 AaBb..123  
DarkMagenta #8B008B   AaBb..123 AaBb..123  
DarkOliveGreen #556B2F   AaBb..123 AaBb..123  
DarkOrange #FF8C00   AaBb..123 AaBb..123  
DarkOrchid #9932CC   AaBb..123 AaBb..123  
DarkRed #8B0000   AaBb..123 AaBb..123  
DarkSalmon #E9967A   AaBb..123 AaBb..123  
DarkSeaGreen #8FBC8F   AaBb..123 AaBb..123  
DarkSlateBlue #483D8B   AaBb..123 AaBb..123  
DarkSlateGray #2F4F4F   AaBb..123 AaBb..123  
DarkTurquoise #00CED1   AaBb..123 AaBb..123  
DarkViolet #9400D3   AaBb..123 AaBb..123  
DeepPink #FF1493   AaBb..123 AaBb..123  
DeepSkyBlue #00BFFF   AaBb..123 AaBb..123  
DimGray #696969   AaBb..123 AaBb..123  
DodgerBlue #1E90FF   AaBb..123 AaBb..123  
FireBrick #B22222   AaBb..123 AaBb..123  
FloralWhite #FFFAF0   AaBb..123 AaBb..123  
ForestGreen #228B22   AaBb..123 AaBb..123  
Fuchsia #FF00FF   AaBb..123 AaBb..123  
Gainsboro #DCDCDC   AaBb..123 AaBb..123  
GhostWhite #F8F8FF   AaBb..123 AaBb..123  
Gold #FFD700   AaBb..123 AaBb..123  
Goldenrod #DAA520   AaBb..123 AaBb..123  
Gray #808080   AaBb..123 AaBb..123  
Green #008000   AaBb..123 AaBb..123  
GreenYellow #ADFF2F   AaBb..123 AaBb..123  
Honeydew #F0FFF0   AaBb..123 AaBb..123  
HotPink #FF69B4   AaBb..123 AaBb..123  
IndianRed #CD5C5C   AaBb..123 AaBb..123  
Indigo #4B0082   AaBb..123 AaBb..123  
Ivory #FFFFF0   AaBb..123 AaBb..123  
Khaki #F0E68C   AaBb..123 AaBb..123  
Lavender #E6E6FA   AaBb..123 AaBb..123  
LavenderBlush #FFF0F5   AaBb..123 AaBb..123  
LawnGreen #7CFC00   AaBb..123 AaBb..123  
LemonChiffon #FFFACD   AaBb..123 AaBb..123  
LightBlue #ADD8E6   AaBb..123 AaBb..123  
LightCoral #F08080   AaBb..123 AaBb..123  
LightCyan #E0FFFF   AaBb..123 AaBb..123  
LightGoldenrodYellow #FAFAD2   AaBb..123 AaBb..123  
LightGreen #90EE90   AaBb..123 AaBb..123  
LightGrey #D3D3D3   AaBb..123 AaBb..123  
LightPink #FFB6C1   AaBb..123 AaBb..123  
LightSalmon #FFA07A   AaBb..123 AaBb..123  
LightSeaGreen #20B2AA   AaBb..123 AaBb..123  
LightSkyBlue #87CEFA   AaBb..123 AaBb..123  
LightSlateGray #778899   AaBb..123 AaBb..123  
LightSteelBlue #B0C4DE   AaBb..123 AaBb..123  
LightYellow #FFFFE0   AaBb..123 AaBb..123  
Lime #00FF00   AaBb..123 AaBb..123  
LimeGreen #32CD32   AaBb..123 AaBb..123  
Linen #FAF0E6   AaBb..123 AaBb..123  
Magenta #FF00FF   AaBb..123 AaBb..123  
Maroon #800000   AaBb..123 AaBb..123  
MediumAquamarine #66CDAA   AaBb..123 AaBb..123  
MediumBlue #0000CD   AaBb..123 AaBb..123  
MediumOrchid #BA55D3   AaBb..123 AaBb..123  
MediumPurple #9370DB   AaBb..123 AaBb..123  
MediumSeaGreen #3CB371   AaBb..123 AaBb..123  
MediumSlateBlue #7B68EE   AaBb..123 AaBb..123  
MediumSpringGreen #00FA9A   AaBb..123 AaBb..123  
MediumTurquoise #48D1CC   AaBb..123 AaBb..123  
MediumVioletRed #C71585   AaBb..123 AaBb..123  
MidnightBlue #191970   AaBb..123 AaBb..123  
MintCream #F5FFFA   AaBb..123 AaBb..123  
MistyRose #FFE4E1   AaBb..123 AaBb..123  
Moccasin #FFE4B5   AaBb..123 AaBb..123  
NavajoWhite #FFDEAD   AaBb..123 AaBb..123  
Navy #000080   AaBb..123 AaBb..123  
OldLace #FDF5E6   AaBb..123 AaBb..123  
Olive #808000   AaBb..123 AaBb..123  
OliveDrab #6B8E23   AaBb..123 AaBb..123  
Orange #FFA500   AaBb..123 AaBb..123  
OrangeRed #FF4500   AaBb..123 AaBb..123  
Orchid #DA70D6   AaBb..123 AaBb..123  
PaleGoldenrod #EEE8AA   AaBb..123 AaBb..123  
PaleGreen #98FB98   AaBb..123 AaBb..123  
PaleTurquoise #AFEEEE   AaBb..123 AaBb..123  
PaleVioletRed #DB7093   AaBb..123 AaBb..123  
PapayaWhip #FFEFD5   AaBb..123 AaBb..123  
PeachPuff #FFDAB9   AaBb..123 AaBb..123  
Peru #CD853F   AaBb..123 AaBb..123  
Pink #FFC0CD   AaBb..123 AaBb..123  
Plum #DDA0DD   AaBb..123 AaBb..123  
PowderBlue #B0E0E6   AaBb..123 AaBb..123  
Purple #800080   AaBb..123 AaBb..123  
Red #FF0000   AaBb..123 AaBb..123  
RosyBrown #BC8F8F   AaBb..123 AaBb..123  
RoyalBlue #4169E1   AaBb..123 AaBb..123  
SaddleBrown #8B4513   AaBb..123 AaBb..123  
Salmon #FA8072   AaBb..123 AaBb..123  
SandyBrown #F4A460   AaBb..123 AaBb..123  
SeaGreen #2E8B57   AaBb..123 AaBb..123  
Seashell #FFF5EE   AaBb..123 AaBb..123  
Sienna #A0522D   AaBb..123 AaBb..123  
Silver #C0C0C0   AaBb..123 AaBb..123  
SkyBlue #87CEED   AaBb..123 AaBb..123  
SlateBlue #6A5ACD   AaBb..123 AaBb..123  
SlateGray #708090   AaBb..123 AaBb..123  
Snow #FFFAFA   AaBb..123 AaBb..123  
SpringGreen #00FF7F   AaBb..123 AaBb..123  
SteelBlue #4682B4   AaBb..123 AaBb..123  
Tan #D2B48C   AaBb..123 AaBb..123  
Teal #008080   AaBb..123 AaBb..123  
Thistle #D8BFD8   AaBb..123 AaBb..123  
Tomato #FF6347   AaBb..123 AaBb..123  
Turquoise #40E0D0   AaBb..123 AaBb..123  
Violet #EE82EE   AaBb..123 AaBb..123  
Wheat #F5DEB3   AaBb..123 AaBb..123  
White #FFFFFF   AaBb..123 AaBb..123  
WhiteSmoke #F5F5F5   AaBb..123 AaBb..123  
Yellow #FFFF00   AaBb..123 AaBb..123  
YellowGreen #A9CD32   AaBb..123 AaBb..123  

