Wednesday, October 03, 2007

DOS命令大全 -- DOS Commands

winver---------检查Windows版本 wmimgmt.msc----打开windows管理体系结构(WMI) wupdmgr--------windows更新程序 wscript--------windows脚本宿主设置 write----------写字板 winmsd---------系统信息 wiaacmgr-------扫描仪和照相机向导 winchat--------XP自带局域网聊天 mem.exe--------显示内存使用情况 Msconfig.exe---系统配置实用程序 mplayer2-------简易widnows media player mspaint--------画图板 mstsc----------远程桌面连接 mplayer2-------媒体播放机 magnify--------放大镜实用程序 mmc------------打开控制台 mobsync--------同步命令 dxdiag---------检查DirectX信息 drwtsn32------ 系统医生 devmgmt.msc--- 设备管理器 dfrg.msc-------磁盘碎片整理程序 diskmgmt.msc---磁盘管理实用程序 dcomcnfg-------打开系统组件服务 ddeshare-------打开DDE共享设置 dvdplay--------DVD播放器 net stop messenger-----停止信使服务 net start messenger----开始信使服务 notepad--------打开记事本 nslookup-------网络管理的工具向导 ntbackup-------系统备份和还原 narrator-------屏幕“讲述人” ntmsmgr.msc----移动存储管理器 ntmsoprq.msc---移动存储管理员操作请求 netstat -an----(TC)命令检查接口 syncapp--------创建一个公文包 sysedit--------系统配置编辑器 sigverif-------文件签名验证程序 sndrec32-------录音机 shrpubw--------创建共享文件夹 secpol.msc-----本地安全策略 syskey---------系统加密,一旦加密就不能解开,保护windows xp系统的双重密码 services.msc---本地服务设置 Sndvol32-------音量控制程序 sfc.exe--------系统文件检查器 sfc /scannow---windows文件保护 tsshutdn-------60秒倒计时关机命令 tourstart------xp简介(安装完成后出现的漫游xp程序) taskmgr--------任务管理器 tasklist /SVC--查看进程详细信息 eventvwr-------事件查看器 eudcedit-------造字程序 explorer-------打开资源管理器 packager-------对象包装程序 perfmon.msc----计算机性能监测程序 progman--------程序管理器 regedit.exe----注册表 rsop.msc-------组策略结果集 regedt32-------注册表编辑器 rononce -p ----15秒关机 regsvr32 /u *.dll----停止dll文件运行 regsvr32 /u zipfldr.dll------取消ZIP支持 rundll32.exe shell32.dll,Control_RunDLL ----------显示控制面板 rundll32.exe shell32.dll,Control_RunDLL access.cpl,,1--------显示辅助功能选项 rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl @1--打开系统属性 rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,1---删除或添加程序 rundll32.exe syncui.dll,Briefcase_Create----桌面上建立公文包 rundll32.exe diskcopy.dll,DiskCopyRunDll----复制软盘驱动器 rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,0--显示时间属性 rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,0----显示桌面墙纸属性 rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,0-----游戏控制器 rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,0---音频属性 cmd.exe--------CMD命令提示符 chkdsk.exe-----Chkdsk磁盘检查 certmgr.msc----证书管理实用程序 calc-----------启动计算器 charmap--------启动字符映射表 cliconfg-------SQL SERVER 客户端网络实用程序 Clipbrd--------剪贴板查看器 conf-----------启动netmeeting compmgmt.msc---计算机管理 cleanmgr-------垃圾整理 ciadv.msc------索引服务程序 osk------------打开屏幕键盘 odbcad32-------ODBC数据源管理器 oobe/msoobe /a----检查XP是否激活 lusrmgr.msc----本机用户和组 logoff---------注销命令 iexpress-------木马捆绑工具,系统自带 Nslookup-------IP地址侦测器 fsmgmt.msc-----共享文件夹管理器 utilman--------辅助工具管理器 gpedit.msc-----组策略

Digg!

