Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'encryption'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 156 results

  1. Cerber Ransomware Switches To .CERBER3 Extension For Encrypted Files A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version. The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below. Encrypted Files Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url. The previous Cerber version had also sent UDP packets to the 31.184.235.0/24 range of IP addresses. This version appears to be using the 31.184.235.0/24 range for statistical purposes. As this version is further analyzed, more information may become available. When this happens, I will be sure to update this article. Source
  2. Kryptel Standard 7.4.1 - Latest - Full Version Promo by Comss.ru Overview: Kryptel Standard offers reliable protection using encryption and ability to encrypt your files and folders with a single click. After this, your data will be part of an impregnable fortress. The app is easy to use to encrypt sensitive data, important files and documents. Kryptel Standard allows you to decrypt all or only some files at a time, and also includes a built-in browser that allows you to view the contents of the encrypted container. Kryptel Standard uses the latest encryption standard (NIST-Approved Advanced Encryption Standard - AES 256-bit), and also some additional ciphers for advanced users. You can even use Kryptel Standard to scan your hard disks in search for certain types of files to encrypt them when they are there. In addition, the application Kryptel Standard is so small that it can be run on a USB flash drive for protection on the go. More Info: Product Homepage, Edition Comparison Links: Offer: https://www.comss.info/page.php?al=Kryptel_Standard Shared Key: Note: Limited Period Offer. Current Status: Open. Terms: License should be activated by February 7, 2017 Lifetime license only for Kryptel Standard version 7.4.1[Specific Version] No upgrades to future versions No free support Personal use only Downloads: Kryptel Standard v7.4.1 - [Size: 17.56 MB]: https://www.kryptel.com/download/KryptelTrial.7.4.1.exe
  3. Avast Releases Three New Decryption Tools to Fight Ransomware There are now 14 anti-ransomware tools available from Avast “In the past year more than 200 new strains of ransomware were discovered, it’s growth of in-the-wild samples two-folded, but the good news is that hundreds of millions of Avast and AVG users were protected against this popular threat,” reads a blog post signed by Jakub Kroustek, reverse engineer and malware analyst at Avast. The three new decryption tools address three different ransomware strains – HiddenTear, Jigsaw and Stampado/Philadelphia. Some solutions for these particular strains are already available, coming from other security researchers. Avast decided, however, that it is always best to have multiple options. That’s because these three strains are particularly active and frequently encountered, especially in the past few months. Since the used encryption keys update often, so must the decryption tools. In the end, whether it’s Avast’s tools or those made by other security researchers that work against the ransomware, it’s all for the same purpose. “Last but not least, we were able to significantly speed-up the decryption time, more precisely the password brute-force process, so e.g. some of the HiddenTear variants will be decrypted within minutes instead of days. The best results are achieved when decrypting files directly from the infected machine,” Kroustek writes. Decrypting HiddenTear HiddenTear has been around for a while and the code is actually hosted on GitHub. Given the fact that it is so present, many hackers have gone and tweaked the code and starting using it. Encrypted files have a wide range of extensions: .locked, .34xxx, .bloccato, .BUGSECCCC, .Hollycrypt, .lock, .saeid, .unlockit, .razy, .mecpt, .monstro, .lok, .암호화됨, .8lock8, .fucked, .flyper, .kratos, .krypted, .CAZZO, .doomed. and more. After all the files are encrypted, a text file will appear on the user’s desktop. Decrypting Jigsaw Jigsaw was first spotted in the wild in March 2016, and many of its strains use the picture of the Jigsaw Killer from the same-name movie in the ransom screen. Files encrypted after the computer was infected with Jigsaw have Encrypted files will have one of the following extensions: .kkk, .btc, .gws, .J, .encrypted, .porno, .payransom, .pornoransom, .epic, .xyz, .versiegelt, .encrypted, .payb, .pays, .payms, .paymds, .paymts, .paymst, .payrms, .payrmts, .paymrts, .paybtcs, .fun, .hush. Keeping up with the movie script, the malware will delete a file per hour if you don’t pay up. Decrypting Stampado This particular ransomware has been around since August 2016, and it’s being sold on the dark web. Multiple versions have been circulating on the Internet, one of them is called Philadelphia. Most often than not, Stampado adds the .locked extension to the encrypted files. Stampado will delete a new file every 6 hours unless you pay the ransom. Check out Avast’s list of anti-ransomware tools and see if you can find one to help you out. Source
  4. Today the average volume of encrypted internet traffic finally surpassed the average volume of unencrypted traffic, according to Mozilla, the company behind the popular Firefox web browser. That means when you visit a website, you’re now more likely than not to see a little green lock right next to its address. That little lock indicates that the page you visited came to you via HTTPS, the web’s secure protocol, rather than plain old HTTP. Mozilla’s estimate represents a two-week running average, so the figure could still slide around over the next few days. But this milestone is a still a big deal. Read The Full Article Here
  5. Could the future of encryption be solved by rising cybersecurity star Shane Curran? Teenager Shane Curran from Ireland lands the BT Young Scientist and Technology award for his qCrypt unbreakable encryption technology Encryption is a hot topic at the moment. From rogue agents of governments trying to break it, to big tech companies like Google, Facebook and Apple all adopting it more widely, the ability to securely store your data will become one of the most important technology arms race in the decades to come. This is even more pertinent when you consider that quantum computing, which promises a huge leap forward in computing capabilities, is predicted to render all current encryption technologies null and void. So the news that a new system for storing data has been built — which its creator claims is impervious to the powers of quantum computers — is something to sit up and digest, especially when the creator is a 16-year-old secondary school student from Ireland. qCrypt is described by its mastermind Shane Curran as: "The quantum-secure, encrypted, data storage solution with multijurisdictional quorum sharding technology." Now that does not really mean anything to most people, so here is a somewhat less technical description. How unbreakable encryption works Curran's system splits up the data (sharding) you are looking to keep secure and stores it in numerous locations (multijurisdictional) which prevents the data from being reassembled even if a court demands it. To achieve this Curran created a new encryption key system which he claims is resistant to quantum computers. The idea for the project was hearing that Boston College was forced to release historical political interviews involving former IRA members. "[I thought] how could I apply technology to an existing problem out there, and the problem was keeping secrets secure for life," Curran told IBTimes UK. Under his system, the interviews would have remained secret forever — no matter who wanted access. Curran says the system, which took six months of research and five months to build, is as easy to use as any file transfer product but 40% faster. Despite the bold claims and his young age, Curran is confident that his technology will stand up to scrutiny. "From a theoretical perspective, it seems pretty solid," Curran stated. Where qCrypt could be used The general idea of what is known as post quantum cryptography has been discussed and debated in academic circles in the past few years, and there have been a lot of theoretical papers written about it. But to date there have been very few systems released with a practical implementation of this technology — making Curran's project all the more remarkable. Last year, the National Security Agency (NSA) published a memorandum on quantum computing warning that the introduction of this new technology threatens the security of public key cryptography. Last weekend Curran won the BT Young Scientist 2017 award in Dublin for his invention. John Dunnion, associate professor at University of College Dublin and one of the judges of the competition, said: "It addresses a number of shortfalls of current data encryption systems; in particular, the algorithm used in the system has been demonstrated to be resistant to attacks by quantum computers in the future." While Curran took home a trophy and a cheque for €5,000 (£4,320), the future could hold much bigger prizes. "There has definitely been a lot of interest," Curran said, adding that qCrypt "is certainly a commercially viable idea". The student would not reveal who had been in touch but the list of organisations who would be interested in this technology is endless. From governments and large companies seeking to prevent cyber espionage, to companies like Apple, Facebook and Google looking to reassure customers their data is safe, an uncrackable encryption technology is a very valuable product. But for Curran, it is not all about the money. "If it's possible to simultaneously have something which is useful to the world as a whole as well as producing a decent revenue stream, then that would fantastic," Curran said. "I'm not completely motivated by money but it would be great to have a tool that would be useful to millions or even billions of people over the next while — and that's something to aspire to." Teenage dreams In 2005, Patrick Collison another Irish 16-year-old won the Young Scientist award. He went on to establish online payment technology company Stripe with his brother John. In November the outfit was valued at $9bn making the Collison brothers billionaires — something Curran certainly sees as an inspiration. "The work Patrick Collison and his younger brother John have done, is a huge aspiration or goal to set. If I could get anywhere near what the Collisons have done it would be fantastic." While Curran is convinced the theory behind qCrypt is solid, and he has been working with professors in the maths department of University College Dublin, doubts will remain, especially because of his tender age. But when you consider that Curran installed his first Linux distro at the age of six, created a web browser using Visual Basic when he was seven and launched an online library management system at the age of 12, there are lots of reasons to believe in him. Article source
  6. Mozilla: The Internet Is Unhealthy And Urgently Needs Your Help Mozilla argues that the internet's decentralized design is under threat by a few key players, including Google, Facebook, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce, and search. Can the internet as we know it survive the many efforts to dominate and control it, asks Firefox maker Mozilla. Much of the internet is in a perilous state, and we, its citizens, all need to help save it, says Mark Surman, executive director of Firefox maker the Mozilla Foundation. We may be in awe of the web's rise over the past 30 years, but Surman highlights numerous signs that the internet is dangerously unhealthy, from last year's Mirai botnet attacks, to market concentration, government surveillance and censorship, data breaches, and policies that smother innovation. "I wonder whether this precious public resource can remain safe, secure and dependable. Can it survive?" Surman asks. "These questions are even more critical now that we move into an age where the internet starts to wrap around us, quite literally," he adds, pointing to the Internet of Things, autonomous systems, and artificial intelligence. In this world, we don't use a computer, "we live inside it", he adds. "How [the internet] works -- and whether it's healthy -- has a direct impact on our happiness, our privacy, our pocketbooks, our economies and democracies." Surman's call to action coincides with nonprofit Mozilla's first 'prototype' of the Internet Health Report, which looks at healthy and unhealthy trends that are shaping the internet. Its five key areas include open innovation, digital inclusion, decentralization, privacy and security, and web literacy. Mozilla will launch the first report after October, once it has incorporated feedback on the prototype. That there are over 1.1 billion websites today, running on mostly open-source software, is a positive sign for open innovation. However, Mozilla says the internet is "constantly dodging bullets" from bad policy, such as outdated copyright laws, secretly negotiated trade agreements, and restrictive digital-rights management. Similarly, while mobile has helped put more than three billion people online today, there were 56 internet shutdowns last year, up from 15 shutdowns in 2015, it notes. Mozilla fears the internet's decentralized design, while flourishing and protected by laws, is under threat by a few key players, including Facebook, Google, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce and search. "While these companies provide hugely valuable services to billions of people, they are also consolidating control over human communication and wealth at a level never before seen in history," it says. Mozilla approves of the wider adoption of encryption today on the web and in communications but highlights the emergence of new surveillance laws, such as the UK's so-called Snooper's Charter. It also cites as a concern the Mirai malware behind last year's DDoS attacks, which abused unsecured webcams and other IoT devices, and is calling for safety standards, rules and accountability measures. The report also draws attention to the policy focus on web literacy in the context of learning how to code or use a computer, which ignores other literacy skills, such as the ability to spot fake news, and separate ads from search results. Source Alternate Source - 1: Mozilla’s First Internet Health Report Tackles Security, Privacy Alternate Source - 2: Mozilla Wants Infosec Activism To Be The Next Green Movement