Why Do I See ‘This Web Site Does Not Supply Ownership Information’ in My Browser?

Newer browsers have security features designed to help you determine if a website you are browsing is a valid and perhaps trusted site. While the intent is good, the messages users get can be confusing and fear-inducing for not really good reason. Let’s see why.

The messages you can get include:

This web site does not supply ownership information.
Verified by: Thawte Consulting cc (or some other certificate agency) but with no ownership information.
Verified by: Thawte Consulting cc (or some other certificate agency) with ownership information.

The latter two are generally accompanied by an https: start to the URL and the information in the message shown when you are on the site indicates the level of certification the owner of the site has applied to the site. That’s really all there is to it: provide a secure URL and a security certificate and you get a “Verified by…” message; don’t and you get a generic (and maybe worrysome) “…does not supply ownership information” message.

Of the three, only the last one has much meaning. To obtain the certification necessary to get the required EV SSL certificate the owner has to provide a good deal of proof of ownership information to the certifying authority (plus a good deal of money as well[Smile]). Generally, only banks and other such institutions go to that trouble to convince the visiting user(s) of their authenticity (although this trend may be [and should be] changing).

Note: In any case, no matter how detailed the security certificate is, there is NO guarantee of no inappropriate or incorrect information on the site. The certificate only attests to the ownership of the site. Please keep this in mind as it’s important to your interpretation of the various ownership warnings.

Let’s look at each in turn in a bit more detail. [Screen shots below were taken using Firefox 3.5.1 and may differ some with your browser.]

This web site does not supply ownership information.

Regular Security

Taken from the CKnow site, this is what you are likely to see for most of the sites you visit. Is it bad? Not necessarily; it just means the owner of the site did not find it necessary to obtain a security certificate for the site. Since CKnow collects no personal information from you there really is no need for the site to have a security certificate or for you to have to undergo the overhead of a secure connection with the encryption/decryption routines at both ends of the connection. Most sites you visit will likely have this “warning” displayed by the browser.

Verified by: … but with no ownership information.

SSL Connection Security

Taken from the Google Mail site, this is what you are likely to see when you visit a site whose URL starts with “https:” instead of just “http:”. If the URL and the certificate match it means that the site domain name as shown in the browser bar is accurate and that there is a valid security certificate for the site. Note that some small business sites use the certificate of the host for the site. That would mean that the certificate and the URL don’t necessarily match so caution should be used at those sites but, even so, a mismatch does not necessarily mean anything is wrong. If concerned, contact the webmaster for the site and get confirmation from them directly. Further note that in an effort to appear valid some phishing sites have adopted SSL and have certificates issued to them so having a certificate of this type or not is no guarantee and you should be certain the site is who they say they are before entering any personally-identifying information or credit card data.