Sunday, May 27, 2007

颈椎病的预防

严防急性头、颈、肩外伤:头颈部跌扑伤、碰击伤及挥鞭伤,均易引发生颈椎及其周围软组织损伤,引起颈椎病,故应积极预防。例如坐车打瞌睡,遇到急刹车,头部突然后仰,可造成颈椎挥鞭性损伤;有人生气时随意拧孩子耳朵,孩子为了防御而急性扭颈,或用巴掌打击孩子后头部等,均可引起颈肌及其周围软组织损伤;婴幼儿颈部肌肉尚不发达,颈软,如过早抱起或抱孩子姿势不合适,甚易造成过伸性颈椎损伤;有些青少年体育运动不得要领或不重视运动前的预备活动,如顶牛、头顶立、前滚翻及骑颈娱乐等,均可造成运动损伤。一旦发生外伤,除治疗软组织损伤外,还要及时治疗颈椎小关节错位,以防止发展成颈椎病。 纠正生活中的不良姿势,防止慢性损伤:颈肩部软组织慢性劳损,是发生颈椎病的病理基础,生活中的不良姿势是形成慢性劳损的主要原因之一。例如,有人喜欢俯卧,为了呼吸,只能将头扭向一边,这样会发生1~4颈椎扭伤;有人平时姿势尚好,但当看小说、看电视时,习惯把头靠在床栏杆上或沙发扶手上,造成屈颈屈背扭腰等,这样会造成颈椎/脊柱椎间韧带损伤。 合理用枕:成年人每天睡眠6~9小时,即每天有1/4~1/3的时间是在睡眠(枕头上)中度过的。人熟睡后,颈肩部肌肉完全放松,只靠椎间韧带和关节囊的弹性维护椎间结构的正常关系,如果长期用高度不合适的枕头,使颈椎某处屈曲过度,就会将此处的韧带、关节囊牵长并损伤,而造成颈椎失稳,发生关节错位,进而发展成颈椎病。合理的枕头必须具备两项:科学的高度和舒适的硬度。大部分人以自己的颌肩线(下颌角至肩峰的距离)或手掌横径,作为侧卧或仰卧的高度,此高度适合绝大多数人。枕头应有适当的弹性或可塑性,内充物以木棉或谷物皮壳较好。 老年人的预防:50岁以上的人,脊柱多有退行性改变,因此更应重视预防脊柱病。枕头必须选用合乎个人规格的;天气寒冷时要注意保暖,防止颈肩受寒,尤其睡眠时颈肩部要保暖,以避免因冷刺激而发生落枕,诱发颈椎病和肩周炎;与人谈话、看电视、看电影或看书报,要尽可能正面注视,不要过度扭屈颈部。

Digg!

Monday, March 12, 2007

Access controller specification

Access controllers generally provide port-based access control. When a user attempts to utilize a network-based application, such as a Web site via a Web browser, the access controller blocks access and redirects the user's browser to a login-in page. The user can then enter their user name and password, and the access controller will authenticate the user via an authentication server. The network application could, as an alternative, use digital certificates for authentication purposes. The authentication server provides authentication and authorization information that the access controller uses as a basis to regulate the user's access to the protected network. The user will have authorization to use specific port addresses, such as "port 80" for Internet browsing.

When shopping for an access controller, assess the following features:

Authentication. Most access controllers have a built-in database for authenticating users; however, some offer external interfaces to authentication servers such as RADIUS and LDAP. Keep in mind the number of users and scope of your network when determining which authentication server type to use. For smaller, private networks, an internal database may suffice. If you plan to provide nationwide access, then an external centralized authentication server will provide better results.
Link Encryption. Some access controllers provide encryption of data from the client to the server and back, using such security as IPSec and PPTP encrypted VPN tunnels. This provides added protection beyond what 802.11 WEP provides. Be sure that that the access controller protects the transmission of user names and passwords.

Subnet Roaming. In order to support roaming from one network to another, access controllers general provide subnet roaming that allows users to roam without needing to re-authenticate with the system. As a result, users can continue utilizing their network applications without interruption. This feature is especially useful for larger installations where access to the network for specific users will span multiple subnets.