  7. Lavabit — Encrypted Email Service Once Used by Snowden, Is Back Texas-based Encrypted Email Service 'Lavabit,' that was forced to shut down in 2013 after not complying with a court order demanding access to SSL keys to snoop on Edward Snowden's emails, is relaunching on Friday. Lavabit CEO Ladar Levison had custody of the service's SSL encryption key that could have helped the government obtain Snowden's password. Although the FBI insisted it was only after Snowden's account, that was the key to the kingdom that would have helped the FBI agents obtain other users’ credentials as well. But rather than complying with the federal request that could compromise the communications of all of its customers, Levison preferred to shut down his encrypted email service, leaving its 410,000 users unable to access their email accounts. Now, Levison has announced that he is reviving Lavabit with a new architecture that fixes the SSL problem — which according to him, was the biggest threat — and includes other privacy-enhancing features that will help its users send emails that he can't eavesdrop, even if ordered to do so. Levison is releasing the source code for an open-source end-to-end encrypted global email standard that promises surveillance-proof messaging that even hides the metadata on emails to prevent agencies like the NSA or FBI from being able to find out with whom Lavabit users communicate. Dubbed Dark Internet Mail Environment (DIME), the standard will be available on Github today, along with an associated mail server program called Magma, which is ready for use with the Dark Internet Mail Environment. According to Levison, Magma server is designed to offer an easy-to-use application so that even non-technical users with existing email clients can use Lavabit encrypted email service with ease. DIME standard includes a ‘Trustful’ encryption mode, which requires users to trust the server to manage the encryption and their keys. Also, the DIME also offers Cautious Mode and Paranoid Mode for users who want absolute control over their encryption keys, so that their keys never transmits anywhere. Paranoid means Lavabit will never store a user’s private keys on its server. Initially, the new Lavabit service will only be accessible to its existing customers and only in Trustful mode. However, if you were not LAvabit customer in the past before the service shut down, you can pre-register and wait for the eventual rollout. Source
  8. Explained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug! What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are always invited What's the Issue: The vulnerability relies on the way WhatsApp behaves when an end user's encryption key changes. WhatsApp, by default, trusts new encryption key broadcasted by a contact and uses it to re-encrypt undelivered messages and send them without informing the sender of the change. In my previous article, I have elaborated this vulnerability with an easy example, so you can head on to read that article for better understanding. Facebook itself admitted to this WhatsApp issue reported by Boelter, saying that "we were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." What Experts argued: According to some security experts — "It's not a backdoor, rather it’s a feature to avoid unnecessarily re-verification of encryption keys upon automatic regeneration." Open Whisper Systems says — "There is no WhatsApp backdoor," "it is how cryptography works," and the MITM attack "is endemic to public key cryptography, not just WhatsApp." A spokesperson from WhatsApp, acquired by Facebook in 2014 for $16 Billion, says — "The Guardian's story on an alleged backdoor in WhatsApp is false. WhatsApp does not give governments a backdoor into its systems. WhatsApp would fight any government request to create a backdoor." What's the fact: Notably, none of the security experts or the company has denied the fact that, if required, WhatsApp, on government request, or state-sponsored hackers can intercept your chats. What all they have to say is — WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. Open Whisper Systems (OWS) criticized the Guardian reporting in a blog post saying, "Even though we are the creators of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment." What? "...encryption protocol supposedly "backdoored" by WhatsApp…" NO! No one has said it's an "encryption backdoor;" instead this backdoor resides in the way how end-to-end encryption has been implemented by WhatsApp, which eventually allows interception of messages without breaking the encryption. As I mentioned in my previous story, this backdoor has nothing to do with the security of Signal encryption protocol created by Open Whisper Systems. It's one of the most secure encryption protocols if implemented correctly. Then Why Signal is more Secure than WhatsApp? You might be wondering why Signal private messenger is more secure than Whatsapp, while both use the same end-to-end encryption protocol, and even recommended by the same group of security experts who are arguing — "WhatsApp has no backdoor." It's because there is always room for improvement. The signal messaging app, by default, allows a sender to verify a new key before using it. Whereas, WhatsApp, by default, automatically trusts the new key of the recipient with no notification to the sender. And even if the sender has turned on the security notifications, the app notifies the sender of the change only after the message is delivered. So, here WhatsApp chose usability over security and privacy. It’s not about 'Do We Trust WhatsApp/Facebook?': WhatsApp says it does not give governments a "backdoor" into its systems. No doubt, the company would definitely fight the government if it receives any such court orders and currently, is doing its best to protect the privacy of its one-billion-plus users. But what about state-sponsored hackers? Because, technically, there is no such 'reserved' backdoor that only the company can access. Why 'Verifying Keys' Feature Can't Protect You? WhatsApp also offers a third security layer using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code or by comparing a 60-digit number. But here’s the catch: This feature ensure that no one is intercepting your messages or calls at the time you are verifying the keys, but it does not ensure that no one, in the past had intercepted or in future will intercept your encrypted communication, and there is no way, currently, that would help you identify this. WhatsApp Prevention against such MITM Attacks are Incomplete WhatsApp is already offering a "security notifications" feature that notifies users whenever a contact's security code changes, which you need to turn on manually from app settings. But this feature is not enough to protect your communication without the use of another ultimate tool, which is — Common Sense. Have you received a notification indicating that your contact's security code has changed? Instead of offering 'Security by Design,' WhatsApp wants its users to use their common sense not to communicate with the contact whose security key has been changed recently, without verifying the key manually. The fact that WhatsApp automatically changes your security key so frequently (for some reasons) that one would start ignoring such notifications, making it practically impossible for users to actively looking each time for verifying the authenticity of session keys. What WhatsApp should do? Without panicking all one-billion-plus users, WhatsApp can, at least: Stop regenerating users' encryption keys so frequently (I clearly don't know why the company does so). Give an option in the settings for privacy-conscious people, which if turned on, would not automatically trust new encryption key and send messages until manually accepted or verified by users. ...because just like others, I also hate using two apps for communicating with my friends and work colleagues i.e. Signal for privacy and WhatsApp because everyone uses it. Source
  9. Ransomware Attacks To Decrease In 2017 Ransomware is expected to deflate a bit next year, but hackers won’t be resting on their laurels, that’s for sure. Instead, they might just move to dronejacking, for a "variety of criminal or hacktivist purposes". This is according to McAfee Labs, whose new report, the McAfee Labs 2017 Threats Predictions Report, identifies 14 cyber-security trends to watch in 2017. Based on the opinions of 31 Intel Security thought leaders, the report says we can expect a decrease in both volume and effectiveness of ransomware in the second half of 2017. Windows vulnerability exploits will also continue downwards, but infrastructure and virtualization software attacks will increase. So will attacks against hardware and firmware. Attacks against mobile devices will be a combination of mobile device locks and credential theft, allowing attackers access to information such as credit cards. IoT malware could open up backdoors into the connected home -- backdoors which could stay undetected for years. Also, we can expect to see hijackings of drones, or as the report puts it -- Dronejackings. "To change the rules of the game between attackers and defenders, we need to neutralize our adversaries' greatest advantages", says Vincent Weafer, vice president of Intel Security’s McAfee Labs. “As a new defensive technique is developed, its effectiveness increases until attackers are compelled to develop countermeasures to evade it. To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralized data, and detecting and protecting in agentless environments". The full report can be found on this link (PDF). Published under license from ITProPortal.com, a Future plc Publication. All rights reserved. Source
  10. Encrypted Email Sign-Ups Instantly Double In Wake of Trump Victory ProtonMail suggests fear of the Donald prompting lockdown "ProtonMail follows the Swiss policy of neutrality. We do not take any position for or against Trump," the Swiss company's CEO stated on Monday, before revealing that new user sign-ups immediately doubled following Trump's election victory. ProtonMail has published figures showing that as soon as the election results rolled in, the public began to seek out privacy-focused services such as its own. CEO Andy Yen said that, in communicating with these new users, the company found people apprehensive about the decisions that President Trump might take and what they would mean considering the surveillance activities of the National Security Agency. "Given Trump's campaign rhetoric against journalists, political enemies, immigrants, and Muslims, there is concern that Trump could use the new tools at his disposal to target certain groups," Yen said. "As the NSA currently operates completely out of the public eye with very little legal oversight, all of this could be done in secret." ProtonMail was launched back in May 2014 by scientists who had met at CERN and MIT. In response to the Snowden revelations regarding collusion between the NSA and other email providers such as Google, they created a government-resistant, end-to-end encrypted email service. The service was so popular that it was "forced to institute a waiting list for new accounts after signups exceeded 10,000 per day" within the first three days of opening, the CEO previously told The Register when ProtonMail reopened free registration to all earlier this year. ProtonMail new user signups doubled immediately after Trump's election victory Yen said his service was now "seeing an influx of liberal users" despite its popularity on both sides of the political spectrum. "ProtonMail has also long been popular with the political right, who were truly worried about big government spying, and the Obama administration having access to their communications. Now the tables have turned," Yen noted. "One of the problems with having a technological infrastructure that can be abused for mass surveillance purposes is that governments can and do change, quite regularly in fact. "The only way to protect our freedom is to build technologies, such as end-to-end encryption, which cannot be abused for mass surveillance," Yen added. "Governments can change, but the laws of mathematics upon which encryption is based are much harder to change." Source