Verified by: … with ownership information.

EV SSL Security

Taken from the site of an insurance/banking site often used by military members, the USAA certification provides an example of the EV certificate (EV = Extended Valuation). This simply means that they have gone through a rather extensive process to prove to the certifying authority that they are who they say they are. This is the best of the certifications but it’s also harder to get and more expensive. Indeed, the expense is one of the reasons smaller businesses have used to lobby against the various ownership information displays. But, over time, the cost has come down and you should expect to see more serious business sites having this sort of certification instead of the more generic certification without ownership information.

But it bears repeating: No matter how detailed the security certificate is, there is NO guarantee of no inappropriate or incorrect information on the site. The certificate only attests to the ownership of the site.

Prior comments from original 7/17/2009 article…

#1
Jan Cheng
Said this on 2009-09-01 At 03:39 pm
I have an SSL cert from ix-one.com
When I visit my website there is no padlock!!!
So I click on the favicon and it says
This web site does not supply ownership information.
#2
DaBoss
Said this on 2009-09-01 At 05:29 pm
In reply to #1
Create a support ticket with them and get them to install the certificate and tell you how to use their system to create https output pages.

#3
v sekhar
Said this on 2009-10-04 At 09:25 am
Thank you DaBoss. Now I’ve relieved off my worrying doubts. I see the first message very often on my wordpress blog. The information you provided is much helping to me. Thank u once again.

#4
Wayne Davies
Said this on 2009-11-21 At 05:29 am
My comment is about this: The certificate only attests to the ownership of the site

Something I’ve always wondered is what’s to stop an otherwise legitimate authority issuing certificates that purports to confirm ownership to unsavoury people in return for large amounts of money?

Or worse, what’s stopping a criminal organisation from setting up an apparently legitimate authority that then issues certificates to both genuine companies and crooks? Or perhaps using the data they collected on genuine companies to buy certificates from a reputable authority?

Actually, I think what I’m really asking here is: Who’s making sure the certificate issuers are legit?
#5
DaBoss
Said this on 2009-11-21 At 12:10 pm
In reply to #4
Nobody in particular. However, if a certificate is found to be bogus the system can be purged. See here for more…

http://en.wikipedia.org/wiki/Certificate_authority

#6
Alexis Wilke
Said this on 2010-01-05 At 02:46 pm
[Generally, only banks and other such institutions go to that trouble to convince the visiting user(s) of their authenticity …]

Sorry but that statement is wrong. ALL businesses that want to do e-Commerce on their website, including banks, MUST have a certificate. Without the valid certificate, the cart cannot be enabled to take credit card information on your website.

My company, for instance, has such a secure site here: https://secure.m2osw.com

We use godaddy for our certificate and it shows on the left side of the screen (below the menus.) That is another important point in regard to having a secure site.

Of course, many hackers will use free certificate, or individual certificates (that are really cheap) and put that on their hacker website… which is not properly verified. That’s where you get a complicated set of things happening and why a secure site is not automatically a secure business!

Best,
Alexis
#7
DaBoss
Said this on 2010-01-05 At 04:27 pm
In reply to #6
Nope. Not wrong. Please re-read. That statement only applies to the EV SSL certificate. Your site does not have that. By using the GoDaddy certificate you clearly fall into the Verified By with No Ownership information category (the middle one above). Perfectly OK for e-business but you have not taken that extra step that banks, etc. generally take by getting the EV SSL certificate.
#8
Alexis Wilke
Said this on 2010-01-05 At 11:15 pm
In reply to #7
Ah! I see. That’s recent I guess… 😎

Note that GoDaddy does offer EV SSL for about $99/year. (i.e. Premium SSL).

Maybe my company will switch to that soon.

Thank you for taking the time to reply!
Alexis

#9
Shabeer Naha
Said this on 2010-02-12 At 06:53 am
Thawte’s SSL Web Server Certificates costs $250 a year.
Thawte’s EV SSL Certificate costs $600 a year.

Answerable.com which sells Thawte’s Certificates have a much cheaper pricing. (http://answerable.com/digital_certificate.php)

Web Server Certificate : $84 a /year – this is same as Thawte’s SSL Web Server Certificates. But there is no mention of EV or not. I wouldnt be surprised if the EV comes with $84 a year.

[There are a number of discount sellers of these certificates. –DaBoss]

#11
Harry Lee
Said this on 2010-05-28 At 08:20 am
You saved my day, DaBoss.
I’ve wondered why and where da above message came from.
Now I’m pretty much relieved with that

Is it O.K for me to put your wonderful writings in my blog to share that useful information of yours with my people after your permission? Of course I’ll put down there your source url address though.

Waiting for your reply.
Thanks once again.

Harry
#12
DaBoss
Said this on 2010-05-28 At 10:27 pm
In reply to #11
Thank you for the kind comments.

