Dr. P.C. Repair & Web Design – Blog

Offering Computer Repair in Middletown NJ, Old Bridge, Holmdel, NJ, Red Bank, Atlantic Highlands NJ, Hazlet, Union Beach, NJ, Port Monmouth, Leonardo, NJ, Belford, Aberdeen, Keyport, NJ, Matawan, Marlboro, Sea Bright, Tinton Falls, NJ, Asbury Park, Woodbridge, Sayreville, NJ, Toms River, Edison, Elizabeth, NJ, Jersey City, Newark, New Brunswick, NJ, Piscataway, East Orange, NJ, Lakewood, Clifton, Hamilton, NJ, Monmouth Beach, Long Branch, NJ. Those are just the main locations we service, if you’re located outside of NJ that’s okay too! We do remote computer repairs (we can fix your computer remotely from our office) and offer phone tech support!

and REMEMBER we are the !

I so often see the question, “Is online/remote computer tech support safe?” Well let’s look at the facts. As new of an idea as this may seem to you, remote support has been around for years now. The concept isn’t all that complicated once the software is in place. An online computer support technician assists you in downloading remote repair software (if necessary), the PC tech then retrieves a one-time-use code, and then uses this code to connect to your computer.
It’s a quick, convenient process that allows you to avoid the high costs of having a PC support tech come to your home. This also helps you steer clear of having to lug around your computer and mess with a chaos of wires. Not to mention the best part of this all, you’re computer is fixed quickly and right in front of your face! Call up some computer support shops, ask them if you can watch over their shoulder while they speed up your computer (or give your computer a tune-up as some call it). It’d be inconvenient for you and uncomfortable for them. That’s if they even agree to this of course, they may not be able to do this for insurance purposes alone.
Now let’s get to the one of the best parts of online P.C. tech support. Your files and computer are safe! If you take your PC into one of these local shops, do you know how easy it is for them to complete a 5 minute fix, then cause internal damage that will cost you triple, or even quadruple the price? It’s just like those untrustworthy mechanics out there. As sad as it is, they exist. They’re not thinking how maybe if they fix your machine for $30, for those 5 minutes of work, that you’ll be quick to come back time and time again. They’re not thinking how many potential customers they can obtain through word of mouth; they just want that quick $150. There’s nothing stopping them from going elsewhere on their next computer support service needed.
Okay, so your hardware may not be safe, what about your files? Are you sure you want to trust your files in the hands of another? Family photos, tax documents, credit card information, all just some of the stuff a PC support technician could possibly have access to if he desired. With remote PC repair, you can be sure that your hardware is not being swapped out or messed with and that your files are safe. Everything that the online PC support technician is doing is done right in front of your face. With a click or two of your mouse, or a press or two of your keyboard, the technician is locked out. Not that they would try anything with the chance that you’re watching your computer screen of course. Most also offer a “no fix no fee” guarantee!
Remember the case in 2007, where a woman filed a lawsuit against a national computer repair chain whose agent allegedly left a camera phone recording in her bathroom. There are many good people out there; it’s just extremely hard to figure out which ones you’re letting in your home, or giving access to your PC. So what is your safest bet? You’ve got it, online P.C. tech support, also known as remote P.C. tech support, or online computer repair.
Okay so your one of those people that is still hesitant to use your credit card online. In most cases, there’s nothing to worry about. Most online PC tech support sites will transfer your credit card details securely using HTTPS (Hypertext Transfer Protocol Service). So that’s still not good enough? Give your credit card provider a call and ask them how you’re protected against fraud. There’s a good chance you’ll be happy with the response. Ask if you’re responsible for fraudulent charges placed on your card. Credit card providers want you to use them for everything because they get a percentage of each transaction.
Online PC tehc support is affordable too! Low prices don’t always mean a scam or inexperienced service provider, it sometimes means lower overhead costs than renting out a whole store. Would you pay $1500 a month to rent a store if you could spend $500 on a computer and $1000 on a repair website?
Speaking of website, repair isn’t all that is offered by some of these remote tech support service providers. Other services include web design, online computer training and even child safety packages. Need a website for your business? Want to get a little more use out of an expensive computer? Need to keep your teen safe on the internet? Dr. P.C. Repair (http://www.drpcrepair.com & www.doctorpcrepair.com) is just one of a few remote pc repair providers that offer all of these great services.
Are you in need of computer services? How about web design? Try an online P.C. tech support service provider today! Monitor your children on the internet, and all of their internet activity. See who they’re talking to on Facebook and other social networking sites. Finally want to learn to use that computer that you have spent so much money on? Try online pc training! There’s no time better than today, and no safer place to start than a remote pc tech support website! Just be sure to use a company that has a money back guarantee P
This article was written for Dr. P.C. Repair