Bandwidth Management. Because users share bandwidth in a wireless LAN, it's important to have a mechanism to ensure specific users don't hog the bandwidth. Access controllers provide this form of bandwidth management through the assignment of user profiles based on required quality of service levels. A profile specifies the types of services (e.g., Web browsing, video streaming, etc.) and throughput limit. For example, an unsubscribed visitor to a public wireless LAN could classify as fitting a "visitor" profile, which may only allow access to information related to the local hotspot and online subscription Websites. A subscriber, however, could have a different role that allows them to have access to the Internet at a throughput of 128Kbps. For users paying a premium, they could have higher throughput access, perhaps 3Mbps, for fast downloads and access to other higher end applications.
Access controllers aren't always the best solution for wireless LAN applications. If you're implementing a smaller network for a home or small office, then there may not be enough benefit to offset the thousands of dollars for an access controller. With only one or two access points, the more cost effective solution is generally to use a "smart" access point to provide enhancements to the network. Or, you might only need to deploy "thin" access points alone if security is not of major concern and you have a limited number of users.

Digg!

Saturday, February 24, 2007

Can Contactless Credit Cards Be Hacked? 5 Tips to Stay Secure

Although RFID (Radio Frequency Identification) is still a tough sell to a many people, millions of contactless credit cards have been issued over the past year. Issuing banks are increasingly making RFID cards the default replacement card, and banks aren't required to tell cardholders that the new cards are RFID-enabled. Some contactless cards have visible microchips, but others don't, so it may be difficult to know if you own an RFID card.

The lack of knowledge about what type of credit card you have in your possession is just one part of the security problem. Other issues, like a misunderstanding about how these cards operate, create yet more reasons why you need to become proactive about your credit card security. One way to become more secure is to learn about what makes this technology "hackable".

Can Contactless Cards Be Hacked?

The only difference between a contactless credit card and a regular credit card is the way that your card's information is transmitted at the point of transaction. Instead of using the traditional magnetic stripe (magstripe), the contactless credit card uses a "tag". The tag consists of a semiconductor ship or set of chips and an antenna that relays radio frequency signals into and out of the chip. This passive RFID technology creates a fear factor for most people who don't understand how it works. In some cases, however, this fear is reasonable.

The problems behind this technology as utilized in credit cards lie in three distinct areas:

  1. The information contained on that chip.
  2. Whether that chip is secure or insecure.
  3. The radio frequencies and data transfer standard used to activate that chip.

The information contained on your contactless credit card may contain the same information that can be found within the magstripe in your traditional credit card. This information varies from issuer to issuer, but in essence your contactless card's chip will include your name, address, card number, and card security code. It may also include or be tapped into information about your birth date, social security number, and any other bits and bytes that you would deem highly sensitive and personal. Even at their tiny size, the chips contained in contactless credit cards can contain megabytes of memory.

As with any technology, issues often are addressed in "second-generation" products. Contactless cards are no exception. In first-generation issue, some cards were "open" to name and credit card number theft, but the security code couldn't be stolen. However, retailers often allow purchases without that security code, so the fact that a thief wouldn't have that code becomes moot.

Second-generation cards, like the Visa Contactless card, no longer send the cardholder's name, but it can still send the card number to malicious scanners. The argument as to why this security measure is better is that the card number would be difficult to use without the cardholder's name.

The chips used for contactless credit cards are, by most accounts, secure. A chip's memory can be altered as in a read/write program, and these "dynamic" chips are supposedly encrypted in credit cards. This means that the chip will contain some fixed information that can be programmed on the chip only once, like your personal information. Then, the chip may also contain a sophisticated processor that executes cryptographic elements that protect static data.

The chip contains an antenna that allows that chip to communicate with a reader through a radio frequency (RF). This is where the mystery lies for many folks, as this information often sounds as cryptic as the security issue. But, an understanding about this technology is critical in your quest to protect your identity and your privacy.

RFID credit cards rely on a reader to supply energy to its chip through the reader's RF field. The chip picks up the reader's energy, powers up, receives commands and/or data, processes it, and communicates back with the reader. This communication prevents identity theft from readers from a distance, but a malicious scanning device could still be able to read any card that can be read by a legitimate reader. The common RF used to activate the tags and readers for credit cards is at a higher frequency than the ones used in tagging animals or in many supply-chain management systems. The frequency chosen by most credit card companies is the 13.56MHz frequency with data transfer rates of ISO 14443.