In general, copying CKnow material in substance in a blog or other page is NOT allowed. If the material is published even with a link given then there would be no reason for someone to come here to get the information and that’s counterproductive for me. Feel free to comment and link but not copy and link. For example…

“I found this great page on the Cknow.com site that explains those messages about website ownership and why there is really no problem with most of them. See that here [linked].”

…would be just fine. However, a repeat of the reasons and most of the substance of the article and then a link would NOT be fine.

Thank you for asking and I hope you see the difference and understand why.

#16
Uligue
Said this on 2010-10-12 At 09:27 pm
The message “This website ….” means two things:

a) the Certificate Issuer PKI hierarchy is not registered at cert database of browser, and
b) The real location of files is not owned by super-user (a WebServer configuration problem).

The “scrap” message has NOTHING RELATED to EV certification.

Building PKI tree (CA Self-Signed, CA Service , Final certificate) following the RFC5280 and fixing “WebServer configuration” are enough to stop the problem.

EV certs provides other OIDs that only show WHO is responsable for that certificate (jurisdiction, real address of individual between others policy OIDs). There is “no secret” key beside this. Visit www.cabforum.org and read the EV Guide. It is free!!!. EV is not a solution, because it ALSO MAY BE FORGED as any other Certificate after visited a malicious web page with some “cracking code”. EV is a “money solution” for “Big Jangle Enterprises”.

#18
Bob
Said this on 2011-01-10 At 11:02 am
If ownership declaration is only needed/recommended for HTTPS:// sites then why indicate for HTTP:// sites. It only makes things confusing for consumers.

“This web site does not supply ownership information.”
Oh! Should I now NOT trust this site?

One more “boon-dangle” to confuse the average Internet user!
#19
jennie guanzon
Said this on 2011-11-26 At 08:54 pm
In reply to #18
This web site does not supply ownership information

[Most don’t. For this site it’s just not worth the effort or money to do so. I’ve got no active content to make it necessary. –DaBoss]
#20
jennie guanzon
Said this on 2011-11-26 At 08:56 pm
In reply to #18
Thanks for the information.

#21
Karen Cole
Said this on 2012-01-27 At 04:57 pm
I need the name of a excellent company where I can get the SSL certificate and everything so that it shows my favicon in the upper left of the URL bar and so that people can always freely visit (from absolutely everywhere) our storefront business website, rainbowriting.com .

[I don’t use one and so have no direct experience but many website hosting providers also have a certificate they can provide. One other suggestion, besides a simple Google search, would be to see what certificate providers the big players (any major site) use as you know those will be good sources but expect to pay more in all probability. –DaBoss]

How to Use Moo0 FileShredder to Permanently Delete Files

In the article “How to Securely Delete a File” we saw that using Windows to delete a file is not the way to do so securely. To completely delete a file you have to overwrite it multiple times with different patterns; something Windows has no capability to do. In this article we discuss how to use the free program Moo0 FileShredder [pronounced moo-ah] to securely delete files.

Moo0 FileShredder is a program that allows you to securely shred one or multiple files using algorithms up to the Guttmann 35-overwrite algorithm by simply dragging and dropping the file onto the open program window.

Installing Moo0 FileShredder is easy. It comes with a Windows installer that operates much like any other Windows installer. The program installs into the C:\Program Files\Moo0\FileShredder [version #]\ directory by default but you can change that if you need to.

Once installed, to start the program you need only double click on the program icon and you see the main screen in minimized mode…

Moo0 Minimized Mode

You can click on the Detailed Description button to enlarge the program window in order to see the options better…

Moo0 Expanded Mode Shred OnceExpand

To use the program simply pick the algorithm you wish to use to shred files by opening the drop-down menu in the Method box. Then, from any Windows Explorer window left click on a file and then drag and drop it on the toe Drop Box you see on the left side of the Moo0 File Shredder window. It’s that simple. Once you do that, the file is shredded using the chosen algorithm. If the file’s icon continues to show up in the Windows Explorer window after the operation simply go back there and press the F5 key to refresh the Explorer display. The file icon should then disappear.

The Method box menu allows you to select the exact method you want used to overwrite and “shred” files; all the way up to the Gutmann 35-overwrite method…

Moo0 Expanded Mode Shred 35Expand

The DoD 5220-22.M standard of three passes over the file with specific patterns will likely do unless you have very sensitive files to delete. It’s also the fastest secure algorithm in the options. The other two to consider would be the 7 and 35-pass algorithms. These certainly will be more secure than the DoD but will take that much longer to execute. Your choice however. Use what you feel comfortable with.

Now let’s see the program in action. CKnow set up a test machine and ran the program against several copies of the same 2.4 megabyte file using different algorithms and captured the results in a Flash video. The results can be viewed by clicking on the graphic below…

Show Me Please
Show me please!Expand

[Time: 3:40]

That’s the Moo0 FileShredder in a nutshell. Interested in the program? Go to their page and read more or downloadWeb Link.

This article is part of a series about secure file deletion. The others in the series include: “How to Securely Delete a File” and “How to Use File Shredder to Permanently Delete Files“.

