Archive for the ‘Security’ Category

How to Verify the CHECKSUM of a Downloaded File

Tuesday, February 13th, 2024

The verification of checksums is a critical security practice in the digital world, particularly when downloading files from the Internet.

The importance of checking checksums lies in its ability to detect any alterations or corruptions in the data. When files are transferred over networks, they can be susceptible to errors, malicious tampering, or corruption.

What is a Checksum?

A checksum is a unique, fixed-size string, derived from the data within a file through a mathematical algorithm. This string serves as a digital fingerprint, ensuring the file’s integrity and authenticity.

By comparing the checksum generated from the downloaded file against the original checksum provided by the source, users can verify that the file has not been modified in transit. This verification is crucial for preventing the installation of malware or compromised software, which can lead to security breaches, data loss, or other significant risks.

Real Life Example

Let’s start with the real life example. Search for Arch Linux and head to their download page.

Scroll down the page and click on the MIT.edu mirror and you will see this:

Click on the first link to download the ISO file, then click on the second text file (sha256sums.txt) to view the checksum value.


To verify the checksum of a downloaded file in Windows 10, you can use the built-in Command Prompt utility. A checksum is a type of digital fingerprint that allows you to ensure that the file you downloaded has not been tampered with or corrupted. Here’s how you can do it:

  • Step # 1 – Open Command Prompt:
    • Press the Windows key, type “Command Prompt” or “cmd” into the search bar, and press Enter. Alternatively, you can press Win + R, type cmd, and press Enter to open the Run dialog and launch Command Prompt.
  • Step # 2 – Navigate to the File Location:
    • Before you can check the file’s checksum, you need to navigate to the directory where the file is located using the cd (change directory) command. For example, if your file is located in the Downloads folder, you can type something like cd C:\Users\YourUsername\Downloads and press Enter. Replace YourUsername with your actual user name.
  • Step # 3 – Use the CertUtil Command:
    • Windows has a built-in utility called CertUtil that can be used to compute and verify file checksums. To use it, you will need to know which type of checksum you want to verify (MD5, SHA1, SHA256, etc.). The command format is as follows, then press enter:
Certutil -hashfile archlinux-2024.02.01-x86_64.iso SHA256
  • Step # 4 – Compare Checksums:
    • Finally, compare the checksum displayed in the Command Prompt with the checksum provided on the website from which you downloaded the file. If they match, the file is intact and has not been tampered with.

Conclusion

In summary, checksum verification is a simple yet powerful tool for enhancing digital security. It ensures that the files users download and use are genuine and unaltered, providing peace of mind in an environment where data integrity cannot always be taken for granted

How to Change Wordfence Notification Email address

Saturday, October 1st, 2022

Wordfence is a top-notch WordPress security plugin.

Use these steps to change the email address for the Wordfence notification emails:

  • STEP 1 – Login into your WordPress site
  • STEP 2 – From the WordPress dashboard, look at the left side bar and locate the Wordfence link
  • SPTE 3 – Click on “ALL OPTIONS” link
mvirtualoffice-post-wordfence-how-to-change-notification-email-address-fl
mvirtualoffice-post-wordfence-how-to-change-notification-email-address-all-options-fl
  • STEP 4 – Once you click on “ALL OPTIONS”, you will be presented with a “WORDFENCE GLOBAL OPTIONS” page. Click on “GENERAL WORDFENCE OPTIONS” (3rd choice) then update the email address field next to “WHERE TO EMAIL ALERTS”
mvirtualoffice-post-wordfence-how-to-change-notification-email-address-field-fl
  • STEP 6 – cLICK ON “save changes” BUTTONS (found on the upper right hand corner of the screen) to save the settings

Protect against XSS and Clickjacking attacks

Sunday, January 22nd, 2012

Although OS based security product is a good start, a multi layered security is even better.

I recommend using Firefox over Chrome and Internet Explorer because of its stability, addon and extension pack availabilities.

One particular extension I highly recommend is NoScript (version 2,2.7 running on Firefox 9.

Winner of the “2006 PC World World Class Award”, this tool provides extra protection to your Firefox.
It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your “trust boundaries” against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default, see http://snipurl.com/nsdntrack .
Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionalies..

As an affiliate marketer usually need to browse many questionable sites with even more suspicious links.  This extension in the virtual environment further protects my laptop from being compromised.

Although the extension is “free”, the author of this application requesting a small donation (recommended $15).  So please try it and if you find it useful, throw some coins his way.