  11. A majority of Mozilla users were served encrypted pageloads for the first time yesterday, meaning their web browsing data was secured from snoopers and hackers while in transit. The HTTPS milestone was tweeted by Josh Aas, head of the Let’s Encrypt initiative which has been working to help smaller websites switch to encrypting their web traffic. Mozilla, which is one of the organizations backing Let’s Encrypt, was reporting that 40 per cent of page views were encrypted as of December 2015. So it’s an impressively speedy rise. That said, there are plenty of caveats here — the biggest being it’s just one browser, Mozilla’s Firefox, which lags far behind the dominant default browsers of the mainstream web. Statista pegs Firefox at just a 7.77 per cent global marketshare for July 2016 vs 49.5 per cent for Google’s Chrome and 13.68 per cent for Apple’s Safari browser. Add to that, is also only a subset of Firefox users who are running Mozilla’s telemetry browser performance reporting feature. The telemetry feature is also not default switched on for most Firefox users (only for users of pre-release Firefox builds). And it’s just a one-day snapshot. All of which is to say the sample here is certainly very salami sliced and clearly not representative of mainstream web usage. So, while the speed of the shift to HTTPS among this user group is noteworthy and encouraging, there’s still plenty of work to be done to make encrypted connections the rule for the majority of web users and web browsing sessions. The Let’s Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to Aas, Let’s Encrypt added more than a million new active certificates in the past week — which is also a significant step up. In the initiative’s first six months (when still in beta) it only issued around 1.7 million certificates in all. As well as carrots there are sticks driving websites to shift to HTTPS. One of which is Google, which has said it intends to flag unsecured connections in its popular Chrome browser — thereby brandishing the threat of a traffic apocalypse for sites that do not roll out encryption. Article source
  12. Senator Ron Wyden opposes giving the Justice Department more power to get consumer data from technology companies. WASHINGTON — After Apple and the F.B.I. made their battle over encryption public in February, members of Congress quickly jumped into the debate. Some lawmakers promised new rules that would give authorities more access to smartphones, while others promised to fight off those laws. Yet after several hearings and bills, and the formation of congressional working groups, little has been done to resolve the central tug of war between the tech industry and federal authorities over civil rights versus national security. Law enforcement officials have argued that hundreds of criminal investigations have been held up by their inability to get access to locked smartphones and encrypted apps. Privacy advocates and tech companies say such access would cost people their personal information and lead to a slippery slope of surveillance. The debate has flared anew recently, with Open Whisper Systems, maker of the encrypted messaging app Signal, revealing it had received a federal subpoena for user information earlier this year, along with a gag order. Last week, reports also surfaced that Yahoo worked to satisfy a secret court order by scanning incoming emails for digital “signatures” tied to a state-sponsored terrorist organization. Ron Wyden, a Democratic senator from Oregon, has been a leading voice on the side of encryption and against giving the Justice Department more power to get consumer data from tech companies. Mr. Wyden, a member of the Senate Select Committee on Intelligence, recently talked to The New York Times about the privacy-versus-security debate. Cecilia Kang Q. What is the state of encryption and other security debates on Capitol Hill? A. This is going to be a big, big two months. First, obviously, there are those who want to weaken encryption. They are still at it. Then, the F.B.I. wants authority to circumvent court oversight to obtain Americans’ browsing histories. Third, there is what’s known as Rule 41, where the F.B.I. wants the authority to hack thousands or millions of hacking victims with one warrant from a single judge. These and other issues will come up right when we get back in session in November, after the election. A draft proposal released in May by Senators Richard Burr of North Carolina and Dianne Feinstein of California to give law enforcement greater access to encrypted devices never caught on. What is the status of encryption proposals? You’ll have to ask them, but if an anti-encryption bill gets out of the Intelligence Committee, which is where its strength is greatest, I will do everything I can to prevent that. If it goes to the floor, then I will filibuster. I will use every procedural tool to block legislation that in my view would make us less safe and jeopardize our liberty. There seems to be no change in the standoff between companies that want strong personal privacy and security protections, and law enforcement, which argues that it needs to get past encryption for national security. There were tens of thousands of news stories during the first days of the encryption discussion that said, “Today, in the ongoing debate between privacy and security, the following happened.” I don’t think that’s the right way to think about it. I think it is about more security versus less security. If you want to be in a safe community, you shouldn’t be able to weaken encryption. We pushed back very, very hard on the idea that this is a battle between privacy and security. Is this a minority point of view or are you seeing more people adopt this? I think you are starting to see surprising voices in this discussion, like Mike McConnell, the former director of national intelligence, raise questions about what it means to weaken encryption. What else is coming up for consideration in the cybersecurity space? Browser spying. Senators John McCain and Richard Burr have a proposal to give any F.B.I. field office new authority to scoop up Americans’ browsing history and a slew of American digital records without going to a judge. Email, text message logs and certain location information would be included. We had a vote on this at the end of June. Yet this would give law enforcement access to valuable information to aid in investigations. My view is that if you know a person is visiting a website of a substance abuse group, a political organization or mental health clinic, then you know a lot about that person. It’s practically a window into their innermost thoughts. This should come with court oversight. The F.B.I. can already get this information with a court order today. One thing that civil liberties groups have protested is what’s known as Rule 41. Can you explain what that is? It would allow the government to hack into multiple devices with a single warrant from a single judge. The Justice Department will say this is a modest thing. But one tech person said this whole Rule 41 thing is coming forward under “cover of dullness.” The F.B.I. says that the changes to Rule 41 are the best way for them to investigate cybercriminals, including child abusers. What’s your response? Everyone believes that the F.B.I. should have the tools it needs to catch dangerous criminals. But too often over the past decade, intelligence and law enforcement agencies choose approaches that sweep up information from millions of innocent Americans instead of targeting terrorists and criminals. These approaches don’t make us safer. The changes to Rule 41 allow the F.B.I. to hack millions of victims of cybercrime. These victims of hacks are regular people, not criminals. This is a serious issue that the American people and their elected representatives should consider and debate, rather than allowing the Department of Justice to put into law through an obscure bureaucratic process. There would be overwhelming congressional support for something that gives the F.B.I. the tools it needs, while providing the American people the strong protections they deserve. Is the encryption debate between tech companies and law enforcement unsolvable? It will be a long debate. But look, it’s still possible to use metadata when the government thinks there is a problem. On the security side, we are no longer collecting millions of phone records on people, so that’s solid policy. There is a way to address security while also addressing liberty: by emergency authority and focusing on people who are a threat. Article source
  13. Remove Ransomware Infections From Your PC Using These Free Tools Symantec A how-to on finding out what ransomware is squatting in your PC -- and how to get rid of it. Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike. Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin. Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no garuntee any decryption keys given in return will work. It is estimated that ransomware attacks cost more than $1 billion per year. The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands' police, Europol, Kaspersky and Intel Security, is a hub for victims to find out how to remove infections -- and how to prevent themselves becoming infected in the future. Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data. However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files. The No More Ransom Project offers a quick way to find out what sort of ransomware is on your PC using this step-by-step guide. Alternatively, the Ransomware hunter team runs the ID Ransomware online service which can also be used to identify infections. Below, in alphabetical order, you can find a range of tools and software made available by researchers to scour your PC clean of the most common types of infection. Al-Namrood: Removal tool. Emisoft. Apocalypse: Removal tool. Emisoft. ApocalypseVM: Removal tool. Emisoft. Autolocky: Removal tool. Emisoft. BadBlock: Removal tool. Trend Micro. Alternative: BadBlock: Removal tool. Emisoft. Bart: Removal tool | AVG | Original file copy required Bitcryptor: Removal tool. Kaspersky Cerber v.1: Removal tool. Trend Micro. Chimera: Removal tool. Trend Micro. CoinVault: Removal tool. Kaspersky CrypBoss: Removal tool. Emisoft. CryptoDefense: Removal tool. Emisoft. CryptInfinite: Removal tool. Emisoft. CryptXXX v.1 & 2: Removal tool (.zip). Kaspersky. (*Files encrypted by Trojan-Ransom.Win32.CryptXXX version 3 are detected, but not decrypted) CryptXXX v1, 2, 3, 4, 5: Removal tool. Trend Micro. DMALocker: Removal tool. Emisoft. DMALocker2: Removal tool. Emisoft. Fabiansomware: Removal tool. Emisoft. FenixLocker: Removal tool. Emisoft. Gomasom: Removal tool. Emisoft. Globe: Removal tool. Emisoft. Harasom: Removal tool. Emisoft. HydraCrypt: Removal tool. Emisoft. Jigsaw: Removal tool. Trend Micro. KeyBTC: Removal tool. Emisoft. Lechiffree: Removal tool. Trend Micro. Marsjoke | Polyglot: Removal tool (.zip) | Kaspersky. See also: One more bites the dust: Kaspersky releases decryption tool for Polyglot ransomware Nemucod: Removal tool. Trend Micro. Nemucod: Removal tool. Emisoft. MirCop: Removal tool. Trend Micro. Operation Global III: Removal tool. TeslaCrypt: Removal tool. Cisco. PClock: Removal tool. Emisoft. Petya: Removal tool. Key generator. Philadelphia: Removal tool. Emisoft. PowerWare: Removal tool Rakhni & similar: Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Lortok, Cryptokluchen, Democry: Removal tool (.exe). Kaspersky Rannoh: Removal tool (.zip). Kaspersky Shade v1 & 2: Removal tool. Kaspersky SNSLocker: Removal tool. Trend Micro. Stampado: Removal tool. Trend Micro. Alternative: Removal tool. Emisoft. TeslaCrypt v1, 2, 3, 4: Removal tool. Trend Micro. UmbreCrypt: Removal tool. Emisoft. Vandev: Removal tool. Kaspersky Wildfire: Removal tool (.zip). Kaspersky Xorist: Removal tool. Kaspersky Xorist: Removal tool. Emisoft. (Alternative: Removal tool. Trend Micro.) 777: Removal tool. Trend Micro. Source
  14. CAMBRIDGE, Ma.—The National Security Agency came out in support of encryption again Wednesday, but privacy advocates were quick to contest the agency’s stance, criticizing it for having a different definition of the term than others. Glenn Gerstell, general counsel for the NSA, stressed that the agency believes in strong encryption multiple times during a panel, “Privacy vs. Security: Beyond the Zero-Sum Game,” at Cambridge Cyber Summit here at MIT, on Wednesday. Another panelist, Cindy Cohn, executive director of the Electronic Frontier Foundation, took offense and said that when the NSA uses the word encryption, it should really place an asterisk at the end. “I think there should be an asterisk most of the time. I’ve been in meetings with people from the NSA and FBI and when they say we support strong encryption… what they really mean is strong encryption that only they have access to,” Cohn said. “It sounds disingenuous, it seems what they mean by strong encryption isn’t the same as what the rest of us mean,” Cohn said. Gerstell was echoing sentiments previously made by NSA director Adm. Mike Rogers, and General Michael Hayden, former director of the CIA and NSA. Both have gone on record this year that they support encryption but also admitted that robust crypto provides them with challenges in their day-to-day work. Gerstell said the NSA was focused on encryption but called it “more of a law enforcement issue than an NSA or foreign intelligence issue,” alluding to the difficulties the government faces when terrorist groups like ISIL use encrypted messaging apps to communicate. Likening what the NSA does to gain intelligence as “going spotty, not dark,” Gerstell said at one point though that encryption doesn’t have to be an impenetrable wall and that there can be ways around it. “Just because there’s end-to-end encryption doesn’t mean that’s the end of the problem, Gerstell said, “sometimes people lose passwords to their encrypted devices, someone might forget a password, they might have to reset it – that exposes vulnerabilities. All these things provide an opportunity to exploit that system.” “The government shouldn’t be in the business of breaking our technology, they should be in the business helping make it more secure,” Cohn quipped. The panel, moderated by the Washington Post’s Ellen Nakashima, quickly developed into a spirited privacy versus security debate. Gerstell at one point was forced to defend accusations from Cohn that the NSA frequently hoarded zero-day vulnerabilities and failed to report them to companies, leaving users vulnerable. Gerstell insisted that the NSA discloses the majority of vulnerabilities it encounters, roughly 95 percent. Sometimes however equipment can be out of cycle, or not supported by manufacturers, and that the agency has to withhold them for national security reasons, he said. Cohn fired back, citing the NSA’s “extremely vague” response to a FOIA request the EFF filed regarding the government’s Vulnerability Equities Process in 2014. Cohn told Gerstell the government’s level of being forthcoming around the issue is far below what the general public expects. While we’re almost half a year removed from this spring’s FBI vs. Apple encryption debacle, it clearly hasn’t halted the conversation, or vitriol, around the topic of encryption. Another panelist, Daniel Weitzner, the founding director of MIT’s Internet Policy Research Initiative and a principal research scientist at MIT CSAIL, said that we’re getting tripped up on the encryption debate – something, he said, was really just a narrow slice of the conversation. “Let’s find a solution,” Weitzner said, “I believe the technical community has an obligation to help the intelligence community investigate crime and terrorism. We should be talking about all the other ways law enforcement can be effective with encryption.” Near the panel’s end, the professor said that we’ll likely never have perfectly secure systems, but that end-to-end encryption will soon be ubiquitous and that the world needs to adapt. “It’s very clear that end-to-end encryption is going to be widely available, all around the world, non-U.S. sources, terrorists will be able to use it,” Weitzner said. “That’s not a good thing but I don’t think that’s a thing that we can control. The question now is; where are our strategic interests – in the security and trust of users overall or guaranteeing this can be used in law enforcement investigation? I think given the numbers, we have to err on the side of protecting the law-abiding users,” Weitzner said. Source: https://threatpost.com/eff-nsas-support-of-encryption-disingenuous/121134/