How to Securely Delete a File

Deleting a file in Windows (or even older DOS) removes it from your system — right? As many a computer criminal as found out the answer is absolutely not. The file itself can often be easily recovered simply by using Windows, or recovered using other programs if the file was “permanently” deleted. Let’s look at what happens when you delete a file.

The Simple Windows Delete

Most people will delete a file by clicking on the file and then pressing the delete key. Under Windows this brings up a dialog box asking if you want to recycle the file…

Recycle Bin Prompt

Answering Yes to this dialog causes Windows to move the file into the Recycle Bin which is really a hidden folder called Recycled. The original full pathname to the file is stored in the Recycle Bin index and the file itself is renamed to a unique name so it becomes possible to store many files of the same original name into the single folder without naming conflicts. Opening the Recycle Bin causes the index to be read and the file names still in the Recycle Bin and available for restore to be displayed.

The Recycled folder is unique in that its given a maximum size where most other folders have no such limit. Files stay in the Recycle Bin for a variable amount of time which largely depends on the size of the file, the size of the Recycle Bin, and the age of the file. Many are not even certain Microsoft knows the exact algorithm used to clear files from the Recycle Bin :-).

But, regardless the exact algorithm, if a file is in the Recycle Bin then it should be an easy matter to recover the file. The suggested recovery method is to right click on the file in the Recycle Bin dialog and then select “Recover” from the context menu that pops up…

Restore from Recycle

This puts the file back to its original location. Or, if you wish to have the file in a different location all you really have to do is left click on the file and drag it to an open Windows Explorer window showing that location (or just to the desktop if that’s more convenient).

The key point to remember here is that any file “deleted” in the standard way is not really deleted in the way most people think of deletion (i.e., destruction). So, how can you better delete a file to force it to be gone? Windows provides one way that’s not very good and there are programs that can be used to do a much better job.

Windows “Permanent” File Deletion

If you click on a file and then press Shift-Delete on the keyboard Windows will give you a slightly different dialog…

Permanent Delete

Note the question: “Are you sure you want to permanently delete this file?” In this case if you say Yes to the dialog Windows will actually delete the file and not move it into the Recycle Bin. But, does this really delete the file? Again, no. The file remains on the disk; only the directory pointers to the file are eliminated and the space the file occupies is made available to the operating system to reuse. Often, this reuse only takes place after a fair amount of time has passed so the “deleted” file just sits on the disk available for recovery using software able to find the start of the file and then trace the storage locations from there to recreate the file. Such software is readily available as both commercial and free.

Some examples and further reading include…

  • PhotoRec. File data recovery software designed to recover lost files including video, documents and archives from Hard Disks and CDRom and lost pictures (thus, its ‘Photo Recovery’ name) from digital camera memory. PhotoRec ignores the filesystem and goes after the underlying data, so it will still work even if your media’s filesystem has been severely damaged or re-formatted. PhotoRec home pageWeb Link. [Free]
  • Recuva. Recuva (pronounced “recovah”) is a freeware Windows utility to restore files that have been accidentally deleted from your computer. This includes files emptied from the Recycle bin as well as images and other files that have been deleted by user error from digital camera memory cards or MP3 players. Recuva home pageWeb Link. [Free]
  • Wikipedia Undelete articleWeb Link.

Really Permanent Deletion

To really delete a file so it can’t be recovered you basically have to overwrite it; and, overwrite it multiple times so all residual magnetic domains on the disk have been changed and the underlying file can no longer be reconstructed.

Simple deletion programs may overwrite the file once or twice. Those that follow DoD standards (5220) will overwrite the file three times. Beyond that the deletion standards generally call for either seven or 35 overwrites for complete deletion. The 35 overwrites is called a Guttman method after Peter GutmannWeb Link who, in the mid-1990s, looked into data recovery using magnetic force microscopy to recover underlying magnetic domains from the original file. Note: Overwrite is used here to mean overwritten by special patterns and not just overwriting with a single character over and over again.

Again, there are many programs, both commercial and free, that will overwrite a file and permanently delete it. There are two we’ll concentrate on here because they are both free for personal use and overwrite files up to the Guttmann 35 times standard. They are listed here and their operation is fully described on subsequent pages.

  • File Shredder. File Shredder is a program that allows you to securely shred one or multiple files using algorithms up to the Guttmann. The program will also overwrite and clear all of the free space on a disk and, if you wish, will install a link to the program into the right click context menu for Windows Explorer so that if you are in Explorer and right click on a file you will have an option to shred it or mark it for later shredding.
  • Moo0 FileShredder. Moo0 [pronounced moo-ah] is a somewhat simpler program than File Shredder. When you run the program it places a window on your desktop. To shred a file you simply set the options and then left click and drag the file from Windows Explorer onto the Moo0 window. When you do this, Moo0 will shred the file according to the options you set.

The other consideration about deleting files permanently is what files you might want to do this to. Obviously, any files with personal data in them or files that might compromise you if found are candidates for permanent deletion. But, there are others you might want to consider taking off your system if you browse the Internet to locations you might not want known then there are many files to consider for permanent deletion.

