Tag: security

  • How To Stay Anonymous On The Web

    How To Stay Anonymous On The Web

    How to Stay Anonymous on the web

    With the continual erosion of internet privacy and the rising level of security threats, more people are now turning to virtual private networks. VPNs encrypt your internet traffic, making it invisible to third parties like surveillance agencies, your internet provider, and the network admin. Plus, they protect your devices from hackers and the risks associated with public WiFi networks. Keep reading because https://privacyspark.com/ is going to give you key details on how to stay anonymous online.

    How VPNs Work

    A VPN (Virtual Private Network) is a channel that allows you to browse the internet with enhanced security and privacy. It also gives you the ability to get around content as well as censorship restrictions.

    Typically, a VPN works by establishing an encrypted connection between your device or computer and a VPN server. This encrypted connection is often considered as a protected ‘tunnel’ through which users can access everything on the internet while appearing to be in the same location as the server they’re connected to.

    This technology gives you a high level of online anonymity, allows you to access everything online without restrictions, and provides you with enhanced security. VPNs will encrypt and secure your online traffic, whilst also unblocking content from various parts of the world.

    Without a good VPN, everything you do on the internet is traceable to your physical location as well as the device you’re using. Every device which connects to the internet comes with a unique IP address that can be altered by the VPN server you’re utilizing.  Since most VPN providers have servers located all over the world, you’ll have access to numerous connection possibilities.

    The Benefits

    There are many reasons why you may want to consider utilizing a VPN and these include:

    • Surfing the internet without exposing your real IP address as well as your geo-location.
    • Adding an extra level of privacy and security by encrypting your online activity.
    • Preventing your ISP (Internet Service Provider), governments, third parties, and network administrators from spying on your internet activities.
    • Unblocking websites and accessing content that’s restricted to specific geographic locations.
    • Bypassing censorship by getting around regional restrictions.
    •  Browsing the internet with peace of mind.
    • Protecting yourself from hackers whenever you’re connected to public WiFI connections in airports, cafes, and hotels.

     Their Legality

    VPNs are absolutely legal. They’re designed to help users protect their online privacy and security. Most businesses are now utilizing VPNs – and that won’t change any time soon.

    Nonetheless, there are few exceptions in places such as the United Arab Emirates, where the use of virtual private networks is currently restricted. But still, the laws in these countries don’t outlaw the VPN itself. Rather, it restricts the use of VPNs to bypass the state censorship efforts.

    China and Russia have also attempted to ban certain VPNs- but these measures typically fail, because of the fact that VPN traffic can be hidden to appear like regular HTTPS traffic.

    Conclusion

    VPNs are routinely utilized by businesses across the globe for network security. Thus, you’ll never witness an outright ban on all VPNs since they’re absolutely necessary for both businesses as well as individual security. All you need is to shop around for reputable providers such as NordVPN, VyprVPN, CyberGhost, and ExpressVPN, who offer reliable products.

  • Best Tools For Ethical Hacking

    Best Tools For Ethical Hacking

    To the uninformed, ethical hacking is a criminal practice criminal minds use to tap the data of innocent people. Though it may have some truth in it, Ethical hacking has played a huge role in the world of cybersecurity today. It has helped firms fortify their security and also helped government official gain access to fortified criminal data. In this article, we explore a list of best tools for ethical hacking. These tools are listed below:

    1. NMAP

    Best Tools For Ethical Hacking

    Popular amongst infosec professionals, Nmap (Network Mapper) is an open source security tool that is used by infosec professionals to manage and audit network and operating system security for both local and remote hosts. Despite being more than twenty years, NMAP has constantly been updated. These updates have made NAMP remain relevant in the ethical hack business.

    NMAP helps professionals Audit device security, helps detect open ports on remote hosts, helps network mapping and enumeration. NMAP helps find vulnerabilities inside any network, it helps professionals launch massive DNS queries against domains and subdomains.  NMAP is supported on MAC OS X, Linux OpenBSD, and Solaris and Microsoft Windows

    2. Metasploit

    Best Tools For Ethical Hacking

    Metasploit is an open source cyber-security tool, that is used as a penetration testing tool to discover remote software vulnerabilities. It is also used as an exploit module development platform.

    Metasploit features a framework developed using Ruby. This framework can be used to develop, test and execute exploits easily. The Metasploit framework features a set of security tools that can be used to evade detection system, run security vulnerability scans, execute remote attacks, enumerate networks and hosts. Metasploit is available on Windows, Mac OS X, and Linux

    3. Burp Suit

    Best Tools For Ethical Hacking

    Burp Suite is a tool used in performing security testing of web applications. It houses tools, that work in collaboration to support the entire testing process, om initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

    Burp suit offers an easy to use interface, giving the administrator full control to combine advanced manual techniques with automation for efficient testing. Burp settings allow for easy configuration. It houses features designed to help users with their work, assistance that aids both the beginner and the professional.

    4. Wire Shark

    Best Tools For Ethical Hacking

    Wire shark is yet another open-source software that can be used to analyze network traffic seamlessly. Wire Shark is popular for its ability to detect security problems in any network, as well as its effectiveness in solving general networking problems.

    Wire Shark allows users to intercept and read results in human-readable format while sniffing the network. This makes it easy to identify potential problems, threats, and vulnerabilities.

    Wire Shark saves analysis for offline inspection, it features a packet browser, powerful GUI, Rich VoIP analysis. Wireshark Inspects and decompresses gzip files, exports results to XML, PostScript, CSV, or plain text and lots more.

    5. Open AVS

    Best Tools For Ethical Hacking

    Popularly referred to as Nessus, OpenVAS is an open source network scanner that is used by professionals to detect remote vulnerabilities in any host. OpenVAS is famous for its ability to scan network vulnerability.  