  15. Do you trust your messaging app even though it uses end-to-end encryption? As I previously said end-to-end encryption doesn't mean that your messages are secure enough to hide your trace. It's because most of the messaging apps still record and store a lot of metadata on your calls and messages that could reveal some of your personal information including dates and durations of communication, as well as the participants' phone numbers. Apple's iMessage app is the most recent and best example of this scenario. Just recently it was reported that the company stores a lot of information about its end-to-end encrypted iMessage, that could reveal your contacts and location, and even share this data with law enforcement via court orders. But if you are using open source end-to-end encrypted Signal app, you are on the safer side. Trust me! As we previously reported that the Signal app, which is widely considered the most secure of all other encrypted messaging apps, stores minimum information about its users. This was just recently proved when the app was put to the test earlier this year when an FBI subpoena and gag order demanded a wide range of information on two Signal users, but the authorities got their hands on information that’s less or no use in the investigation. Open Whisper Systems, the makers of Signal, revealed Tuesday that the company had received a federal subpoena earlier this year for records and other details on two of its users as part of a federal grand jury investigation in Virginia. But unfortunately for the government, Signal keeps as little data as possible on its users, and therefore Open Whisper Systems was unable to hand over anything useful to the FBI agents that could help them in their investigation. Here's what the FBI demanded on the two suspects, seeking a subpoena: Subscriber name Payment information Associated IP addresses Email addresses History logs Browser cookie data Other information associated with two phone numbers The request was made in the first half of this year, the court documents unsealed last week showed. And here's what the company turned over to the FBI: "As the documents show, the government's effort did not amount to much—not because OWS refused to comply with the government's subpoena (it complied), but because the company simply does not keep the kinds of information about their customers that the government sought (and that too many technology companies continue to amass)," the ACLU said in a post. "All OWS was able to provide were the dates and times for when the account was created and when it last connected to Signal's servers." You can see a number of court filings related to the subpoena published by the American Civil Liberties Union (ACLU), which is representing Open Whisper Systems in the fight. Much information about the subpoena is still secret — including the case number, the date the subpoena was served, and other details of the underlying case — but it's very much clear that the FBI sought detailed information on two suspects who used Signal app. Open Whisper Systems is also the force behind the Signal Protocol that powers the encryption built into WhatsApp, Facebook Messenger, and Google Allo's Incognito mode. Source: http://thehackernews.com/2016/10/signal-messenger-fbi-subpoena.html
  16. Comprehensive Security Guide i. Foreword The primary purpose of this guide is to offer a concise list of best-of-breed software and advice on selected areas of computer security. The secondary purpose of this guide is to offer limited advice on other areas of security. The target audience is an intermediately skilled user of home computers. Computer software listed are the freeware versions when possible or have free versions available. If there are no free versions available for a particular product, it is noted with the "$" symbol. The guide is as well formatted as I could make it, within the confines of a message board post. This guide is constantly evolving, if it is not as in-depth as you require in any specific area, you can try Google if you're interested in more. ii. Table of Contents i. Foreword ii. Table of Contents 1. Physical Security .. a. Home .. b. Computer .. c. Personal 2. Network Security .. a. Hardware Firewall .. b. Software Firewall 3. Hardening Windows .. a. Pre-install Hardening .. b. Post-install Hardening .. c. Alternative Software .. d. Keep Windows Up-To-Date 4. Anti-Malware .. a. Anti-Virus .. b. HIPS / Proactive Defense .. c. Malware Removal 5. Information and Data Security .. a. Privacy / Anonymity .. b. Encryption .. c. Backup, Erasure and Recovery .. d. Access Control (Passwords, Security Tokens) 6. Conclusion 1. Physical Security I just wanted to touch on a few things in the realm of physical security, and you should investigate physical and personal security in places other than here. a. Home How would you break in to your own home? Take a close look at your perimeter security and work inwards. Make sure fences or gates aren't easy to climb over or bypass. The areas outside your home should be well lit, and motion sensor lights and walkway lights make nice additions to poorly lit areas. If possible, your home should have a security system featuring hardwired door and window sensors, motion detectors, and audible sirens (indoor and outdoor). Consider integrated smoke and carbon monoxide detectors for safety. Don't overlook monitoring services, so the police or fire department can be automatically called during an emergency. Invest in good locks for your home, I recommend Medeco and Schlage Primus locks highly. Both Medeco and Schlage Primus locks are pick-resistant, bump-proof, and have key control (restricted copying systems). Exterior doors should be made of steel or solid-core wood and each should have locking hardware (locking doorknob or handle), an auxiliary lock (mortise deadbolt) with a reinforced strike plate, and a chain. Consider a fireproof (and waterproof) safe for the storage of important documents and valuables. A small safe can be carried away during a robbery, and simply opened at another location later, so be sure and get a safe you can secure to a physical structure (in-wall, in-floor, or secured to something reasonably considered immovable). You may be able to hide or obscure the location of your safe in order to obtain some additional security, but don't make it cumbersome for yourself to access. b. Computer Computers are easy to just pick up and take away, so the only goal you should have is to deter crimes of opportunity. For desktop computers, you may bring your desktop somewhere and an attacker may not be interested in the entire computer, but perhaps just an expensive component (video card) or your data (hard drive), and for that I suggest a well-built case with a locking side and locking front panel. There are a variety of case security screws available (I like the ones from Enermax (UC-SST8) as they use a special tool), or you can use screws with less common bits (such as tamper resistant Torx screws) to secure side panels and computer components. There are also cable lock systems available for desktop computers to secure them to another object. For laptop computers, you are going to be primarily concerned about a grab-and-go type robbery. There are a variety of security cables available from Kensington, which lock into the Kensington lock slot found on nearly all laptops, which you can use to secure it to another object (a desk or table, for example). Remember though, even if it's locked to something with a cable, it doesn't make it theft-proof, so keep an eye on your belongings. c. Personal Always be aware of your surroundings. Use your judgment, if you feel an area or situation is unsafe, avoid it altogether or get away as quickly and safely as possible. Regarding hand to hand combat, consider a self-defense course. Don't screw around with traditional martial arts (Karate, Aikido, Kung-Fu), and stay away from a McDojo. You should consider self-defense techniques like Krav Maga if you are serious about self defense in a real life context. I generally don't advocate carrying a weapon on your person (besides the legal mess that may be involved with use of a weapon, even for self-defense, an attacker could wrestle away a weapon and use it against you). If you choose to carry any type of weapon on your person for self-defense, I advise you to take a training course (if applicable) and to check with and follow the laws within the jurisdiction you decide to possess or carry such weapons. Dealing with the Police Be sure to read Know Your Rights: What to Do If You're Stopped by the Police a guide by the ACLU, and apply it. Its advice is for within the jurisdiction of the US but may apply generally elsewhere, consult with a lawyer for legal advice. You should aso watch the popular video "Don't talk to the police!" by Prof. James Duane of the Regent University Law School for helpful instructions on what to do and say when questioned by the police: regent.edu (Mirror: )Travelling Abroad Be sure and visit the State Department or Travel Office for your home country before embarking on a trip abroad. Read any travel warnings or advisories, and they are a wealth of information for travelers (offering guides, checklists, and travel advice): (US, UK, CA). 2. Network Security As this is a guide geared towards a home or home office network, the central theme of network security is going to be focused around having a hardware firewall behind your broadband modem, along with a software firewall installed on each client. Since broadband is a 24/7 connection to the internet, you are constantly at risk of attack, making both a hardware and software firewall absolutely essential. a. Hardware Firewall A hardware firewall (router) is very important. Consider the hardware firewall as your first line of defense. Unfortunately, routers (usually) aren't designed to block outbound attempts from trojans and viruses, which is why it is important to use a hardware firewall in conjunction with a software firewall. Be sure that the firewall you choose features SPI (Stateful Packet Inspection). Highly Recommended I recommend Wireless N (802.11n) equipment, as it is robust and widely available. Wireless N is backwards compatible with the earlier Wireless G (802.11g) and B (802.11b) standards. 