How to Log Into Windows With No Password

When Windows starts you generally get a log-in screen that asks for a password…

Log-in Screen Example

This is a safety feature that helps keep users who should not be using your computer or your account on the computer if multiple people use the computer. In situations where multiple people use a computer or the computer is in a public place it’s a good thing to not mess with this system. Many people, however, have computers where it would be rare for someone unauthorized to access the computer. In these cases it would be handy to be able to just turn the computer on and not have to enter a password as Windows starts up. There are two ways to make this happen: the good way and the bad way.

The bad way would be to go to the Control Panel and choose User Accounts in order to remove the password…

Control Panel

If you do this then portions of Windows will either stop working or give you results you did not expect. A user account with no password is considered by Windows to be insecure and Windows sets itself accordingly with limits on many things allowed by that user. Does not matter if the user is designated as an Administrator or not.

The good way would be to keep the password but let Windows enter it for you. This will still potentially open your system to abuse but only by someone coming along and using the computer without you being around. In most cases you should know if this is possible or not and determine the risk of letting Windows log you in automatically.

Here is the procedure that works for Windows 7, Vista, and XP…

  1. Open the Start Menu and, in the search box, type…
    command userpassword2
    …then press the Enter key. (In XP use Start|Run and then type the words into the dialog.)

    User Password Command

  2. This command opens the Advanced User Accounts Control Panel…

    Advanced User Accounts

  3. Note the box beside “Users must enter a user name and password to use this computer.” It is checked by default. Uncheck the box and then click on the Apply button (that should light up when you make the change). When you do a password box opens where you enter the password for the account. This also confirms it is the account holder requesting the change.

    Confirmation

  4. Once you click on OK the change takes effect and the next time you restart the computer it will automatically log into the account with no password request.

There are other things you can do at the Advanced User Accounts Control Panel. May get into those later. For now, experiment at your own risk.

Note: This does not change the behavior when coming out of hibernation. To change that use the Power Options Control Panel applet to tell Windows if a password request is needed or not on waking up.

Why Do I See Action Canceled When Trying to Use a Network Help File?

At times you may see “Action canceled” when trying to access content in a .CHM Windows help file. The most likely cause of this is a security patch Microsoft issued which blocks access to such content when the file is stored on a network device. This page tells how to fix this problem.

The Problem

When .CHM (HTML Help) files are stored on a network device Windows treats them as not secure after installation of on of several security updates. You might see something looking like this…

CHM File Action Canceled

The Fix

The obvious and safest fix is to move the .CHM help files onto the local computer trying to access them. There is good reason for the security patch and fixing it in other ways simply makes your system more vulnerable; if only by small amounts.

If this is not possible Microsoft describes this problem and provides a registry workaround for it in Article ID: 896054Web Link but the fix as they describe it is quite complicated for the average user. It involves directly editing the registry to specifically allow the file(s) in question to be accessed as a workaround to the security patch.

Fortunately, EC Software GmbH, makers of the excellent Help & Manual help writing tool, have posted a small program called HHReg that will make the fix for you. See this page…

http://www.ec-software.com/products_hhreg.htmlWeb Link

…for a description and the link to the latest version of their free program HHReg. Using this tool you can select specific help files or folders to add to the registry so a specific system can then access those files. This is probably the safest way to work around the security patch if you can’t install the files onto your local computer. It allows only specific items to be accessed.

In either case you should make a backup of your registry before applying any patches no matter what method you use to apply the patches. You also need to have administrator access to apply any of these patches. And, if you are on a corporate network it would be wise to advise the network administrator of the problem and fix so they are aware of the problem and at least one way to fix it corporate-wide.

What are Cookies?

Some people are concerned that web servers have the power to write to their local hard disk without their knowing about it. The information written is called a “cookie”. This page attempts to address that topic.

What is a Cookie?

The full cookie specification (RFC 2965) can be found at http://tools.ietf.org/html/rfc2965Web Link if you are interested in studying the subject in detail. To simplify, cookies are small bits of information written to your hard disk by a site you visit. The site that writes the information is basically the only site that can retrieve it (some argue that it is possible to “fake” the request and collect information from cookies saved by other sites; they are possibly correct, but this seems to be rare if done at all).

The name “cookie” comes from the UNIX magic cookie which is a name given to packets of information passed between programs. That name is derived from the Chinese fortune cookie where you have information hidden inside a packet.

The purposes of a cookie are twofold:

  • Save information about you to make it easier for you to enter the site in the future.
  • Track your actions (for a variety of reasons that might benefit you or the site manager).

As one simple example, consider a newspaper site with a registration requirement (paid or free, it does not matter). Your logon information might be saved in a cookie so that when you return to the site it can query the cookie and save you the trouble of logging in. Further, if you have specific information requirements these can be coded into a cookie and the site can then automatically present you with stories on the specific topics of interest without bothering to ask you again to enter them on future visits.

How are Cookies Stored?