The reader's 13.56MHz frequency seems very low, especially when compared with items such as current mobile phone systems that operate at ultra high frequencies between 800 and 1800 MHz. But, in reality, the 13.56 MHz frequency is mid-range with an operating distance that would depend upon the tag size and the reader type. Proximity can be close to one meter, or 3.28 feet.

The ISO 14443 standard for transfer rates was chosen to modify the 13.56MHz frequency. The ISO 14443, put simply, is a four-part international standard [PDF link] that was created for contactless smart cards that operate at the 13.56MHz frequency in close range with a reader antenna. It has a generally accepted read/write range of up to 10 cm, or four inches. ISO 14443 accepts authentication mechanisms such as encryption.

The transfer rate is also affected by certain materials placed between a reader and the chip. If metal is placed between a reader and a tag, the RF will be deflected. This is why thin sheets of metal are placed in biometric passports, to protect your information when the passport is closed. This response to metal is also the reason behind a new market for metal sleeves that claim to protect your biometric passport and your contactless credit cards from theft.

But while metal currently can create noise between the card and the reader and while it can also detune both reader and tag antennas, it's also possible to bypass this problem with the right frequency and data transfer standard. The ability to bypass metals to maintain "conversation" between the tag and a reader continues to evolve. So, eventually, this will be one problem that won't be resolved simply by wrapping your credit card in aluminum foil.

With that said, it's time to offer some tips on how to protect your contactless credit card and its information. When Texas Instruments, an industry leader in RFID technology and the world's largest integrated manufacturer of RFID tags, warns [PDF link] that the consequence of a successful compromise in the use of the tags is "large to enormous," it's time to take matters into your own hands. Below are five tips that should help you on your way to being more secure with your contactless credit cards.

Five Tips for RFID Card Security

  1. Take a pro-active role with your financial tools. Unlike the card's passive technology, you need to take a proactive stance to protect your information. Call your credit card company and ask them if your current card is a "contactless" card or a traditional card. If they've issued you a contactless card, you have one of two choices: 1) Ask for a traditional card, because you refuse to use the RFID technology, or; 2) Ask the company about the finer points to their system. If you go the second route, then…
  2. Ask the credit card company about their RF and ISO. If the numbers match those shown above, great. If not, ask why and demand detailed information. The bank may be using more advanced technology that may surpass the information above (yes, the technology is moving that quickly). Beyond this, if the bank states that the information on your card is "static," then destroy that card. The information on that chip must be "dynamic" to enable encryption on data transmissions. If your chip is dynamic, then…
  3. Ask the credit card company about its encryption methods. The encryption on contactless credit cards can contain from 32 to 128 bits for security. The fact that this encryption is enabled on a dynamic card allows the reader to alter certain information from transaction to transaction, and this is a good thing. But, even these encrypted cards can be compromised. So what do you do about that problem?...
  4. Ask about the credit card company's fraud detection and any other prevention measures. Unfortunately, credit card information ― even that contained in traditional credit cards ― is open to theft. As recently as last year over forty million credit cards were exposed to potential fraud due to a security breach that occurred at a third-party processor for payment card transactions. And, that's just one story about credit card hacks. Perhaps the question here isn't about credit card security so much as it is about how you can protect yourself against your credit card company. So be diligent about your records and transactions. Make sure that what you do corresponds with your credit card statements.
  5. Be careful where you shop. As any technology grows, its capabilities to cover security issues probably will remain just one step behind the hackers. Retailers failed to keep up with security issues in a safety measure led by Visa in 2005. So, at times the credit card company isn't to blame. You also need to be careful about where you shop online or at your local brick-and-mortar. The one question you might ask that retailer: "Do you use the card's ID code (or other measure) to finalize transactions?" If the answer is a resounding, "yes," then your transactions may be safer at these stores than ones that go without that extra security measure. The Smart Card has forced some retailers to understand the obligations they have to consumers, so this new technology may make your transactions safer.