802.11n supports higher speeds and longer distances than the previous standards, making it highly attractive. I recommend any of the following Wireless N compatible routers: Asus: RT-N16, WL500W, RT-N12, RT-N10. Linksys: E3000, E2000, WRT610Nv2, WRT320N. If price is a concern, Wireless G (802.11g) equipment is generally less expensive, as it has been around longer than Wireless N equipment. Range extender antennas and boosters exist if range is an issue, and 125HSM (Afterburner) technology exists to boost single-channel throughput. I recommend any of the following Wireless G compatible routers: Asus: WL-500G Premium, WL500G Deluxe, WL520GU. Linksys: WRT54-GL (or GS v1-v4), WRT54G-TM, WRTSL54GS. Use WPA2/WPA with AES if possible, and a passphrase with a minimum of 12 characters. If you are really paranoid, use a strong random password and remember to change it every so often. Alternatives A spare PC running SmoothWall or IPCop, with a pair of NIC's and a switch can be used to turn a PC into a fully functional firewall. b. Software Firewall A software firewall nicely compliments a hardware firewall such as those listed above. In addition to protecting you from inbound intrusion attempts, it also gives you a level of outbound security by acting as a gateway for applications looking to access the internet. Programs you want can access the internet, while ones you don't are blocked. Do not use multiple software firewalls simultaneously. You can actually make yourself less secure by running two or more software firewall products at once, as they can conflict with one another. Check out Matousec Firewall Challenge for a comparison of leak tests among top firewall vendors. Leaktests are an important way of testing outbound filtering effectiveness. Highly Recommended Comodo Internet Security Comodo is an easy to use, free firewall that provides top-notch security. I highly recommend this as a first choice firewall. While it includes Antivirus protection, I advise to install it as firewall-only and use an alternate Antivirus. Alternatives Agnitum Outpost Firewall Free A free personal firewall that is very secure. Be sure to check out the Outpost Firewall Forums, to search, and ask questions if you have any problems. Online Armor Personal Firewall Free Online Armor Personal Firewall makes another great choice for those who refuse to run Comodo or Outpost. Online Armor 3. Hardening Windows Windows can be made much more secure by updating its components, and changing security and privacy related settings. a Pre-install Hardening Pre-install hardening has its primary focus on integrating the latest available service packs and security patches. Its secondary focus is applying whatever security setting tweaks you can integrate. By integrating patches and tweaks, you will be safer from the first boot. Step 1 - Take an original Windows disc (Windows 2000 or later) and copy it to a folder on your hard drive so you can work with the install files. Step 2 - Slipstream the latest available service pack. Slipstreaming is a term for integrating the latest service pack into your copy of windows. Step 3 -Integrate the latest available post-service pack updates. This can be done with a utility such as nLite or vLite, and post-service pack updates may be available in an unofficial collection (such as the RyanVM Update Pack for XP). Step 4 - Use nLite (Windows 2000/XP) or vLite (Windows Vista/7) to customize your install. Remove unwanted components and services, and use the tweaks section of nLite/vLite to apply some security and cosmetic tweaks. Step 5 - Burn your newly customized CD, and install Windows. Do not connect the computer to a network until you install a software firewall and anti-virus. b. Post-Install Hardening If you have followed the pre-install hardening section, then your aim will be to tweak settings to further lock down windows. If you hadn't installed from a custom CD, you will need to first update to the latest service pack, then install incremental security patches to become current. After updating, you'll then disable unneeded Windows services, perform some security tweaks, and use software such as xpy to tweak privacy options. Disable Services Start by disabling unneeded or unnecessary services. By disabling services you will minimize potential security risks, and use fewer resources (which may make your system slightly faster). Some good guides on disabling unnecessary services are available at Smallvoid: Windows 2000 / Windows XP / Windows Vista. Some commonly disabled services: Alerter, Indexing, Messenger, Remote Registry, TCP/IP NetBIOS Helper, and Telnet. Security Tweaks I highly recommend using a strong Local Security Policy template as an easy way to tweak windows security options, followed by the registry. Use my template (security.inf) to easily tweak your install for enhanced security (Windows 2000/XP/Vista/7): 1. Save the following attachment: (Download Link Soon!) 2. Extract the files. 3. Apply the Security Policy automatically by running the included "install.bat" file. 4. (Optional) Apply your policy manually using the following command: [ secedit /configure /db secedit.sdb /cfg "C:\<Path To Security.inf>\<template>.inf" ] then refresh your policy using the following the command:[ secedit /refreshpolicy machine_policy ] (Windows 2000), [ gpupdate ] (Windows XP/Vista/7) This template will disable automatic ("administrative") windows shares, prevent anonymous log on access to system resources, disable (weak) LM Password Hashes and enable NTLMv2, disable DCOM, harden the Windows TCP/IP Stack, and much more. Unfortunately my template can't do everything, you will still need to disable NetBIOS over TCP (NetBT), enable Data Execution Prevention (AlwaysOn), and perform other manual tweaks that you may use. Privacy Tweaks xpy (Windows 2000/XP) and vispa (Windows Vista/7) These utilities are great for modifying privacy settings. They supersede XP AntiSpy because they include all of XP Anti-Spy's features and more. You should use them in conjunction with the security tweaks I've listed above. c. Alternative Software Another simple way of mitigating possible attack vectors is to use software that is engineered with better or open security processes. These products are generally more secure and offer more features then their Microsoft counterparts. Highly Recommended Mozilla Firefox (Web Browser) Mozilla Thunderbird (Email Client) OpenOffice.org (Office Suite) Alternatives Google Chrome (Web Browser) Opera (Web Browser) The Bat! (Email Client) Google Docs (Online) (Office Suite) Firefox Additions Mozilla has a Privacy & Security add-on section. There are a variety of add-ons that may appeal to you (such as NoScript). And although these aren't strictly privacy related, I highly recommend the AdBlock Plus add-on, with the EasyList and EasyPrivacy filtersets. d. Keep Windows Up-To-Date Speaking of keeping up-to-date, do yourself a favor and upgrade to at least Windows 2000 (for older PC's) and Windows XP Pro (or later) for newer PC's. Windows 9x/Me is completely broken in terms of the possibilities for a secure computing environment, and as such updates for them have been removed from the list. Be sure to keep up-to-date on your service packs, they're a comprehensive collection of security patches and updates, and some may add minor features. Microsoft Windows Service Packs Windows 2000 - Service Pack 4 with Unofficial Security Rollup Package Windows XP - Service Pack 3 with Unofficial Security Rollup Package Windows XP x64 - Service Pack 2 with Unofficial Security Rollup Package Windows Vista - Service Pack 2 Windows 7 - Service Pack 1 Microsoft Office Service Packs Office 2000 - Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office XP (2002) - Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office 2003 - Service Pack 3 with the Office 2007 Compatibility Pack (SP3) and Office File Validation add-in. Office 2007 - Service Pack 3with the Office File Validation add-in. Office 2010 - Service Pack 1 After the service pack, you still need to keep up-to-date on incremental security patches. Windows supports Automatic Updates to automatically update itself. However, if you don't like Automatic Updates: You can use WindowsUpdate to update windows periodically (Must use IE5 or greater, must have BITS service enabled), or you can use MS Technet Security to search for and download patches individually, or you can use Autopatcher, an unofficial updating utility. In addition to security patches, remember to keep virus definitions up-to-date (modern virus scanners support automatic updates so this should not be a problem), and stay current with latest program versions and updates, including your replacement internet browser and mail clients. 4. Anti-Malware There are many dangers lurking on the internet. Trojans, viruses, spyware. If you are a veteran user of the internet, you've probably developed a sixth-sense when it comes to avoiding malware, but I advocate backing up common sense with reliable anti-malware software. a. Anti-Virus Picking a virus scanner is important, I highly recommend Nod32, but there are good alternatives these days. Check out AV Comparatives for a comparison of scanning effectiveness and speed among top AV vendors. Highly Recommended Nod32 Antivirus $ I recommend Nod32 as a non-free Antivirus. Features excellent detection rates and fast scanning speed. Nod32 has a great heuristic engine that is good at spotting unknown threats. Very resource-friendly and historically known for using less memory than other AV's. There is a 30 day free trial available. Alternatives Avira AntiVir Personal I recommend Avira as a free Antivirus. Avira is a free AV with excellent detection rates and fast scanning speed. Kaspersky Anti-Virus $ Kaspersky AV is a good alternative to Nod32. Features very good detection rates, and fast scanning speed. Online-Scanners Single File Scanning Jotti Online Malware Scan or VirusTotal These scanners can run a single file through a large number of different Antivirus/Antimalware suites in order to improve detection rates. Highly recommended. Whole PC Scanning ESET Online Scanner Nod32 Online Antivirus is pretty good, ActiveX though, so IE only. There is a beta version available that works with Firefox and Opera. b. HIPS / Proactive Defense Host-based intrusion prevention systems (HIPS) work by disallowing malware from modifying critical parts of the Operating System without permission. Classic (behavioral) HIPS software will prompt the user for interaction before allowing certain system modifications, allowing you stop malware in its tracks, whereas Virtualization-based HIPS works primarily by sandboxing executables. Although HIPS is very effective, the additional setup and prompts are not worth the headache for novice users (which may take to just clicking 'allow' to everything and defeating the purpose altogether). I only recommend HIPS for intermediate or advanced users that require a high level of security. Highly Recommended I highly recommend firewall-integrated HIPS solutions. Comodo Defense+ is a classic HIPS built into Comodo Internet Security, and provides a very good level of protection. Outpost and Online Armor provide their own HIPS solutions, and the component control features of the firewalls are powerful enough to keep unwanted applications from bypassing or terminating the firewall. If you want to use a different HIPS, you can disable the firewall HIPS module and use an alternative below. Alternatives Stand-alone HIPS solutions are good for users who either don't like the firewall built-in HIPS (and disable the firewall HIPS), or use a firewall without HIPS features. HIPS based on Behavior (Classic) ThreatFire ThreatFire provides a strong, free behavioral HIPS that works well in conjunction with Antivirus and Firewall suites to provide additional protection. HIPS based on Virtualization DefenseWall HIPS $ DefenseWall is a strong and easy-to-use HIPS solution that uses sandboxing for applications that access the internet. GeSWall Freeware GeSWall makes a nice free addition to the HIPS category, like DefenseWall it also uses sandboxing for applications that access the internet. Dealing with Suspicious Executables You can run suspicious executables in a full featured Virtual Machine (such as VMware) or using a standalone sandbox utility (such as Sandboxie) if you are in doubt of what it may do (though, you may argue that you shouldn't be running executables you don't trust anyway). A more advanced approach to examining a suspicious executable is to run it through Anubis, a tool for analyzing the behavior of Windows executables. It displays a useful report with things the executable does (files read, registry modifications performed, etc.), which will give you insight as to how it works. c. Malware Removal I recommend running all malware removal utilities on-demand (not resident). With a firewall, virus scanner, HIPS, and some common sense, you won't usually get to the point of needing to remove malware... but sometimes things happen, perhaps unavoidably, and you'll need to remove some pretty nasty stuff from a computer. Highly Recommended Anti-Spyware Spybot Search & Destroy Spybot S&D has been around a long time, and is very effective in removing spyware and adware. I personally install and use both Spybot & Ad-Aware, but I believe that Spybot S&D has the current edge in overall detection and usability. Anti-Trojan Malwarebytes' Anti-Malware Malwarebytes has a good trojan detector here, and scans fast. Anti-Rootkit Rootkit Unhooker RKU is a very advanced rootkit detection utility. Alternatives Anti-Spyware Ad-Aware Free Edition Ad-Aware is a fine alternative to Spybot S&D, its scanning engine is slower but it is both effective and popular. Anti-Trojan a-squared (a2) Free a-squared is a highly reputable (and free) trojan scanner. Anti-Rootkit IceSword (Mirror) IceSword is one of the most capable and advanced rootkit detectors available. 5. Information and Data Security Data can be reasonably protected using encryption and a strong password, but you will never have complete and absolute anonymity on the internet as long as you have an IP address. a. Privacy / Anonymity Anonymity is elusive. Some of the following software can help you achieve a more anonymous internet experience, but you also must be vigilant in protecting your own personal information. If you use social networking sites, use privacy settings to restrict public access to your profile, and only 'friend' people you know in real life. Don't use (or make any references to) any of your aliases or anonymous handles on any websites that have any of your personal information (Facebook, Amazon, etc..). You should opt-out from information sharing individually for all banks and financial institutions you do business with using their privacy policy choices. You should opt-out of preapproved credit offers (US), unsolicited commercial mail and email (US, UK, CA), and put your phone numbers on the "Do Not Call" list (US, UK, CA). Highly Recommended Simply install and use Tor with Vidalia to surf the internet anonymously. It's free, only downside is it's not terribly fast, but has fairly good anonymity, so it's a tradeoff. Keep in mind its for anonymity not for security, so make sure sites you put passwords in are SSL encrypted (and have valid SSL certificates), and remember that all end point traffic can be sniffed. You can use the Torbutton extension for Firefox to easily toggle on/off anonymous browsing. POP3/IMAP and P2P software won't work through Tor, so keep that in mind. Portable Anonymous Browsing The Tor Project now has a "Zero-Install Bundle" which includes Portable Firefox and Tor with Vidalia to surf anonymously from a USB memory stick pretty much anywhere with the internet. It also includes Pidgin with OTR for encrypted IM communications. Note: These won't protect you from Trojans/Keyloggers/Viruses on insecure public terminals. Never type important passwords or login to important accounts on a public computer unless it is absolutely necessary! Alternatives I2P functions similar to Tor, allowing you to surf the general internet with anonymity. IPREDator $ is a VPN that can be used to anonymize P2P/BitTorrent downloads. Freenet is notable, but not for surfing the general internet, it's its own network with its own content. b. Encryption For most people, encryption may be unnecessary. But if you have a laptop, or any sort of sensitive data (whether it be trade secrets, corporate documents, legal or medical documents) then you can't beat the kind of protection that encryption will offer. There are a variety of options available today, including a lot of software not listed here. A word to the wise, please, please don't fall for snake oil, use well established applications that use time tested (and unbroken) ciphers. Regardless of what software you use, the following "what to pick" charts will apply universally. If you have to pick an encryption cipher: Best: AES (Rijndael) (128-bit block size) Better: Twofish (128-bit block size), Serpent (128-bit block size) Good: RC6 (128-bit block size) Depreciated: Blowfish (64-bit block size), CAST5 (CAST-128) (64-bit block size), Triple-DES (64-bit block size) When encrypting large volumes of data, it is important to pick a cipher that has a block size of at least 128-bytes. This affords you protection for up to 2^64x16 bytes (264 exabytes) . 