Cookies are stored in different ways with different browsers and operating systems. On a computer running Windows and a Netscape browser you will find them in a file named COOKIES.TXT in the browser directory. Firefox places an SQLite database of cookies into the browser’s profile folder. A Windows user running Internet Explorer will find them as separate files in the WINDOWS\COOKIES directory. In UNIX they are in a single file in your Netscape directory under the name cookies. Finally, on a Macintosh the file is named MagicCookie and is in the Netscape preferences folder. If you look at a cookie you will see a single line that looks something like:

.infoseek.com TRUE/FALSE 869315463 InfoseekUserId 9CC70E7E5772038797334985D8974560

.netscape.com TRUE/FALSE 946713599 NETSCAPE_ID c65ffb1e,c4750133

The start of the cookie generally has the domain name authorized to access that cookie. The second to last column is the name of the cookie and the last column is the cookie itself. The other information is control information that can define the length of time the cookie is valid and such things as if a secure server connection is necessary before the cookie will be sent.

The specification allows up to 300 total cookies with each being up to 4KB long. There can be up to 20 cookies per server or domain. When these limits are exceeded older cookies (particularly those that have expired) are erased. If there are no expired cookies, then older cookies (expired or not) may be erased.

Cookie Security

Three major concerns are typically raised:

  • “Someone” is writing to your hard drive without your knowing about it.
  • Cookies can be used to “steal” valuable information about you.
  • Cookies can be used to track you (and thus invade your privacy).

While each of these concerns has some validity (depending largely on how you view personal security and privacy) there is little real concern if you take what one might describe as standard precautions.

In the first instance, many programs write to your hard drive without your knowing about it. There are temporary files, cache files, and any number of related files routinely written to your hard disk during any computing session. If you are worried about it, modern browsers have a “notify” option relating to cookies. Check it and the browser will alert you whenever a cookie is supposed to be written to your hard disk. Because of privacy concerns raised by some people expect all future browsers to also have an option that tells them you never want a cookie recorded (or some alternative where you only accept cookies from defined sites or during a specific browser session). Of course, if you don’t record a cookie, if you revisit the site you will have to go through the registration process all over again. This may or may not be convenient for you.

The second instance is usually described in near-hysterical terms that describe how cookies are going to search your hard drive and send all sorts of vital information to some site or another. Bottom line: This is false. The only information a cookie can send to any site is information you have already provided, including any information you sent in a form or locations you have visited on the site in question (or locations you were directly referred to by links from that site). The cookie specification allows no access outside of the cookie file itself. And, if a site wanted to track your activity it could do so on that site; it would not require cookie technology. Cookies just reduce storage space on the server side since the site does not have to allocate storage space for every possible user; each user allocates a little space for the information on their system in the form of a cookie.

The third (track you) has minor potential for problems under some very unique circumstances. Here is a worst case scenario (that would be difficult to implement). Consider a site which stores advertising banners that many other sites draw from. This same site runs contests for other sites. If that site wants to it can:

  • Each time you hit a page with one of those banners on it the storage site checks for cookies it might have sent you in the past and places another. It also records the site you are on plus any info the browser might send (including your current IP address) into its database (at this point all the site knows is the ISP you are logging in from).
  • If you now enter one of that site’s contests all the information you provide as part of the contest rules is also stored in the database. The ad banner storage site now knows who you are, what sites you have visited, and what some of your interests are.
  • Now take your laptop on a trip. If you are using a national ISP your IP address will likely change because national ISPs generally assign the address dynamically when you log in and the address is based on location. So, when you now hit another advertising banner the ad site suspects you are traveling. (In the extreme, knowing personal information and that you are away from home could be used in many ways, but in practice such coordination would be hardly worth the effort. There are many easier ways of determining if you are home or not.)

Another example of cookie use can be seen on many shopping sites (e.g., Amazon.com for one). When you go to Amazon.com as a prior customer the chances are that Amazon.com will put up a page with your name on it. They remember you via cookies set on your prior visit(s).

As with any other information and technology, cookies have their positive and negative sides. If you are careful in what you provide to any site there seems to be minor danger in allowing cookies to be active on your computer. Cookies or not, however, you need to exercise caution with important information (e.g., credit card numbers). Consider carefully to whom you provide this information in any form. And, be aware that more information that you might care to have collected can be collected on you over time via cookies.

More Information

What is a Scan Code?

In the keyboard are little switches. When you press a key one of the switches is activated and when you release that key the switch is activated again. The keyboard makes note of these happenings and stores them in a small buffer (memory area) in the keyboard while it notifies the computer that something has happened at the keyboard (an interrupt). The computer, once notified of keyboard activity reads the buffer and takes the necessary action.

Each key on the keyboard has its own code that it sends when pressed and when released; this is called its scan code. When listing scan codes here we’ll list the “press” scan code. The “release” scan code is that number plus 128 (80 hex).

While the original scan code specification allowed for a single number, newer keyboards with the movement keys repeated in the center of the keyboard forced a change and those keys carry a two-number scan code with the first number always being hex E0 (so programs reading scan codes first test for the E0 character; if not found process the code directly, if found, process the next code as one of the center movement keys).

At first blush the release code may seem redundant but when you think about how often you might press and hold the shift, control, or alt keys down while typing something else it becomes clear why it’s needed.