    OpenVAS features a powerful web-based interface, over 50,000 network vulnerability tests, simultaneous multiple host scanning. OpenVAS has the ability to stop, pause and resume scan tasks. OpenVAS features a very powerful CLI available. OpenVAS is fully integrated with Nagios monitoring software.

    6. IronWASP

    Best Tools For Ethical Hacking

    Still, on the topic of best tools for ethical hacking, IronWASP is yet another awesome hacking tool, designed for professionals. IronWASP is a free and multi-platform tool, that makes ethical hacking fun. 

    IronWASP offers a very intuitive GUI, designed for both the expert and the beginner. It lets users perform full scans from a few clicks. IronWASP features web scan sequence recording, exports results into HTML and RTL format. IronWASL features false positive and negative management. It has full Python and Ruby support for its scripting engine. It is supported on Windows, Linux with Wine, and MacOS using CrossOver

    7. Nikto

    Best Tools For Ethical Hacking

    Niko is yet another ethical hacking tool, that is used to scan web serves. It lets users perform a different type of test against the specified remote host. It features a clean and simple command line interfaces, that makes it easy to launch any vulnerability test against your target. 

    Nikto detects default installation files on any OS, it also detects outdated software applications. Nikto can be used to run XSS vulnerability tests. Nikto can be used to launch dictionary-based brute force attacks. Nikto can be integrated with the Metasploit framework.

    8. SQLMap

    Best Tools For Ethical Hacking

    Written in python, SQLMAP is a cybersecurity tool, that helps security researchers launch SQL code injection test against remote hosts. SQLMAP can be used to test different types of SQL based vulnerabilities, helping professionals harden the security of apps and servers. 

    SQLMAP features a Multiple database server support: Oracle, PostgreSQL, MySQL and MSSQL, MS Access, DB2 or Informix. It has automatic code injection capabilities, password hash recognition, dictionary-based password cracking, user enumeration and lots more.

    9. SQL Ninja

    Best Tools For Ethical Hacking

    SQL Ninja is a vulnerability scanner, that is bundled with Kali Linux distribution. SQL Ninja is a tool used to target and exploit web apps that use MS SQL server as the backend database server. 

    SQL Ninja can be run in different modes. Examples of such modes include: Test mode, verbose mode, fingerprint remote database mode, brute force attack with a word list, direct shell & reverse shell, canner for outbound ports, reverse ICMP Shell and NS tunnelled shell

    10. Wapiti

    Best Tools For Ethical Hacking

    Last but not least, Wapiti is yet another ethical tool designed for professionals. It open-source command line based vulnerability scanner written in python. It is famous for its ability to find security flaws in many web applications. 

    Wapiti can be used to detect security holes like XSS attacks, SQL injections, XPath injections, XXE injections, CRLF injections, Server-Side request forgery. Wapiti has the ability to pause and resume scans, it highlights vulnerabilities found inside the terminal, generates reports and export into HTML, XML, JSON, and TXT activates and deactivates multiple attack modules, Removes parameters from certain URLs. Wapiti can be used to bypass SSL certificate verification, URL extractor from javascript, timeout configuration for large scans and lots more. 

    There you have it – A comprehensive list of the best tools for ethical hacking. If you have  other recommendations, feel free to drop them in the comment section below. we would love to hear from you.

  • “We Took Down Trump Tower’s website”, Anonymous Claims

    “We Took Down Trump Tower’s website”, Anonymous Claims

    A group of cyber activist has claimed that it downed Donald Trump’s website after the later said the United States government should ban muslims from entering the US. The statement has since triggered missed reaction around the globe including a threat YouTube video by Anonymous – a group of online activist allegedly fighting ISIS the cyber way – citing that Trump’s comments would help the Islamic State group recruit terrorists.

    The site was unavailable during the early afternoon of Friday, and according to a media report had been down for about an hour earlier in the day. Around 9 a.m. Friday there, the Anonymous Twitter account @YourAnonNews posted tweets saying the group had taken down the site.

    Trump Towers NY site taken down as statement against racism and hatred. https://t.co/n5ftLrOs1P (what you see is cloudflare offline backup)

    — Anonymous (@YourAnonNews) December 11, 2015

    In a video the group posted on YouTube, the cyber activist warned that “Donald Trump, think twice before you speak anything,”. The YouTube video was heavily modified to avoid voice detection.

    Anonymous frequently hacks websites in the name of political causes and says it is engaged in a cyberwar against the Islamic State. It claims to have taken down thousands of Twitter accounts that support the group.

    Earlier this week, Trump said the U.S. should bar all Muslims from entering the U.S. as a measure to prevent terror attacks, “until our country’s representatives can figure out what’s going on.” The statements drew widespread condemnation in the U.S. and elsewhere but support from some right-leaning commentators. An NBC/Wall Street Journal poll found 57 percent of Americans opposed the idea.

    This isn’t the first time Anonymous has targeted Trump. In August, the group broke into Trump.com in order to leave a message to Jon Stewart as he was about to leave The Daily Show. As we await the group’s next move, they’ve already announced that Friday will be a day to troll ISIS.

    Trump is the leading Republican candidate in the 2016 presidential election.

  • NSA has a spying program that targets many mobile networks

    NSA has a spying program that targets many mobile networks

      The NSA has recently conducted a campaign focused on the interception of internal communications of operators and trade groups in order to infiltrate mobile networks around the world, according to recent revelations from Edward Snowden.   

    The U.S. National Security Agency ran two undisclosed operations, the Wireless Portfolio Management Office and the Target Technology Trends Center, operating under the aegis of a program called Auroragold, according to an article Saturday in The Intercept, which also published related documents.

    Operations closely monitored the GSM Association with a maintained list of 1,201 email targets or “selectors” used to intercept internal company communications and gathered information of network security flaws in the process.