64-bit block ciphers only afford protection of up to 2^32x8 bytes (32 gigabytes) so using it as a full disk or whole disk encryption cipher is not recommended. The depreciated list is only because some of you might be stuck using software that only supports older encryption methods, so I've ordered it from what I feel is best to worst (though all three that are on there are pretty time tested and if properly implemented, quite secure). If you have to pick a hash to use: Best: Whirlpool (512-bit) Better: SHA-512 (512-bit), SHA-256 (256-bit) Good: Tiger2/Tiger (192-bit), RIPEMD-160 (160-bit) Depreciated: RIPEMD-128, SHA-1, MD-5. With all the recent advances in cryptanalysis (specifically with work on hash collisions) These days I wouldn't trust any hash that is less than 160-bits on principle. To be on the safe side, use a 192-bit, 256-bit, or 512-bit hash where available. There will be cases where your only options are insecure hashes, in which case I've ordered the "depreciated" list from best to worst (they are all varying levels of insecure). Many older hashes (MD4, MD2, RIPEMD(original), and others) are totally broken, and are not to be used. A quick software rundown, these applications are popular and trusted: Highly Recommended Freeware Whole Disk Encryption TrueCrypt Based upon E4M, TrueCrypt is a full featured disk encryption suite, and can even be run off a USB memory stick. TrueCrypt supports the whole disk encryption of Windows, with pre-boot authentication. Very nice. If you can't use whole-disk encryption (WDE), you can use the TCTEMP add-on to encrypt your swapfile, temp files and print spooler, and you can use the TCGINA add-on to encrypt your windows home directory. (Note: TCTEMP/TCGINA is less secure than WDE, and only preferable if WDE is not an option. WDE is highly recommended.). Freeware PKI Encryption GnuPG (GPG) GnuPG provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, and encryption and decryption of documents and email messages. Freeware Email Encryption Enigmail Enigmail is truly a work of art, it integrates with GnuPG and provides seamless support for encryption and decryption of email messages, and can automatically check PGP signed documents for validity. (Enigmail requires both Mozilla Thunderbird and GnuPG) Alternatives Encryption Suite (with Whole Disk and Email Encryption) PGP Full Disk Encryption $ PGP provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, encryption and decryption of documents and email messages, volume disk encryption, whole disk encryption, outlook integration, and instant messenger encryption support. c. Backup, Erasure and Recovery // This section is under construction. Backups Your data might be safe from prying eyes, but what if you are affected by hardware failure, theft, flood or fire? Regular backups of your important data can help you recover from a disaster. You should consider encryption of your backups for enhanced security. Local Backup Cobian Backup Cobian Backup is a fully-featured freeware backup utility. SyncBack Freeware, Macrium Reflect Free SyncBack Freeware and Macrium Reflect Free are feature-limited freeware backup utilities. Off-site Backup SkyDrive (25GB, filesize limited to 100MB), box.net (5GB) SkyDrive and box.net offer free online storage, useful for easy offsite backups. Be sure to utilize encrypted containers for any sensitive documents. Data Destruction It would be better to have your data residing in an encrypted partition, but sometimes that may not be possible. When sanitizing a hard drive, I recommend using a quality Block Erase tool like DBAN followed by a run-through with ATA Secure Erase if you really want a drive squeaky clean. Block erasing is good for data you can normally reach, but ATA secure erase can hit areas of the drive block erasers can't. As for multiple overwrite passes, there is no proof that data overwritten even one time can be recovered by professional data recovery corporations. For moderate security, a single pseudorandom block-erase pass (random-write) followed by an ATA Secure Erase pass (zero-write) is sufficient to thwart any attempts at data recovery. For a high level of security, a "DoD Short (3 pass)" block-erase pass followed by an ATA Enhanced Secure Erase will ensure no recovery is possible. Single-File/Free Space Erase - If you are interested in just erasing single files or wiping free space, you can use the Eraser utility. Block Erase - For hard drive block-erasure, use DBAN. ATA Secure Erase - For ATA Secure Erasing, use the CMRR Secure Erase Utility. CMRR Secure Erase Protocols (.pdf) - http://cmrr.ucsd.edu...seProtocols.pdf NIST Guidelines for Media Sanitation (.pdf) - http://csrc.nist.gov...800-88_rev1.pdf File Recovery Software This is kind of the opposite of data destruction. Keep in mind no software utility can recover properly overwritten data, so if it's overwritten there is no recovery. Highly Recommended Recuva Recuva is an easy to use GUI-based recovery utility. Alternatives TestDisk and PhotoRec These tools are powerful command-line recovery utilities. TestDisk can recover partitions, and PhotoRec is for general file recovery. Ontrack EasyRecovery Professional $ EasyRecovery is one of the best paid utilites for file recovery. d. Access Control (Passwords, Security Tokens) // This section is under construction. Secure Passwords //Section under construction. Your security is only as strong as its weakest password. There are a few basic rules to follow when creating a strong password. Length - Passwords should be at least 12 characters long. When possible, use a password of 12 or more characters, or a "passphrase". If you are limited to using less than 12 characters, you should try and make your password as long as allowable. Complexity - Passwords should have an element of complexity, a combination of upper and lowercase characters, numbers, and symbols will make your passwords much harder to guess, and harder to bruteforce. Uniqueness - Passwords should avoid containing common dictionary words, names, birthdays, or any identification related to you (social security, drivers license, or phone numbers for example). Secret - If you have a password of the utmost importance, do not write it down. Do not type them in plain view of another person or share them with anyone. Avoid use of the same password in multiple places. Security Tokens Security Tokens are cryptographic devices that allow for two-factor authentication. Aladdin eToken Safenet iKey IronKey Basic 6. Conclusion And here we are at the end! I would like to thank all of you for taking the time to read my guide, it's a few (slow) years in the making and I've kept it up to date. This guide is always changing, so check back from time to time. Revision 1.10.018-upd3 Copyright © 2004-2012 Malakai1911, All Rights Reserved The information contained within this guide is intended solely for the general information of the reader and is provided "as is" with absolutely no warranty expressed or implied. Any use of this material is at your own risk, its authors are not liable for any direct, special, indirect, consequential, or incidental damages or any damages of any kind. This guide is subject to change without notice. Windows_Security_Template__1.10.015_.zip
  17. Users will receive an error when trying to access web servers that use weak Diffie-Hellman key exchange with weak keys To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys. Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be used with TLS's ephemeral modes, which provide forward secrecy -- a property that prevents the decryption of previously captured traffic if the key is cracked at a later time. However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman key exchange imposed on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the key size to 512 bits. In May 2015 around 7 percent of websites on the internet were vulnerable to the attack, which was dubbed LogJam. "In response to recent developments attacking Diffie-Hellman key exchange and to protect the privacy of Firefox users, we have increased the minimum key size for TLS handshakes using Diffie-Hellman key exchange to 1023 bits," David Keeler, a Mozilla security engineer, said in a blog post Friday. A small number of servers are still not configured to use strong enough keys and Firefox users trying to access them will receive an error called “ssl_error_weak_server_ephemeral_dh_key," Keeler said. According to a recent survey of the top 140,000 HTTPS websites on the internet by traffic, around 5 percent of them used keys smaller than 1024 bits. The currently recommended size is 2048 bits and over 67 percent of these sites conform to that. Article source
  18. Encryption is a method used to enhance security and privacy of the data or information that is sensitive to be accessed by any random person. Encryption is a name of the process which converts the actual data and information in an unreadable and coded format, which is protected by an encryption key set by the authorized user only. The data can be decrypted when the authorized user correctly enters the key. There are different categories of Encryption like file encryption, full disk encryption, device encryption and the VPN encryption. Cyber crimes are very common these days as hackers, spammers and other snoopers including the government security and surveillance agencies have started using high-end technology to get the access to your network, and steal your sensitive information and data. Which not only harm your device physically but it is also dangerous for your confidential information like bank account details, credit card information, private conversations, photos, videos, and other similar information. No one ever wants such sensitive data to be in wrong hands. You don’t need to worry, because there is a solution for this as well which is used by millions of users around the globe, and that is internet data encryption. How can internet data be encrypted? It is done by a tool called Virtual Private Network (VPN) and VPN encryption. What is VPN Encryption? And How It Works? VPN Encryption is a process by which a VPN hides your data in a coded format unreadable by anyone trying to snoop on your data. A VPN encrypts the data, when it enters, and passes through its tunnel and then decrypts it at the other end where the VPN server connects you to your requested website, meanwhile, through the transfer, all your login details are kept secure and hidden by VPN encryption. Let’s learn something about the technological aspects of VPN encryption below. Types of VPN A VPN uses different combinations and techniques for encryption which can be easily understood when you know the types of VPN and the protocols they use for encryption and security. Site – to – Site VPN Offices mainly use a Site-to-Site VPN also known as Router-to-Router VPN. Companies often need to connect one of its offices to another office remotely with the privacy and secrecy maintained and this is achieved by installing a site-to-site VPN, which builds a private encrypted tunnel and provides a secure connection between the office branches in any location of the world. It is called router-to-router VPN as well because here one router acts as a VPN Client and the other serves as a VPN server to provide secure and anonymous internet within the offices which are located in different geographical locations. Remote Access VPN A Remote Access VPN provides the internet connection to its users remotely by its private network. It is used by home users and office employees mostly to connect to their company’s server when traveling away from the office location. It provides connection to the individuals by creating a secure virtual tunnel between the user’s computer or device and the VPN server and connects them to the internet with a secure encrypted tunnel. This type of VPN is usually used by home users to get rid of geo-restrictions and to access the blocked websites in their region, whereas office employees use it when they want to access the company’s server from a different location. Types of VPN Protocols The level of privacy and security that you get from a VPN is dependent on what type of protocol it uses to secure your