http://www.drpcrepair.com

http://www.doctorpcrepair.com

One-Time Password Security Measures
One-Time Passwords (OTP’s) are exactly that, passwords that are only used one time. The passwords are generated one of two ways, time synchronized or counter synchronized. Both of these methods use the same algorithm to create the password. The good thing about OTP’s is that it creates strong security. Not only does a person have only 24 hours or less to grab a password, but if they gain access to the password they can only use it for one day. One-time passwords are defense against a hacker eavesdropping on a networks data to retrieve login information. This is known as a replay attack. The downside to one time passwords is the complicity. Users can not remember the passwords therefore they typically require a small piece of hardware that can be kept on a key chain just like a flash drive.
Users not having to remember their passwords can also be a positive thing too though, passwords can no longer be social engineered. Another common security breach that can now be avoided is passwords being written down and stuck onto a monitor or under a keyboard. This common mistake made by employees allows anything who can access the floor, to walk around and collect various passwords. This is a good scenario for using the clip boarding technique. Clip boarding is where an intruder walks around or even gains access to an area he is not authorized to because he is carrying a clip board. The clip board creates the image that the intruder is legit, and is authorized to be at a specific place, and therefore is not questioned.
The major problem before one-time passwords was probably that passwords were cached on the machine and or stored on servers. This enabled anyone who could gain access to the system to pull a password off of it. This was especially worrisome for laptop users because laptops can so easily be stolen, especially if left unattended.
One-time passwords are an amazing idea. Although companies still need to worry about information being social engineered and being stolen by operating system vulnerabilities, passwords being taken because of silly mistakes such as posting them on their monitor or desk can now be avoided. It also prevents more advance attacks such as a system being hacked and its’ passwords being decrypted. OTP’s are just one more step closer to top notch security.

Mathew Gajewski

http://www.drpcrepair.com

http://www.doctorpcrepair.com

Ports: Their Purpose and Dangers
A port can be defined as a connection point used by software to exchange data. Two of the most common examples of computer ports are TCP and UDP ports. Both of these ports are used to exchange data among computers on the internet. In this paper I will talk briefly about a few select UDP and TCP ports including the purpose for each port, the dangers of having these ports open and how to close these and other computer ports.
The select ports I have chosen to talk about are 137, 138, 139 and 445. Ports 137-139 and 445 are SMB (Server Message Block) ports. They are all used for file and printer sharing. In Windows NT, the SMB protocol ran on top of NetBIOS and in Windows XP/2000/2003, it was made possible to run SMB directly over TCP/IP without the additional layer of NetBT. This is where port 445 replaced 137-139.
Open ports can be dangerous because they are possible back doors into your computer. By keeping these ports open you’re leaving your computer open to any knowledgeable hacker. I would recommend scanning your computer with “Shields Up” (http://www.grc.com/default.htm) to see if these, as well as any other ports are open on your machine.
While Shields Up is an amazing tool for scanning your systems vulnerabilities, it can not close the ports for you. Shields Up does however give you steps on how to close certain ports as well as precautionary measures to avoid closing ports that may have needed to stay open. The best way to find out how to close specific ports on your machine is by doing a search on www.Google.com. For example if the port is 445 that you would like to close, type something along the lines of “how to close port 445” and then follow that by typing your current operating system. There is no single way to close a dangerous port. Each port you need closed may have its own set of directions to close it.