    As of May 2012, NSA documents shown that the company had collected technical information on about 70% of  the  estimated 985 mobile phone networks worldwide. Besides mentioned names of operations in Libya, Iran, and China; no other names of the targeted networks were disclosed in the documents revealed by Snowden. Intercept founding editors Glenn Greenwald and Laura Poitras have been instrumental in helping Snowden leak NSA documents to the public through various media outlet

    The mentioned NSA operations collected information in “IR.21” documents used by  the GMSA members to report security weaknesses and encryption details used by mobile operators, according to the documents of Mr. Snowden. The NSA used this information to circumvent encrypted communications, according to the documents.

    “NSA collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements — regardless of the technical means used by foreign targets, or the means by which those targets attempt to hide their communications,” the NSA said in an emailed statement. “Terrorists, weapons proliferators, and other foreign targets often rely on the same means of communication as ordinary people. In order to anticipate and understand evolving threats to our citizens and our allies, NSA works to indentify and report on the communications of valid foreign targets.”

    Since June 2013, Snowden’s leaked documents have lead to a series of of reports on the extent of NSA’s spying on Internet and telecom networks worldwide. The documents have also shown that the NSA has hacked into emails of leaders of U.S. allies as well as into networks and equipment of foreign companies including China-based Huawei.

    Additional to the covert spying, the NSA has a bulk telephone record collection system highly criticized by many. Last month, NSA Director Michael Rogers said the agency is planning no major changes in its domestic telephone records collection program after a bill to curb those efforts failed in the Senate.

    sources:
    computerworld.com – computerworld.com(2)
    firstlook.com
    pcworld.com

    What are your thoughts on the NSA’s mobile spying intentions thus far? Leave a comment below.

  • Yahoo acknowledges Yahoo Mail hack

    Yahoo acknowledges Yahoo Mail hack

    Have your friends recently texted you about spam originating from your Yahoo Mail account? If so, that may be because you (and many of your friends) were hacked.

    Yahoo acknowledged Thursday that attackers now own an undisclosed number of usernames and passwords to Yahoo Mail accounts. In a blog post, Jay Rossiter, the senior vice president in charge of Yahoo’s platforms and personalization products, wrote that the attackers had most likely hacked an external, third-party database and obtained the information there.

    “We regret this has happened and want to assure our users that we take the security of their data very seriously,” Rossiter wrote.

    Yahoo did not say how many accounts had been compromised, nor when the attacks had taken place. However, the company says it began notifying users that the attacks had taken place, and had begun using second sign-in verification to allow users to re-secure their accounts. Users who have been affected, unsurprisingly, will be asked to change their password, and may receive an SMS text to that effect, Yahoo said.

    Yahoo said that it was working with federal law enforcement to find the culprits and would take further precautions to prevent this from happening again.

    Finally, Rossiter stated the obvious: “In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services,” he wrote. “Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks.”

    In December, Yahoo Mail went down for several days, stranding about 1 million users of the service without email—or word from the company. While the outage began on Monday, it was Friday before CEO Marissa Mayer apologized on behalf of the company.

    However, this week Mayer touted Yahoo Mail and services like Flickr as “a strong foundation for revenue growth,” even as that revenue fell by 6 percent compared with a year ago.

  • Hackers Bully the vBulletin Internet Community Software Vulnerability

    Hackers Bully the vBulletin Internet Community Software Vulnerability

    Hackers are exploiting a vulnerability in the popular vBulletin Internet Community software in order to inject rogue administrator accounts into websites using it.

    After the recent success of hackers exploring the WordPress CMS through a vulnerable end of the software, PC World has yet again announced the recent potential threat to web development. In a press release this morning, pcworld explained how hackers exploited the vBulletin internet community software vulnerability. Details are below:

    The exploit was found by researchers from security firm Imperva on underground hacker forums and targets versions 4.x.x and 5.x.x of vBulletin.
    The vulnerability allows attackers to abuse the vBulletin configuration mechanism to create a secondary administrative account, the researchers said Wednesday in a blog post.

    At the end of August, vBulletin Solutions, the company that develops the forum software, advised users to delete the “install” directories from their vBulletin deployments because of an unspecified exploit vector.

    The company declined to release any additional information about the issue at that time, but Imperva’s researchers believe it’s the same vulnerability targeted by the exploit script they found.

    How the attack can happen

    In order to exploit the vulnerability, attackers need to know the exact URL for the upgrade.php script from the install directories of the targeted vBulletin deployments and the vBulletin customer IDs associated with those deployments.

    To obtain this information, hackers created a separate PHP script that scans vBulletin sites for the vulnerable path and extracts the customer IDs from the source code of the upgrade.php pages, the researchers said.

    Once they have those details, attackers only need to choose a username and password for the rogue administrator account that will be created and the exploit will do the rest.

    Company response
    VBulletin Solutions declined to confirm whether the exploit identified by Imperva is the one they warned about in August.

    “We’ve released updates to vBulletin 4 and vBulletin 5,” said Wayne Luke, technical support lead at vBulletin Solutions, Wednesday via email. “These are vBulletin 4.2.2 and vBulletin 5.0.5. We recommend customers delete their install directories when not in use maintaining their software.”

    “I cannot provide any further information on the issue,” Luke said.

    Notes accompanying the exploit script found by Imperva claim the vulnerability was discovered on Aug. 22.

    The Imperva researchers have seen traffic from an attack that successfully exploited a forum powered by vBulletin 4.2.0 and there are also reports about successful attacks against others using version 4.2.1, said Tal Be’ery, security research team leader at Imperva, Thursday via email. However, the company hasn’t tested whether the latest 4.2.2 and 5.0.5 versions are vulnerable to the exploit, he said.

    The directories that vBulletin users should delete in order to protect their deployments are “/install” for vBulletin 4.1.x versions and “/core/install” for the 5.x versions.