data and maintains privacy. There are different types of VPN protocols which are used by the VPN providers; each type of VPN protocol mentioned below provides different level of security, so let’s take a look at them. IPSec – Internet Protocol Security Internet Protocol Security or IPSec is a most common VPN protocol used by site-to-site VPNs to ensure the safety of the data on IP networks, including the internet. It can secure data between router to router, firewall to the router, desktop to server, and desktop to router. It mainly uses two sub-protocols: Encapsulated Security Payload (ESP) and Authentication Header (AH), which instructs the data packets traveling through the tunnel. Both sends different instructions based on which type of data packets transfers via the tunnel. L2TP – Layer 2 Tunneling Protocol It is a tunneling protocol used with the combination of IPSec to build high-end security and privacy and a highly secure VPN connection. It is also supported by site-to-site VPN but used by the remote access VPNs as it is the primary point-to-point protocol (PPP) used majorly as a tunneling protocol along with other encryption protocols combination like IPsec to strengthen and enhance the level of security and privacy. PPTP – Point – to – Point Tunneling Protocol It is responsible for encrypting the data from one point to another only by creating an encrypted tunnel and transferring data from it. PPTP protocol is the most commonly used protocol and support thousands of operating systems and devices. It supports 40-bit and 128-bit encryption or any other encryption scheme supported by PPP. OpenVPN OpenVPN is an open-source software application which uses VPN mechanism to create a secure point-to-point connection in virtual tunnels and remote access features. It is considered as the most secure VPN protocol capable of providing many mixed and complex security protocol functions. SSTP – Secure Socket Tunneling Protocol It is mainly used for high-end encryption in Windows as it’s a Microsoft proprietary protocol so where OpenVPN is not supported SSTP can be implemented for the same level of security and encryption, and it is stronger than PPTP and L2TP/IPSec. VPN Encryption VPNs are used for security and privacy, and it is critical that they must be encrypted so as to make sure all your data and internet activities are hidden from anyone trying to spy on your network. Well, that is the primary purpose of using a VPN service, but yes there are some VPNs which can ditch you regarding security and encryption and maybe those are VPN without encryption. We have given you brief information about how VPN encrypts and what system and mechanism they use to provide security and encryption, so from now on you know what you have to look for in a VPN for the best privacy and security. Secure Sockets Layer (SSL) VPN Encryption Unlike other traditional VPN protocols which are used in particular VPN software, Secure Sockets Layer SSL VPN encryption isused for web browser and can be used in browsers extension which doesn’t require any specific app to install and setup. It can be directly added to the internet browser and has an on/off switch to operate it when you need to use it and turn off when you are done with it. It is mainly used to provide remote users the access to client/server applications, Web applications, and internal network connections, etc. Multi-Protocol Label Switching (MPLS) VPN Encryption Multi-Protocol Label Switching (MPLS) is a method use to build virtual private networks VPNs. It is a convenient and flexible way to route and transfers various types of network traffic using the MPLS backbone structure, the most common types of MPLS VPNs used today are Point-to-point (Pseudowire) Layer 2 (VPLS) Layer 3 (VPRN) Encrypted VPN Tunnel A VPN tunnel is a way through which it connects your computer to its server and it is crucial that it must be fully secure and encrypted, a VPN tunnel which is encrypted ensures all your data travelling through it, is hidden from the eyes of anyone trying to snoop on your network, while an unencrypted tunnel can leak your data information due to weak encryption protocols. VPN Without Encryption It is not necessary that all VPNs offer encryption. It is a very rare case that a VPN tunnel is unencrypted, but it happens, some VPN might not use encryption for the protection of data traveling via a tunnel. For example, it is possible that a VPN tunnel set up between two hosts uses Generic Routing Encapsulation (GRE) which is expected to be encrypted, but it is neither secure nor trusted. Such VPNs without encryption are dangerous and trap users’ data because user believes that all of their data is safe, and no one can see what they are doing online, but that is where they are wrong and sometimes even using such unencrypted VPN people gets attacked by cyber criminals. VPN Encryption Algorithms VPN uses protocols and some encryption algorithms for the ultimate privacy protection there are mainly three VPN encryption algorithms which are used by the commercial or standard VPN companies AES, RSA, and SHA, etc. which can be briefly described below. AES-AES (Advanced Encryption Standard) It is a secure algorithm used in symmetric key encryption. It supports various key lengths of 128, 192, and 256 bit, the longer the key length would be the stronger the encryption which also means it takes more time in processing which results in slower connection speed. RSA It is based on the name initials of the persons who officially described this algorithm in past years. It is used in an asymmetric public key system, which means a public key is used to encrypt the data, but a different private key is used to decrypt it. It is usually used by all the current VPN protocols like OpenVPN, SSTP, etc. for the best and strong encryption. Secure Hash Algorithm (SHA) SHA- Secure Hash Algorithm (SHA) created by Cisco; this algorithm is very secure and strong and requires both the sender and receiver to imply with this algorithm while encrypting and decrypting the message or the data traveling through the VPN tunnel. Conclusion After all the discussion we have done to let you know entirely about what a VPN does for your privacy and security and how it does so, we helped a little more towards the protection of your internet privacy and encryption. Article source
  19. CatchApp Tool Can Siphon Encryption WhatsApp Messages From A Distance Israeli company claims it has developed CatchApp tool which can siphon encrypted WhatsApp data from a distance You may have seen in many Hollywood movies in which the main protagonist, an agent from the CIA or FBI placing his/her mobile besides the victim’s smartphone and copying data from it. Up to now, siphoning data from any smartphone just by being in its proximity was considered fiction but now an Israeli cyber surveillance company claims it has developed a sophisticated tool called CatchApp which can siphon off all WhatsApp chats, including encrypted communications, from phones within close proximity of a hidden Wi-Fi hacking device in a backpack. Haifa-based Wintego has released brochures for its CatchApp tool which it calls as a WhatsApp interceptor. Wintego promises that the Catchall App has an “unprecedented capability” to break through WhatsApp encryption and grab full data from a target’s account. It does so through a “man-in-the-middle” (MITM) attack; in theory, the traffic is intercepted between the app and the WhatsApp server and somehow the encryption is decoded by the device, though that may not be possible with the latest upgrades to the software’s cryptography. The company did not elaborate on how its CatchApp tool manages to decode/decrypt the WhatsApp encryption but Forbes has noted that the tool works on most versions of WhatsApp. The company has released the brochures of the App to advertise it to different police and law enforcement agencies around the globe. The CatchApp tool is a part of larger Wintego arsenal called WINT. According to the company, WINT hacking tool can fit into backpack. The company calls WINT a “data extraction solution” and says that it can can obtain “the entire contents of your targets’ email accounts, chat sessions, social network profiles, detailed contact lists, year-by-year calendars, files, photos, web browsing activity, and more” just by being near the victim’s PC/laptop/smartphone. It does that by acquiring login credentials for distinct accounts and then silently downloads “all the data stored therein”. Wintego claims WINT first gains access to a device by intercepting Wi-Fi communications, whether they’re open or private encrypted networks. WINT uses four separate Wi-Fi access points so it can track multiple targets and high-gain antennas to catch those at a distance. It’s small enough to fit into any backpack, said Wintego, so is ideal for stealthy operations. The details about Wintego dealings are top secret but reports indicate that it was founded by alumni of Verint, another Israeli firm. Verint itself was the top cyber surveillance tools supplier for America’s National Security Agency (NSA). According to Forbes, Yuval Luria acts as the face of the company, promoting the kit at major surveillance shows. He recently presented at the ISS World Training event in Prague (also known as the Wiretappers’ Ball), giving a talk on A Hybrid Tactical-Strategic Approach for Extracting Cyber Intelligence. Nhevo Kaufman appears to act as company chief, having set up the firm’s website back in 2011. Both the above tools are for sale only to police, law enforcement and spy firms but it is nowhere stated that the same can’t be bought by rogue actors. Source
  20. All Private Internet Access Settings Explained The guide provides explanations for all settings and features of the Private Internet Access client for the Windows operating system. Private Internet Access is a popular VPN provider. The company has a strict no-logging policy which have been verified in court this year. Customers may download one of the available clients for their operating system. The Windows client ships with a list of features that you may enable to improve your privacy and security while being connected to one of the company servers. The following guide lists and explains all settings that the Windows client version of Private Internet Access provides currently. We have used the latest version of the client, version 0.65, for that. We will update the guide when features change. If you notice that before us, let us know in the comments so that we can update the article. Private Internet Access VPN Settings You can open the settings by right-clicking on the Private Internet Access icon in the Windows system tray area. Please note that you can only access the settings if you are not connected to the VPN at that time. If you are, you need to disconnect first before you can do so. The client uses three configuration pages of which one, simple, is not of much use. Advanced Settings The advanced settings page, which you see on the screenshot above, lists several options that you want to check out and configure. Username: your PIA username Password: the associated password of the account. Start application at login: whether the VPN software is started on Windows boot. Auto-connect on launch: whether the software connects to the VPN server when it is started. Show desktop notifications: whether notifications are shown on the desktop (e.g. on connection or disconnect). Region: The region you want to connect to. Tip: You can run speed tests for any server region to find out how well it performs. Connection type: Select UPD or TCP as the connection type. Default is UDP. Remote port: Set to auto by default, but you may specify a port there. Local port: Set a local port. Request port forwarding: The port that is being used is shown when you hover over the PIA icon in the system tray area. This can be useful to set it up in applications. PIA MACE: This is a new feature of Private Internet Access. It acts as a blocker for advertisement, malware, trackers and other undesirable elements. You have no control currently apart from enabling or disabling the blocker. VPN Kill Switch: This terminates the Internet connection if the connection to the VPN drops. Useful if you don't want your "real" IP address to be logged by services you connect to while using a VPN. IPv6 leak protection: This disables the use of IPv6 while connected to the VPN. Use small packets: If you notice connection issues, e.g. connections that drop frequently, you may want to enable this option to see if it resolves that issue. Debug mode: You may be asked to enable debug mode by PIA support. The log is written to C:\Program Files\pia_manager\log. While it is up to you and your requirements what to enable on the settings page, it is usually a good idea to enable all features but PIA MACE and Debug mode. Encryption A click on encryption displays options to set various encryption related parameters. Data Encryption: Select one of the available encryption standards. Available are AES-128, AES-256 and None. Data Authentication: Select one of the available cryptographic hash functions. Available are SHA-1, Sha-256 and None. Handshake: Encryption used to establish a secure connection with Private Internet Access servers. Pia uses TLS 1.2. The default is RSA-2048. The selection depends largely on your requirements. Want maximum protection? Select AES-256, SHA-256 and RSA-4096. Want all speed and no safety at all? Pick None, None and ECC-256k1. The default recommendation is AES-128, SHA-1 and RSA-2048. The client displays warning if you choose none for data encryption or data authentication, or when you chose ECC for Handshake. Now Read: Private Internet Access rubyw.exe connections explained Source