Mathew Gajewski

http://www.drpcrepair.com

http://www.doctorpcrepair.com

In this write up I’m going to teach you how to install and configure Apache. First login as usual and sign in with root privileges by typing “su.” Here it will prompt you for your password. Create a folder named Lab06 in your /home/(username goes here)/ directory and then change to your tmp folder.
In this case I was installing at a school so you’ll have to work with the directions you don’t understand. From the command line, login to the class server using FTP and download httpd-2.xxx.tar.gz to your /tmp directory. Logout and uncompress/untar the downloaded file.
Place the user files in /usr/local/apache and set the enable-module to “all.” Then set the enabled-shard to “max.” Now enter in the command line enter “./configure –prefix=/usr/local/apache \
–enable-moedule=all –enable-shared=max.” Now create and install httpd. Make a backup copy of the /etc/httpd/httpd.conf file incase of any mistakes, it’s always better to be safe than sorry. The changes that need to be made are in the Document Root, ServerRoot, and After renaming the httpd.conf file, open /etc/httpd/conf/httpd.conf in vi. Replace all “/var/local” strings with “/usr/local/apache.” Now press escape, “w” & “q” and hit enter. Now to make sure all is well type “service httpd configtest” and make sure you receive the reply “Syntax OK.” If not, please enter your results into www.Google.com for help.
Apache does not start on boot without modification, you’ll have to manually force httpd to start in run level 3, 4, and 5 when you want it to start. Type “chkconfig –list httpd > /home/(your username here)/Lab06/chkconfig.txt and now start XWindows. Open Mozilla and enter your address. You should see notification that Apache is running (because you haven’t yet uploaded webpages.)
Now that it’s installed, here is more configuration type details to the Apache server. If you’d like to restrict your webpage to people with usernames and passwords here is how. Using Apache’s htpasswd utility, create username and passwords for login. Here you must give the location and name of the password file. If there is no password file then you must include the –c option to create to th e command line. To create a username and password type htpasswd –c /etc/httpd/conf/.htpasswd (username here). To add a password type htpasswd /etc/httpd/conf/.htpasswd (username here) (without the –c). Set the permission for .htpasswd to make it read only by a specific group(s) by typing chmod 644 /etc/http/conf/.htpasswd.
Now create an .htaccess file where you want password control by using vi to edit “/usr/local/apache/htdocs/secret/.htaccess. After changing to insert mode enter the following:
AuthName “Login Required”
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpasswd
AuthGroupFile /dev/null
require user (username here) username
and now write and quit.
Now place a directive in the file which defines access to the /usr/local/apache/htdocs directory and all directories higher up than it by typing the following:

Servername (IP ADDRESS HERE)
DocumentRoot /usr/local/apache/htdocs

Now restart Apache. When trying to access it you should now be prompted for a username and password. You’re almost done. Change the director to /home/(your username/Lab06 and copy /etc/httpd/conf/httpd.conf, /etc/httpd/conf/.htpasswd, and /usr/local/apache/htdocs/secret/.htaccess. Then change ownership of the directory /home/(your username/Lab06 as well of all of the files in it from root to your username and you’re all done. Enjoy your Apache web server!