    Users who, for some reason, are unable to delete these directories, can use the web server access configuration mechanism or a web-application firewall to block requests or redirects for upgrade.php, the Imperva researchers said.

  • Security Firms Warns Online Bankers

    Security Firms Warns Online Bankers

    Financial malware authors are trying to evade new online banking security systems by returning to more traditional phishing-like credential stealing techniques, according to researchers from security firm Trusteer. Most financial Trojan programs used by cybercriminals today are capable of tampering in real time with online banking sessions initiated by victims on their computers. This includes the ability to execute fraudulent transactions in the background and hide them from the user by modifying the account balance and transaction history display in their browser. As a result, banks have started deploying systems to monitor how customers interact with their websites and detect anomalies that might indicate malware activity. However, it seems that some malware creators are returning to more traditional techniques that involve stealing credentials and using them from a different computer in order to avoid being detected.

    Familiar Trojans, new technique

    Trusteer researchers have recently detected changes in the Tinba and Tilon financial Trojan programs designed to prevent victims from accessing the real online banking websites and replace their log-in pages with rogue versions.

    trojan

    “When the customer accesses the bank’s website, the malware presents a completely fake web page that looks like the bank login page,” Trusteer’s chief technology officer Amit Klein said Thursday in a blog post. “Once the customer enters their login credentials into the fake page the malware presents an error message claiming that the online banking service is currently unavailable. In the meantime, the malware sends the stolen login credentials to the fraudster who then uses a completely different machine to log into the bank as the customer and executes fraudulent transactions.” If the bank uses multi-factor authentication that requires one-time passwords (OTPs), the malware asks for this information on the fake page as well. This type of credential theft is similar to traditional phishing attacks, but it is harder to detect because the URL in the browser’s address bar is that of the real website and not a fake one. “It’s not as sophisticated as injecting transactions into web banking sessions in real time, but it accomplishes its goal of evading detection,” Klein said. This “full page replacement” feature is present in Tinba version 2, which Trusteer researchers have recently discovered and analyzed. The malware comes with support for Google Chrome and attempts to limit its network traffic by storing images loaded on the fake page locally.

    Already in use

    According to the Trusteer researchers, Tinba v2 is already used in attacks targeting major financial institutions and consumer Web services. “Banks have always faced two attack vectors in the online channel,” Klein said. “The first is credentials theft. There are various ways to execute this type of attack including malware, pharming and phishing. The second attack vector is session hijacking which is achieved through malware. These two vectors require two different solutions.” Banks should make sure that they have protection in place against both attack types, otherwise cybercriminals will quickly adapt their techniques, Klein said. “You can’t put a lock on your door and leave the window open.”  

  • Protect your devices from Web and email threats

    Protect your devices from Web and email threats

    Smartphones and tablets are vulnerable to attack, too. Here’s what to look for in a comprehensive security solution. By now you should already know the basics of online security: Don’t send money to a Nigerian prince, don’t click on that picture of Britney in a bikini, don’t call the Rev. Father from senegal and don’t run your PC without a security suite. All those basics still apply, but as technology moves forward, so do threats to your privacy and your devices. Today, we need to protect not only our computers, but also our smartphones and tablets. Fortunately, protecting yourself and all your devices can be easy with the help of some sound practices and good software. The first step, however, is to understand what threats are out there.

    Never forget that your smartphone or tablet is actually a full-fledged computer in a smaller package. You can surf the web with it; check email; and use it to download and upload documents, photos, mp3s, videos, and software in the form of apps. That’s why we love handheld devices, of course, but it also means they are susceptible to attacks just like PCs are. To make matters worse, your phone or tablet can be the seed that carries an attack to all the hardware devices in your network, as well as those of anyone you email, text, or share data with.
    Know The Threats
    There are so many different kinds of threats out there, it can be hard to keep track: worms, botnets, viruses, spyware, phishing… You’ve probably heard of all of these without knowing exactly what they look like or how they work. They’re all basically different types of software threats, known collectively as “malware,” or malicious software.

    • A worm is malware that is designed to spread itself from computer to computer across the Internet. Once it’s in your system, device, or network, it can make your computer perform unwanted actions.
    • A botnet is malware that turns infected hardware (like your PC or phone) into an unwitting host for its creator. You won’t necessarily know you’re infected, but meanwhile your hardware is being used as part of a large, powerful network of similar “bots” that their programmer weaves together into one big system. Botnets can be used to attack other networks, such as the “denial of service” attacks on the news to sites like Amazon, Citibank, and even the U.S. government.
    • A virus is self-replicating malware that is usually attached to legitimate programs or files, so that when you launch the infected program or file, the virus launches too. Similar to a virus is a Trojan horse, which starts out as a file that you feel confident opening, such as a picture or presentation file, but is actually a virus in disguise. Once a virus is on your computer, it can make a wide variety of unwanted changes to your files.
    • Spyware is any type of software that collects information about the user of an infected device. Some spyware can be legitimate—parents or others might install spyware to monitor how a computer is being used. When spyware installs as a threat, it often arrives as a Trojan horse or through adware, which is any advertisement that installs malware after it is clicked.
    • Phishing is a type of threat that requires you to interact with it. Typically, the purpose of a phishing attack is to collect your information—like your web logins, passwords, and credit card or bank account information. Phishing attacks are often disguised as emails or websites for large banks or online retailers, prompting you to click a link to log in and enter personal information. If you do as prompted, you will be giving your login info away to a predator.