That said, here are the various scan codes originally defined by IBM (you can see from the layout these were defined for the very first keyboard)…

  • hex 01 = Escape key
  • hex 02 = 1 or ! key
  • hex 03 = 2 or @ key
  • hex 04 = 3 or # key
  • hex 05 = 4 or $ key
  • hex 06 = 5 or % key
  • hex 07 = 6 or ^ key
  • hex 08 = 7 or & key
  • hex 09 = 8 or * key
  • hex 0A = 9 or ( key
  • hex 0B = 0 or ) key
  • hex 0C = – or _ key
  • hex 0D = = or + key
  • hex 0E = Backspace key
  • hex 0F = Tab key
  • hex 10 = q or Q key
  • hex 11 = w or W key
  • hex 12 = e or E key
  • hex 13 = r or R key
  • hex 14 = t or T key
  • hex 15 = y or Y key
  • hex 16 = u or U key
  • hex 17 = i or I key
  • hex 18 = o or O key
  • hex 19 = p or P key
  • hex 1A = [ or { key
  • hex 1B = ] or } key
  • hex 1C = Enter key
  • hex 1D = Control key (Left if two)
  • hex 1E = a or A key
  • hex 1F = s or S key
  • hex 20 = d or D key
  • hex 21 = f or F key
  • hex 22 = g or G key
  • hex 23 = h or H key
  • hex 24 = j or J key
  • hex 25 = k or K key
  • hex 26 = l or L key
  • hex 27 = ; or : key
  • hex 28 = ‘ or ” key
  • hex 29 = ` or ~ key
  • hex 2A = Left shift key
  • hex 2B = \ or | key
  • hex 2C = z or Z key
  • hex 2D = x or X key
  • hex 2E = c or C key
  • hex 2F = v or V key
  • hex 30 = b or B key
  • hex 31 = n or N key
  • hex 32 = m or M key
  • hex 33 = , or < key
  • hex 34 = . or > key
  • hex 35 = / or ? key
  • hex 36 = Right shift key
  • hex 37 = * or PrtScr key
  • hex 38 = Alt key (Left one if two)
  • hex 39 = Space bar
  • hex 3A = Caps Lock key
  • hex 3B = F1 key
  • hex 3C = F2 key
  • hex 3D = F3 key
  • hex 3E = F4 key
  • hex 3F = F5 key
  • hex 40 = F6 key
  • hex 41 = F7 key
  • hex 42 = F8 key
  • hex 43 = F9 key
  • hex 44 = F10 key
  • hex 45 = Num Lock key on numeric keypad
  • hex 46 = Scroll Lock key on numeric keypad
  • hex 47 = 7 or Home key on numeric keypad
  • hex 48 = 8 or Cursor Up key on numeric keypad
  • hex 49 = 9 or Pg Up key on numeric keypad
  • hex 4A = – key on numeric keypad
  • hex 4B = 4 or Cursor Left key on numeric keypad
  • hex 4C = 5 key on numeric keypad
  • hex 4D = 6 or Cursor Right key on numeric keypad
  • hex 4E = + key on numeric keypad
  • hex 4F = 1 or End key on numeric keypad
  • hex 50 = 2 or Cursor Down kay on numeric keypad
  • hex 51 = 3 or Pg Dn key on numeric keypad
  • hex 52 = 0 or Insert key on numeric keypad
  • hex 53 = . or Delete key on numeric keypad
  • hex 54 = Sys Req key (on 84-key keyboard)
  • hex 57 = F11
  • hex 58 = F12
  • hex E1 = Pause key (on 101-key keyboard)

The following scan codes are preceeded by hex E0…

  • hex 1C = Enter key on numeric keypad
  • hex 1D = Control (Right if two)
  • hex 35 = / key on numeric keypad
  • hex 38 = Alt (Right if two)
  • hex 47 = Home
  • hex 48 = Up arrow
  • hex 49 = Pg Up
  • hex 4B = Left arrow
  • hex 4D = Right arrow
  • hex 4F = End
  • hex 50 = Down arrow
  • hex 51 = Pg Dn
  • hex 52 = Insert
  • hex 53 = Delete

While these are generally assigned scan codes, be aware that keyboards come in a wide variety of shapes and sizes and the scan codes from those may differ somewhat from the above.

[Originally published 11/22/2009.] Two of the comments and response are below…

1) What do I do if wanna read an ‘Enter’ key from keyboard in a ‘C’ program.
I want to write a code for the program in which user select some options through arrow keys and then S/he hit the ‘Enter’, then how can I scan the ‘Enter’ key.

2) what is the program to read the arrow keys ? when searched in net i saw a program which using ‘i.h.ah’ &’o.h.ah’ what does they mean and how it works?

Answer: How you read a key depends on the language being used. In C, for example, the function getkey() is typically used. After you get the key then your program has to first determine if the key was a regular keystroke or one of the extended codes that have two parts.

A sample C program to do this is in the answer here…

http://answers.yahoo.com/question/index?qid=20080202062127AAdkCrz

The i.h.ah referenced is just a variable name that seems to appear in many Google search results including the one at Yahoo! Answers. But that one at least has a useful answer.