Mathew Gajewski

http://www.DrPCRepair.com

http://www.DoctorPCRepair.com

Lightweight Directory Access Protocol, also known as LDAP, is a protocol created to gain access to directory services so that you can grab data. A directory service is a service, done by software, that organized, stores and presents access to the information stored inside it. Active directory is a type of directory service made by Microsoft. With this said, you need to follow through with LDAP in order for Active Directory to comprehend and respond back to your requests.
Now LDAP and Active Directory are not required to be used together, you have other options. There are freeware Active Directory services such as OpenLDAP. There has also been services designed that, in my opinion, goes above and beyond LDAP. Kerberos, created by Microsoft, is an Active Directory developed for just this reason.
I’ll get back to Kerberos in just a moment. LDAP is a creation for the cooperation of telecommunication companies which allowed the pulling of data from a server through TCP/IP. LDAP, designed in the 1980’s has obviously been through many changes since. Now Active Directory on the other hand, is a Microsoft product which has been created based mostly on LDAP so that the two can work together “peacefully,” if you will.
Now I’ll get back to the protocol that goes by the name of Kerberos. Kerberos is an authentication protocol within computer networking. This protocol allows nodes that are communicating through an unsecure network to securely identify themselves to one another. Kerberos is an extremely popular protocol for authentication. This is set default in the Windows 2000 and Windows 2003 environments.
How Kerberos works is that there’s a central authorization server known as the Key Distribution Center which issues a “ticket” to any client that succeeds in logging into the network. That ticket is now used as a “key” for a user or even system to use the resources on the network. These resources can include databases, printers, intranet applications and more. Anything that Kerberos supports can be shared using this key.
One of the main benefits to using Kerberos is that it enables you with a single sign on feature, extremely helpful to users in a large “mixed up” network. How this comes in handy is that once someone has been granted access by the Key Distribution Center, they won’t have a problem accessing multiple network resources without having to keep entering their provided username and password each time.
The Challenge Handshake Authentication Protocol, also known as CHAP, is a bit different ballgame than Kerberos. CHAP is more of just an authentication method. CHAP is a popular, widely compatible authentication technique which sends a different version of a user’s password instead of the password itself. The RAS (remote access server) sends a challenge to the RAC (remote access client) using the MD5 hash algorithm I’ve spoken about before for authentication. This provides a one way encryption for this authentication protocol.
Extended Research
LDAP Alternatives!
Although countless hours are put into designing software and testing it for “bugs” (flaws found in software), there are always going to be something that someone does not like about the application. This is why there are so many different versions of the programs that are out there. Just as people have different taste in music, people also have different taste in software.
For example, there are many versions of the popular instant messaging software that goes by the name of AOL Instant Messenger (AIM). Some of these alternative applications are Trillin, Pidgin (also known as GAIM), Dead AIM (an add-on to older versions of AIM), Miranda and many more. It is no different with more professional software used by companies to help run their hundred thousand or even billion dollar company. Whether you’re against using the original versions of software because of the price, compatibility or just simply the features, there are alternatives for almost every piece of software out there.
LDAP is no different. OpenLDAP is I mentioned earlier is a great authentication system which is can be used on Linux and like many software applications for Linux, is completely free. OpenLDAP is also open source which means users can edit it themselves to fit their needs or others needs but must provide the source code when distributing it.
iPlanet is another LDAP alternative only this one can run on not only Linux, but Solaris and Windows systems also. One downside to iPlanet though, is that although the directory server has a Windows NT to LDAP password system, direct authentication to the directory server isn’t possible from Windows systems. This is what leads me to believe NDS is probably the best alternative.
NDS, Novell’s directory service can run on Windows, NetWare, Solaris, and Linux. Almost all versions of Windows (even Windows 98), Linux and Solaris can all be used. It’s compliant with all standards and has been found to perform well in many situations. The only major downside to NDS though seems to be the price.
Like I said before, almost all software and services out there has alternatives to it. Have a program that you think should be free, have better features or work on a different operating system? Try going to www.Google.com and typing in the software name (and version if available), followed by the word “alternatives.” If you’re looking for a free version of the software you can try something like “freeware alternative” or for operating systems “Linux alternative.”

Mathew Gajewski

http://www.DrPCRepair.com

http://www.DoctorPCRepair.com

The Severity of Zero Day Attacks
A zero day attack can be defined as an attack that is performed by taking advantage of a problem or “hole” found in the creation of software (Ex: Microsoft Windows) unexpectedly. These attacks may be performed before the problem with the software is even public information. This usually occurs when a computer criminal discovers this hole by his or her self or even from a friend and decides to take advantage of it. Because antivirus software cannot protect against brand new attacks, most if not all people who step into the criminals trap are affected.
Once an attack is made public, software vendors (including the creator of the software in which the hole exists), usually work very hard on fixing the problem immediately. Two examples of zero day attacks were problems within Microsoft Excel and Adobe Reader. Due to the vast popularity of Microsoft and Adobe, attackers aim at products created by them so that a higher number of people can be targeted. The Adobe Reader attack was labeled very severe because it enabled the possibility of victim’s machines to be taken over. With over five hundred million copies of adobe distributed worldwide, the impact of this attack left millions of computers at risk. Adobe user’s social security numbers, credit card numbers and other personal information all left at the hands of criminals.
The Microsoft Excel exploit mentioned previously is one in which allows an attacker to create an “.XLS” file that can trojan a victim’s computer if opened. Even I, as an experienced computer user wouldn’t usually hesitate to open up a file that appeared to be created in Microsoft Excel, especially if it came from a family member who unknowingly emailed it to me. This proves how severe an attack like this can actually be.
This attack, the same as the Adobe attack, left millions of user’s sensitive information at risk. These two attacks could cause millions if not billions of dollars in damage to both companies and everyday people like you and I. Both of these attacks we’re fixed by creating a patch for the software that closed the “hole” that was letting attackers into your computer. To make things even worse, not only is it that the actual attackers are doing damage, but also users who help make threats like this publicized. Users who decide to make dangerous information public should be punished the same as the discoverer of these perilous holes in software.

Mathew Gajewski

http://www.DrPCRepair.com

http://www.DoctorPCRepair.com