    Why You Should Care
    All of these types of attacks can compromise smartphones and tablets just as readily as they can hit your PC. These threats can come to you through email, text message, social networks, QR codes, or even through cloud computing—all of which you probably use on a regular basis, if you’re like most people with a PC, smartphone, or tablet.
    So, what can happen if you fall prey to these threats? First of all, most threats will slow your device down because they are using up memory running malware. Sometimes they even install programs that can make it impossible to use your device. And many of these threats can steal your personal data and use it for fraudulent purposes. Your information might even be used to give someone a passport or government identification using your name, social security number, and other details. In milder cases, your Facebook login, email account, and other personal data can fall under the control of malicious strangers intent on stealing from you and your friends.
    Solve It with Software
    Now that you know the worst of it, what can you do to stop these threats? Good security software can keep you off the victims list, and there are also several simple things you can do just by changing how you use your device settings.
    Start by buying a trusted security suite that protects all of your connected devices. Be sure to choose a product that will protect smartphones and tablets in addition to your computer. Considering the number of things we plug into our computers these days—from “thumb” drives to smartphones—having single, trusted source of protection is a huge advantage. If you choose separate antivirus protection for each piece of hardware, you’ll lose the advantage of having a single place to see and control all of the threats on your network. A single piece of software also has the advantage of only having to “learn” a threat once, rather than risking that it will be caught every time it hits one of your devices.
    Good security software should be highly customizable, so that it can automatically run checks on your system as often as you like and check exactly what you ask it to check. Some software will even watch over you as you surf the web and signal that a given site or link is safe to use. These automatic checks can even extend into your social networks, showing which posted links are safe. If you need to check an individual site to find out if it’s safe, you should only be a click away, with icons for the software appearing on your desktop and in your browser.
    Buying and using antivirus software is critical, but it’s also important to use good sense as you use your online devices. Many threats come in predictable forms: attachments in email, links that set off malicious downloads or lead to malicious apps, or QR codes from unknown sources. All of these have one thing in common: You have to set them off. Without your input, these threats are harmless. Learning just a little about malware and phishing can give you almost everything you need to beat these threats on your own. Almost, that is. Unfortunately, the folks who build malware tend to be pretty sneaky, so it’s essential that you have up-to-date software on all your devices to back you up.
    Full Service, Please
    In addition to security scanning, backup is another feature your full-service security software should offer you. By backing up your data automatically into the cloud, you can be sure that regardless of what happens to your hardware—broken, lost, stolen, or hacked—you will have access to all of your files. What about protecting the files left on a lost device? You’ll want to look for the ability to remotely lock your device and wipe your files from it. With these software features, your loss is minimized to merely hardware instead of all your valuable data.
    Smartphones and mobile computing have solved many problems in modern life, but they have created some new ones, too. Everyone knows someone who has lost his phone or had her computer stolen from a public place. Harassing calls and texts, whether from bill collectors or angry exes, are also a 21st century problem. A robust software solution should give you the ability to track a lost device via GPS mapping, as well as to filter calls or text messages from an unwanted source.
    Mobile computing, whether by laptop, tablet, or smartphone, has permanently changed how we live our lives, mostly for the good, but there are new threats as well. To protect yourself, learn all you can about the threats that exist, use common sense practices, and, most importantly, find a turnkey antivirus software that protects all of your devices and offers a wide range of services to access your devices remotely. Relying on one good cross-device software solution will make responding to threats fast and easy, giving you peace of mind as you bravely go forth to surf the web.

  • A Look at the Worst Security Snafus of 2012 So Far!

    A Look at the Worst Security Snafus of 2012 So Far!

    Could things really be this bad? From the embarrassing hack of a conversation between the FBI and Scotland Yard to a plethora of data breaches, security snafus have ruled the first half of 2012. Here’s a look at some of the worst snafus month-by-month.