Technology by itself is neutral. It's the people who handle that technology that need to be questioned. So, begin by questioning whether you own a contactless credit card and go from there. If you want to know the worst fears that people harbor about this technology, you can visit CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) so you know which questions to ask about your cards.

On the other hand, you may realize that this technology isn't going to disappear and that it may become a more secure method for transactions than traditional credit cards. You can frequent the non-profit multi-industry association, Smart Card Alliance, to learn how this industry plans to secure your information and your privacy now and in the future for your peace of mind.

Digg!

A wikiHow article on How to Avoid Colloquial (Informal) Writing

----------------

Your friend just sent you the following article from wikiHow.com:

How to Avoid Colloquial (Informal) Writing
While it may be acceptable in friendly e-mails and chat rooms, a major pitfall that has been bringing down the quality of formal, written text is the use of excessive colloquialism. Here are some steps/tips that you can follow to help to improve your overall writing.

You can view the rest of this page at:
http://www.wikihow.com/Avoid-Colloquial-%28Informal%29-Writing

wikiHow is a collaborative writing project aiming to build the world's
largest how-to manual. Our mission is to provide free and useful instructions
to help people solve the problems of everyday life. wikiHow is a wiki, which
is a website that anyone can write or edit. You can help us, by editing any
page on wikiHow which needs improvement.

http://www.wikiHow.com - The How-to manual that anyone can write or edit

Digg!

Friday, February 23, 2007

西门子难道也产杯子?

今天到表弟家去过年吃饭,偶然在楼梯过道中发现印有Siemens商标的茶杯包装盒,心里充满疑问西门子难道连杯子都生产?不知有朋友知晓不?

Digg!

Saturday, February 17, 2007

C\C++ Boundary and Error Check (2)

Sample:
//ilist 中普通版本的insert()操作
//以一个待插入的值以及一个ilist_item 指针作为参数,新的项被插
//在这个指针所指的项的后边
inline void
ilist::
insert( ilist_item *ptr, int value )
{
new ilist_item( value, ptr );
++_size;
}

  • 一种方案是通过调用C标准库abort()函数来终止程序该函数在C头文件cstdlib 中.
#include<cstdlib>
// ...
if ( ! ptr )
abort();

  • 另一种方案是使用assert()宏来终止程序,但首先要声明引起断言的条件.
#include<cassert>
// ...
assert( ptr != 0 );

  • 第三种方案是抛出一个异常例如
if ( ! ptr )
throw "Panic: ilist::insert(): ptr == 0";

一般地我们应该尽可能地避免终止程序.终止程序实际上是对用户落井下石,而我们或者支持部门可以分离并解决这些问题.

如果我们在错误点上不能继续处理,那么一般来说抛出异常比终止程序更好一些.异常会把控制权传送到程序先前被执行的部分,而它们有可能能够解决这个问题.

assert()是C语台标准库中提供的一个通用预处理器宏.在代码中常利用assert()来判断一个必需的前提条件,以便程序能够正确执行.

为了使用assert() 必须包含与之相关联的头文件
#include <assert.h>
assert.h 是C 库头文件的C 名字,C++程序可以通过C库的C名字或C++名字来使用它,这个头文件的C++名字是cassert
#include <cassert>
using namespace std;
assert宏将会判断表达式,如果一个表达式为真,执行将继续,否则,程序将显示一条消息并且暂停,你可以选择忽视这条错误并继续、终止这个程序或者是跳到Debug器中。

  • 如何使用一个ASSERT宏去验证一个语句。
void foo(char *p, int size)
{
ASSERT(p != 0); //确认缓冲区的指针是有效的
ASSERT((size 〉= 100); //确认缓冲区至少有100个字节
// Do the foo calculation
}
这些语句不产生任何代码,除非—DEBUG处理器标志被设置。Visual C++只在Debug版本设置这些标志,而在Release版本不定义这些标志。