    The year started off with the FBI raiding the cloud file-sharing and storage Megaupload site, based in Hong Kong and founded by 38-year-old New Zealand resident Kim Dotcom, on content piracy charges to the tune of $175 million. And that action, supported by the U.S industries which hailed it as bringing down a big fish that was devouring their intellectual property, has triggered a year’s worth of lawsuits and retributions from all even remotely involved. It turned confrontational when outraged users of Megaupload were invited by hactivist group Anonymous to attack law enforcement and industry websites supporting the raid by downloading do-it-yourself denial-of-service software such as Slowloris. But by March it was apparent some of this DoS advice came from hackers who were merely tricking users into downloading Trojan software, such as Zeus, from infected links. Another twist: A New Zealand judge in March ruled an order granted to law enforcement allowing them to seize luxury cars and other personal effects of Dotcom is invalid mainly because the local police commissioner applied for the wrong type of seizure order that was requested by the U.S. That ruling mean Dotcom has a chance to get back some of his enormous bling, like his Rolls-Royce and pink Cadillac, seized during his arrest at his mansion outside Auckland. But of course, attorneys for the U.S. are arguing otherwise,. Dotcom, free on bail but subject to electronic monitoring, is expected to undergo extradition proceedings in August. Other January Snafus: ” Online retailer Zappos disclosed hackers had likely broken into its network and stolen information on Zappos.com customers, including name, address, billing and shipping address, phone number and the last four digits of credit-card numbers and cryptographically scrambled passwords stored in hash form. Zappos informed customers all passwords were expired and customers should create a new one. ” Researchers from Seculert discovered what they say is a botnet command-and-control serverholding 45,000 login credentials Facebook users exploited by a pervasive worm, Ramnit, infectingWindows and designed to infect computers and steal social networking usernames and passwords. ” Source code used in older Symantec enterprise security products, Symantec Endpoint Protection 11.0 and Symantec AntiVirus 10.2, as well as older versions of pcAnywhere and Norton Internet Security, was exposed online by hackers calling themselves Lords of Dharmaraja with a leader named Yama Tough in Mumbai. The gang claimed to obtain the code from a third-party associated with the Indian military. Symantec, acknowledging the authenticity of the source code, also said the security firm had been subject to the hackers vainly trying to extract an extortion payment of about $50,000 in exchange for not posting the stolen code. Symantec engaged in a cat-and-mouse game to catch them, with help from law enforcement — but so far without apparent success. Symantec said it isn’t certain where the hackers obtained the stolen cache of source code, and the security incident did prompt Symantec to devise security patches it advised some customers using older software to apply, with additional outreach to customers around the incident related to the stolen source code. FebruaryRight in the midst of a conference call the FBI was having with its agents and law-enforcement officials overseas at Scotland Yard, cybercriminals hacked their way into the phone conversation, recorded it and posted it online. The conversation was about hackers facing charges in the U.K. The group Anonymous took credit for the intercepted call. The FBI said it appeared likely the cybercriminals may have hacked into a law-enforcement official’s email to get the information for the conference call dial-in. Other February Snafus: ” Brazilian banks were targets for distributed denial-of-service attacks, with massive assaults against HSBC Brazil, Banco da Brasil, Itau Unibanco Multiplo SA and Banco Bradesco SA. Hactivists took credit for the DDoS spree. ” Whistleblowing website Cryptome.org, dedicated to exposing confidential information, was compromised by an intruder that loaded an attack code that tried to launch drive-by exploits at visitors to the site. ” The University of Florida had to notify 719 individuals that their Social Security numbers were improperly stored on a state website operated by the Bureau of Unclaimed Property for more than six years. ” Verizon had to acknowledge the Verizon 4G LTE network was knocked offline again just two months after its last serous outage. The outage on Feb. 22 lasted from about 10 a.m. to 1:20 p.m. ” Microsoft’s Azure cloud infrastructure and development service experienced a serious worldwide outage on Feb. 29. Microsoft later blamed the outage on a “Leap Year Bug” that was triggered in a key server housing a certificate that had expired on midnight on Feb. 28, and a time-calculation control hadn’t taken into account the extra day in the month of February this year. ” Taiwan-based Apple supplier Foxconn was hacked by a hacker group calling itself Swagg Security, apparently in protest related to media reports about poor working conditions at the electronics manufacturer’s factories in China. The hackers posted usernames and passwords that they said would allow attackers to place fraudulent orders under other companies’ names, including Microsoft, Apple, IBM, Intel and Dell. ” The FBI arrested a computer programmer in New York and charged him with stealing proprietary software code from the Federal Reserve Bank of New York (FRBNY). The software is known as the Government-Wide Accounting and Reporting Program (GWA), which handles all kinds of U.S. government financial transactions, and it cost over $9 million to develop. The accused thief, Bo Zhang, a contract employee at FRBNY, used the GWA code in a private business he ran to train individuals in computer programming. Zhang, a Chinese citizen in the U.S. on a work visa since 2000, is also known as “Bryan Zhang,” and in a plea agreement in April he pled guilty to theft of government property, admitting he’d copied the code onto an external hard drive and then transferred the GWA program to a home computer, knowing that was wrong. March At least 228,000 Social Security numbers were exposed in a March 30 breach involving a Medicaid server at the Utah Department of Health, according to officials from the Utah Department of Technology Services and Utah Department of Health, which theorized that attacks from Eastern Europe bypassed security controls because of configuration errors. In May, Utah CIO Steven Fletcher resigned because of it. Other March snafus: ” The Vatican found its websites and internal email servers subject to a weeklong attack after the Anonymous collective said it was felt justified in this by the fact that the Vatican Radio System has powerful transmitters in the countryside outside Rome that allegedly constituted a health risk, including supposedly “leukemia and cancer,” to people living in the vicinity. Another justification given were claims the Vatican allegedly helped the Nazis, destroyed books of historic value and that the clergy sexually molested children. ” Hackers in the LulzSec group associated with the broader Anonymous movement found the tables turned when they were arrested by the FBI and European law-enforcement agencies — and it was LulzSec leader Hector Xavier Monsegur, alias “Sabu,” who turned in his friends as part of a deal to work as a stooge for the FBI after being arrested in New York City last year. ” By the end of March, LulzSec claimed to be “reborn” and took credit for hacking a dating website for military personnel, MilitarySingles.com, leaking more than 160,000 account details from its database. ” Dutch police arrested a 17-year-old suspected of compromising the account data on hundreds of servers belonging to telecommunications operator KPN. The teenager, arrested in the Dutch town of Barendrecht, “made a confession,” according to Dutch authorities. In the wake of the hacking spree, KPN said it would appoint a chief security officer and set up a permanent control center to monitor its systems. ” A flaw was discovered in Barclays contactless bank cards that could allow customers’ data to be stolen and used fraudulently with them knowing about it, according to an investigation by ViaForensics in conjunction with Channel 4 News. But Barclays dismissed the claims as inaccurate. ” Security firms knew there was trouble when Kaspersky Lab identified code-signed Trojan malware dubbed Mediyes that had been signed with a digital certificate owned by Swiss firm Compavi AG and issued by Symantec. Symantec said it found out that the digital certificate’s private key held by Compavi had indeed been stolen; whether by an insider or an outside attacker wasn’t known. ” A security firm based in Slovakia, ESET, asserted a website operated by the country of Georgia has been used as part of a botnet to conduct cyber-espionage against that country’s residents. But ESET researchers admitted they aren’t sure whether the Win32/Georbot they have been monitoring is being directly operated by the Georgian government or by cyber-spies through a compromised Georgian agency. AprilThe Federal Communication Commission fined Google $25,000, asserting the search-engine giant impeded an investigation into how Google collected data while taking photos for its Street View mapping feature. The FCC maintained in a report that Google “deliberately impeded and delayed” the investigation for months by not responding to requests for information and documents. But the FCC also said it won’t take action against Google over its data collection because it still has questions it wants answered. The FCC had subpoenaed an unnamed Google engineer — now known to be Marius Milner — but he had apparently declined to testify, invoking his Fifth Amendment rights against incriminating himself. Other April snafus: ” Hactivist group Anonymous brought down the websites of trade groups U.S. Telecom Association and TechAmerica, apparently for their support of the cybersecurity bill proposed by Rep. Mike Rogers that would allow the private companies and the government to share any information “directly pertaining to a vulnerability of, or threat to” a computer network. Privacy advocates, including the ACLU and Center for Democracy and technology, contend the bills shreds privacy protections. ” A U.S. grand jury charged two residents of China with 46 criminal counts, including infringing software copyrights and illegally exporting technology to China, for allegedly operating a website that sold pirated software used in engineering, manufacturing, space exploration, aerospace simulation and design, and other fields, with a commercial value of other $100 million. Xiang Li, 35, was earlier arrested by agents from the U.S. Immigration and Customs Enforcement’s Homeland Security Investigations in Saipan, Northern Mariana Islands. Chun Yan Li remains at large. Both face charges in the U.S. District Court for the District of Delaware. ” A 31-year-old Russian national living in New York, Petr Murmylyuk, was charged with hacking into accounts at Fidelity, Scottrade, E*Trade and Schwab in a complex scheme that involved making unauthorized trades that profited the gang he recruited to open bank accounts to receive the illegal proceeds. The brokerage firms said they lost $1 million because of Murmylyuk’s fraud. ” VMware’s ESX source code was stolen and posted online, but VMware said the code, amounting to a single file from sometime around 2003 or 2004, doesn’t mean any increased risk to VMware customers. Security firm Kaspersky said it believes the code was stolen from a Chinese company called China Electronics Import & Export Corporation during a March breach. ” A terminal at New Jersey’s Newark Liberty International Airport was shut down for more than an hour on April 27 after officials discovered that a baby hadn’t been properly screened. The baby in question had been handed back and forth between the parents after a metal detector went off sounding an alarm with the mother holding the baby. The father had already gone through the screening, and the parents and baby left the checkpoint to head to the gate. But Transportation Security Administration officials decided to “err on the side of caution” to shut down the terminal and go locate the baby to make sure it went through screening. Some passengers that had already boarded flights said they had to evacuate it and go through security screening again. Speaking of the TSA, one of the agency’s critics, security expert Bruce Schneier, who is involved in a lawsuit with the agency to get them to stop the TSA’s full-body scanner program, had been invited to testify before Congress about the TSA but the House Committee on Oversight and Government Report then “uninvited” Schneier last March after the TSA formally complained about him, obviously preferring not to be challenged directly by him right in front of Congress. ” Automotive manufacturer Nissan admitted a data breach involving employee user account credentials had occurred, and that it had to spend some time cleaning its network of the malware apparently responsible for that before disclosing the breach. ” The hacker who stole Facebook’s source code, Glenn Mangham of York, England, offered an explanation of why he did it, saying, “I was working under the premise it is sometimes better to seek forgiveness than to ask permission.” He said he did little to hide his actions and that even if he got caught, Facebook would let him off the hook. But that didn’t happen, and Mangham was sentenced to eight months in prison in February, though the sentence was reduced to four months by an appeals court in April. He said he only had the source code for three weeks, but never had any intention of selling it to anyone who might exploit it for scams, for example. Mangham even made the grandiose claim that his basic good intentions saved Facebook from “potential annihilation.” ” Payments processing services company Global Payments acknowledged a data breach of up to 1.5 million card numbers had been stolen in a data breach, and in June also said it was investigating whether a server containing merchant applicants’ information had also been breached. Global Payments said its PCI compliance status had been revoked by some of the card brands because of the breach and it was working to regain it. MayHackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank did not make an extortion payment of $197,000. Elantis confirmed the data breach but said the bank will not give in to extortion threats. Meanwhile, Anonymous claimed it hacked a U.S. Department of Justice website server tied to the U.S. Bureau of Justice Statistics and claimed to release 1.7GB of stolen data from it, with the statement, “We are releasing it to end the corruption that exists, and truly make those who are being oppressed free.” The data was offered on The Pirate Bay. And then Yahoo accidentally leaked the private key that was used to digitally sign its new Axis extension for Google Chrome. Axis is a new search and browsing tool from Yahoo. Security blogger Nik Cubrilovic discovered the package included the private crypto key used by Yahoo to sign the extension, noting it offered a malicious attacker the ability “to create a forged extension that Chrome will authenticate as being from Yahoo.” Yahoo was forced to release a new version of its Axis extension for Google Chrome after that. June The University of Nebraska in Lincoln acknowledged a data breach that exposed information of more than 654,000 files of personal information on students and employees, plus parents and university alumni. The information was stolen from the Nebraska Student Information Systems database; a student is the suspected culprit. Other June snafus: ” Hacker gang Swagger Security strikes again, this time breaching the networks of Warner Bros. and China Telecom, releasing documents and publishing login credentials. The group said it notified China Telecom of the hack by planting a message in the company’s network. “Fortunately for them, we did not destroy their infrastructure and rendered [stet] millions of customers without communications,” Swagger Security, also known as SwaggSec, said in a note. ” About 6.5 million cryptographic hashes of LinkedIn user passwords were stolen and posted online, a breach LinkedIn acknowledged though it didn’t discuss specific numbers, which may be much less due to duplicates. LinkedIn invalidated the passwords of impacted users and the company said emails will be sent to users whose passwords were compromised, though it warned about updating passwords via links sent in email. ” Right after the LinkedIn fiasco, dating site eHarmony also confirmed a breach of 1.5 million passwords that were hashed. ” The Federal Trade Commission announced that data broker Spokeo will pay $800,000 to settle FTC charges it sold personal information it gathered from social media and other Internet-based sites to employers and job recruiters without taking steps to protect consumers required under the Fair Credit Reporting Act. ” The New York Times article asserting that the cyber-weapon Stuxnet is a creation of the U.S. with Israel, and was launched in a covert action authorized directly by President Barack Obama against an Iranian facility suspected of developing a nuclear weapon, has stirred up a firestorm of controversy in Washington about leaked information. Now that another cyber-weapon for espionage, Flame, has been discovered and linked directly with Stuxnet, there’s more concern, with the United Nations division International Telecommunication Union warning countries that Flame is dangerous, and some saying the U.S. is losing the moral high ground as its secret cyberwar efforts become known. Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. For more information about enterprise networking, go to NetworkWorld. Story copyright 2011 Network World Inc. All rights reserved.  