两个assertions将产生如下代码:
//ASSERT(p != 0);
do{if(!(p != 0) && AfxAssertFailedLine(—FILE—,—LINE—))AfxDebugBreak();
} while(0);
//ASSERT((size 〉= 100);
do{if(!(size 〉= 100) && AfxAssertFailedLine(—FILE—,—LINE—))AfxDebugBreak();
} while(0);
If语句将求取表达式的值并且当结果为零时调用AfxAssertFailedLine()函数。这个函数将弹出一个对话框,其中提供三个选项“取消、重试或忽略”,当你选取“重试”时,它将返回TRUE。重试将导致对AfxDebugBreak()函数的调用,从而激活调试器。

我们的实现能够识别空指针,并将其视为把value 插入链表头的请求

inline void
ilist::
insert( ilist_item *ptr, int value )
{
if ( !ptr )
insert_front( value ); //将value插入链表头
else {
bump_up_size(); //++_size;
new ilist_item( value, ptr );
}
}

直接返回给掉用者处理

inline bool
ilist::
insert( ilist_item *ptr, int value )
{
if ( !ptr )
return false;
else {
bump_up_size(); //++_size;
new ilist_item( value, ptr );
}
return true;
}

//声明一个ErrorCode的枚举
enum e_Error{
e_ErrorOK,
e_ErrorNullPointer,
……
}

inline e_Error
ilist::
insert( ilist_item *ptr, int value )
{
if ( !ptr )
return e_ErrorNullPointer;
else {
bump_up_size(); //++_size;
new ilist_item( value, ptr );
}
return e_ErrorOK;
}



Digg!

C\C++ Boundary and Error Check (1)

Sample:</br>

void CopyData(char *szData) {
char cDest[32];
strcpy(cDest,szData);
// 使用 cDest
...
}

char *szNames[] = {"Michael","Cheryl","Blake"};
CopyData(szName[1]);

  • 缓冲区溢出是指当计算机程序向缓冲区内填充的数据位数超过了缓冲区本身的容量,溢出的数据覆盖在合法数据上。
  • 操作系统所使用的缓冲区又被称为堆栈,在各个操作进程之间,指令被临时存储在堆栈当中,堆栈也会出现缓冲区溢出。
  • 缓冲区溢出是由编程错误引起的。如果缓冲区被写满,而程序没有去检查缓冲区边界,也没有停止接收数据,这时缓冲区溢出就会发生。
  • 缓冲区溢出主要出现在 C 和 C++ 中,因为这些语言不执行数组边界检查和类型安全检查。

当编写 C 和 C++ 代码时,应注意如何管理来自用户的数据。如果某个函数具有来自不可靠源的缓冲区,请遵循以下规则:
  • 要求代码传递缓冲区的长度并进行检查。
  • 探测内存。
  • 采取防范措施。

以下代码的问题在于函数不能判断 szName 的长度,这意味着将不能安全地复制数据。函数应知道 szName 的大小:

void Function(char *szName, DWORD cbName) { char szBuff[MAX_NAME];
// 复制并使用 szName
if (cbName < MAX_NAME) strncpy(szBuff,szName,MAX_NAME-1);
}
然而,您不能想当然地信任 cbName。攻击者可以设置该名称和缓冲区大小,因此必须进行检查!

void Function(char *szName, DWORD cbName) {
char szBuff[MAX_NAME];

#ifdef _DEBUG
// 探测
memset(szBuff, 0x42, cbName);
#endif

// 复制并使用 szName
if (cbName < MAX_NAME) strncpy(szBuff,szName,MAX_NAME-1);
}

注意:只能在调试版中这样做,以便在测试过程中捕获缓冲区溢出。

void Function(char *szName) {
char szBuff[MAX_NAME];

if(strlen(szName) >= MAX_NAME || strlen(szName)<0) { /* Do something appropriate, such as throw an error. */
}
else {
strncpy(szBuff,szName,MAX_NAME-1);
}

}


完成同样目的的更容易方式是使用 strncpy() 库例程:
strncpy(dst, src, dst_size-1);
dst[dst_size-1] = '0'; /* Always do this to be safe! */
如果 src 比 dst 大,则该函数不会抛出一个错误;当达到最
大尺寸时,它只是停止复制字符。注意上面调用 strncpy() 中的
-1。如果 src 比 dst 长,则那给我们留有空间,将一个空字符
放在 dst 数组的末尾。

Digg!