  • The Arrival Of Firefox 14 Beta with an Extra Shot of Security

    The Arrival Of Firefox 14 Beta with an Extra Shot of Security

    Mozilla’s new Firefox 13 browser may have just barely landed on users’ PCs, but already forward-looking fans can check out the beta version of Firefox 14–and the Aurora version of Firefox 15, too.
    Most notable in Firefox 14 are new security features that “make it easier for users to control their Web experience,” according to the official announcement late last week on the Mozilla blog.
    Several new features in the upcoming version of this popular free and open source browser are designed to make life better for users, in fact. The final version isn’t expected until July, but here’s a rundown of some key improvements you can expect.

    1. HTTPS by Default

    In the new Firefox 14 beta, HTTPS is enabled by default for Google searches to help protect users “from network infrastructure that may gather data, modify or censor search results,” Mozilla explained. This feature also stops third-party sites from gathering search data when you click on items on a search results page. “We look forward to supporting additional search engines as they enable SSL searches,” Mozilla wrote.

    For sites with an EV certificate, Firefox 14 displays a green lock icon and the site owner’s name (Click image to enlarge.)2. A New ‘Red Flag’

    Also included in the latest Firefox beta is a new way to display the verified identity of a website in the browser’s Awesome Bar, or URL field. Specifically, a globe icon positioned next to the domain indicates a site not using SSL encryption, while sites with SSL encryption include a lock icon and show “https.” Sites that have an Extended Validation (EV) certificate, meanwhile, are indicated by a green lock icon and include the name of the site owner. Sites with mixed http and https content show a gray triangle icon as a warning. Bottom line: a quick visual guide to the security level of the site you’re visiting, making “spoofing” of secure sites much more difficult.

    3. More Control Over Plug-ins

    The upcoming Firefox 14 lets users control how plug-ins like Flash and Quicktime play through a new feature that can add a “play” button to all plug-in content; users can then simply click “play” to begin viewing immediately. “Future releases will include more specific customizations and a robust interface; for now, you can experiment with the feature by selecting plugins.click_to_play to ‘true’ in about:config,” Mozilla explained.

    4. Better Lion Support

    For Mac users, Firefox 14 now offers native full-screen support of OS X Lion 10.7, providing “a richer and more immersive browsing experience,” as Mozilla puts it.

    5. URL Auto-Complete

    Last but not least, Firefox 14’s Awesome Bar now auto-completes URL domains as you type them, potentially making the process quicker than ever.
    There are also a few key new features for developers in the Firefox 14 beta, including a pointer lock API and pseudo class lock.
    And what of Firefox 15? The Aurora version of that software is now available as well. The most notable new addition there is native PDF support–a feature Google’s competing Chrome browser has had for some time.
    Neither of these new browser releases is designed for production purposes, of course, but if you’re interested in checking them out, they’re both available as free downloads for Windows, Linux, and Mac. Firefox 14 beta can be found in Mozilla’s beta channel; the early Firefox 15 is on the Aurora page.

    Important Notice: Tweet this article with the bookmark social media share below to stand a chance to win an ipad or start making money with your twitter account (it works only with your twitter account and the more articles you tweet the more you stand a chance to win an Ipad)

  • Lock and Protect your Computer with a Secret Key

    Lock and Protect your Computer with a Secret Key

    With so many cracking tools coming up to break windows password, it’s very difficult to protect your personal computer from unauthorized access. Even BIOS passwords is easy to crack. Nothing is secure and safe these days.
    Now no more worries, I just found a simple trick by which you can easily protect your windows from unwanted usage. This really cool and hidden feature of Windows lets you maintain your privacy of data on your computer even if you are not around.

    What it does is that it adds an extra secret key along with your windows password. So when your computer is started, it first asks for the secret key and then the windows password. Windows password can easily be hacked but you cannot get around this secret key which we will be going to store in a removable devices such as USB drive etc.
    Here goes the step-by-step procedure for achieving an extra level of protection.
    1.) Open run dialog box.
    2.) Type SYSKEY and click OK.
    3.) Check the Encryption Enabled radio button.
    4.) Click on Update.

    5.) Under System Generated Password choose Store Startup Key on Floppy Disk.
    (Now many of you must be thinking that this tutorial is waste. Where in the hell should be get Floppy no? Don’t worry; you don’t require any Floppies for this. Just insert your USB device and change its Drive Letter to A:. I am using my IPOD shuffle for this purpose. You can use your Pen Drive. Read further to learn how to change Drive Letters.)
    6.) After you have inserted your USB device, right click My Computer -> Manage -> Storage -> Disk Management.
    7.) Now you will see all storage volumes there. Choose your USB volume, right click on it and select option Change Drive Letters and Paths…

    8.) From the long list of available drive letters choose A:.
    9.) Now return back to SYSKEY, choose Startup Key on Floppy Disk and click OK.

    10.) No 10th Step. You are done.
    The next time you start your computer, you’ll have to insert this USB device when asked and then only you can login to your account. You can also see a registry file named StartKey stored in your USB device.
    I am still looking for the possible ways to login to my personal computer just in case if my IPOD (USB device) is broken or unavailable. If you have idea to break this protection, please share that with us. It will be useful as well.