  21. Using qubits instead of bits gives quantum computers new power to decode communications. Google wants to nip that possibility in the bud. Want to thwart quantum computer decryption? Better start studying now. Google released a beta test version of its Chrome browser that attempts to keep your data secure even if today's uncrackable encryption becomes tomorrow's code-breaking cakewalk. The Chrome 54 beta gets the ability to encipher data sent to and from websites with a technology called CECPQ1. It "protects against future attacks using large quantum computers," Google said in a blog post Thursday. Google is pushing hard to keep people's data private, pushing encrypted web connections and paying hundreds of thousands of dollars to those who report sophisticated security problems. That causes heartburn for law enforcement and spies, but tech giants ramped up encryption efforts after former NSA contractor Edward Snowden revealed the extent of US government surveillance efforts. Quantum computers are bizarre, storing data with qubits that can be both 0 and 1, a principle called superposition, instead of regular computers with bits of either 0 or 1. They've barely even reached the experimental stage, but if they mature, their unique design could undermine a key part of today's encryption technology. Today, encryption relies on the computational difficulty of figuring out which two large prime numbers are factors to an even larger number. But with superposition, a quantum computer can test an immense amount of possibilities simultaneously to find the right pair of primes quickly. Article source
  22. Encryption is a powerful tool for keeping communications private, but it can also put your data at risk. It creates a blind spot in the defenses of a firewall which reduces the effectiveness of malware detection. It also reduces the ability to manage content on a business’s network. SonicWALL created DPI-SSL to stop threats over encrypted channels and unnecessary uses of bandwidth. Encryption Overview There has always been a need to encrypt data to protect it from being read by third parties. Hypertext Transport Protocol (HTTP), the protocol by which all browsers communicate with server hosts was expanded to include HTTPS which is the secure/encrypted version. It is essentially HTTP utilizing one of two encryption methodologies; either SSL (Secure Sockets Layer) or TLS (Transport Layer Security). When visiting a website utilizing a browser, usually the address begins with either “http://” or “https://”, the latter indicating that the session is encrypted. The process by which the encrypted session takes place is the result of encryption keys that are exchanged between the server (website) and the client (browser). In order to ensure the authenticity of the keys, a digital certificate is awarded to the owner of the server by a recognized Certificate Authority (or CA). The CA must be trusted and go through a certification process to be included in the various browsers such as Chrome, Internet Explorer or Mozilla Firefox. There are about 50 Certificate Authorities recognized by various browsers. Browsers use digital certificates to verify the private keys exchanged at the start of a secure browsing session. Modern encryption mechanisms make it nearly impossible to decrypt data transported using this method without those keys. It’s also important to know that one of the responsibilities of the issuing CA is to take reasonable steps to ensure the integrity of the entities they are issuing the digital certificates to. The main reason is that not only do you want the session to be encrypted, but you also want to know that the entity that you are having an encrypted session with is trustworthy. The whole concept of trust has been the basis of the widespread use of what is known as Public Key Encryption or PKI used by every browser and every secure website. Which Network Traffic is Encrypted and Why? Encryption is used to keep prying eyes or ears from observing confidential data. Sites like banking, insurance, healthcare, etc. or any site where an exchange of a user ID and password must be kept confidential utilized encryption to protect users’ data. But today, that is no longer the case. It is estimated that by the end of 2016, more than 50% of all Internet traffic will be encrypted. You might wonder who’s doing all this encryption and why they are doing it. The answer to “who?” is Netflix, Google, YouTube, Facebook, and others. Netflix generates the largest amount of encrypted traffic on the Web. You may wonder why it is important to encrypt data that doesn’t seem to have information that would be confidential. Simply put, as with all other technology shifts like this, it is economics. Over the past several years, advances in technologies have allowed next generation firewalls to identify all types of network traffic by their unique profiles. This allows network administrators to manage bandwidth or block traffic that is not desirable on business networks. Those technologies match the streams of data to known signatures that then allow policies in a firewall to determine what should be done with the traffic. A business might want to restrict the amount of bandwidth taken up by YouTube or Netflix so that critical business applications can function as expected. Or you might even want to block certain traffic altogether. And more importantly, the content providers don’t want you to stop their content from reaching their audience so they figured out how to get their content to end users with encryption. With encryption, the ability to identify traffic is dramatically reduced or eliminated. When an encrypted session is established, all communications that would allow a firewall to identify the website visited or the data being transported will be encrypted and therefore unidentifiable. So when the data is encrypted, the most popular means for identifying what the traffic is, no longer works. It simply can’t identify the traffic and therefore act on it. What’s more, malicious software (Malware) can also be encrypted making it impossible for signature based firewalls to stop it before it reaches its destination. So encryption dramatically reduces or eliminates the effectiveness of the best-known defenses against malware along with a business’s ability to manage the type and quantity of content that traverses their network. Why Encrypted Traffic Can’t Be Trusted There are two major reasons why encrypted traffic can no longer be trusted. To begin with, when you go to a site you probably think you can trust, that may not be the case. For example, if you go to CNN, MSN, Yahoo, etc., much of what is on those sites is ads that are being dished up by ad services such as DoubleClick or Akamai. They, in turn, dish up ads that were paid for by third party advertisers. If you are visiting an encrypted site, the ad content will also be encrypted. It is nearly impossible for the ad servers to monitor every bit of ad content to ensure its integrity. So active ad content may contain malware which is referred to as “malvertising”. In addition, even if that content contains no actual malware, it often has the ability to redirect you to a site that hosts malware. This brings us to the other reason encrypted traffic can no longer be trusted. In the early days of digital certificates, the issuing Certificate Authorities took significant steps to ensure the entity that a certificate was being issued to was trustworthy. That is no longer the case. The market for certificates has become commoditized and when that happens, generally prices go down – which they have. The result for a CA is that in order to offset the loss of profits, you have to issue more certificates. The end result is that it is no longer difficult to obtain a coveted digital certificate. To that point, the world’s largest issuer of digital certificates (Comodo), has had many high profile cases of their certificates being used to mask malware with encryption. How DPI-SSL works The term DPI-SSL simply means “Deep Packet Inspection” of SSL traffic. It’s a bit of a misnomer since most encrypted traffic today uses TLS for encryption instead of SSL, but the concept and results are exactly the same. The technology decrypts the traffic, determines what is to be done with it (let it pass, block it or manage the associated bandwidth) and sends it on its way if that’s the desired outcome. But to do this requires a bit of technological wizardry. First of all, when your browser exchanges the keys with a website, it has to validate who owns the site and whether to trust it. To do that, it validates the certificate against the root certificate of the issuing Certificate Authority. In order to convince your browser that it’s okay to proceed, the site needs to convince your browser that it has a valid certificate representing the site you’re trying to visit. In order to decrypt the traffic, the technology has to convince both sides that it’s okay to talk and no one can hear them. As data is passed either direction, the firewall decrypts the data, examines it and makes a determination of what to do with it and then re-encrypts it and sends it on its way. DPI-SSL utilizes a hacker’s concept called a “man-in-the-middle attack”. Essentially someone steps in the middle of the conversation and begins collecting the packets going back and forth, examining them and sending them on their way. In order to do that with encrypted traffic, two things have to happen. First of all, if I’m that guy in the middle, I have to have a valid certificate myself to exchange with the person using the browser. So I’m going to have to buy a certificate from a trusted CA that I’ll install on some technology such as a next-generation firewall. But that’s not so easy either. In order to convince your browser that it’s okay to talk to me, you need to recognize my certificate and trust it in place of the certificate I was expecting from the website. Every browser has the ability to import a certificate for traffic that is known to be trusted, thereby making the other side of the conversation a trusted source regardless of who it is. Once that happens, the conversation will be allowed by your browser. To demonstrate how this technology works, let’s use the example of a banking website. Let’s suppose I want to go to my account on the Chase banking website. I might type www.chase.com in my browser and I’ll be transported to the site where I will see the little padlock with “https://” next to it. But what really happens is that when the firewall recognizes that an encrypted session is being set up, it steps in the middle and mimics Chase in the exchange of keys with your browser and also begins an encrypted session with Chase as though it were the browser communicating with the website. As data is passed either direction, the firewall decrypts the data, examines it and makes a determination of what to do with it and then re-encrypts it and sends it on its way. It thereby solves both of the problems of traffic management and identification of malware. It also solves one issue that has existed for years. People who want to get past content filtering often use what are called “proxy sites”. These are sites that act as an encryption mechanism so that it makes it impossible for content filters to read the TCP header information that contains the name of the site being visited. As an example, if you’re an employee and you want to visit an adult site, you can do so by first going through a proxy site that will encrypt the data and then transport the session on to the site you wanted to visit. With DPI-SSL that traffic can now be examined and the classification of a website can be determined for the purpose of allowing or blocking that site. What is Required to Implement DPI-SSL? The first requirement for implementing DPI-SSL is a firewall with those capabilities. Almost all SonicWALL firewalls manufactured today can do that. However, there are other important considerations. Encryption and decryption require processor power. Just as Netflix has spent millions of dollars on implementing encryption, you will likely have to purchase a firewall with more processor power than what you would have needed without DPI-SSL. How much power is required is easily determined by an examination of your network traffic. A member of the Cerdant engineering team can help you with that. In addition, you will need to purchase a digital certificate (fairly inexpensive) and install it on the firewall. You will also have to install that certificate in each of the versions of browsers that your users are using. That may sound difficult and time-consuming but for most businesses, it’s easier than you think. A feature of Microsoft’s Active Directory allows you to push out certificates to the browsers that are being supported. Most businesses use AD to control access and privileges on their networks now so implementing a certificate takes just a few minutes. Once the process is complete, your firewall can examine all of the traffic passing to and from the Internet and keep you safe from most malware as well as help you manage non-malicious content. But without DPI-SSL your firewall cannot protect you from many of the threats from the Internet. Summary DPI-SSL is now clearly an essential tool for maintaining the security of networks. Approximately 50% of Internet traffic is encrypted today. Content providers are encrypting nearly all traffic to avoid content management technologies. Increasingly malware is encrypted. Without DPI-SSL, encrypted malware will pass through the firewall uninterrupted. Without DPI-SSL, there is no practical way to manage the content that end users are viewing and using. Without DPI-SSL, bandwidth management of streaming content cannot be managed. Article source
  23. Fantom Ransomware Encrypts Your Files While Pretending To Be Windows Update A new ransomware called Fantom was discovered by AVG malware researcher Jakub Kroustek that is based on the open-source EDA2 ransomware project. The Fantom Ransomware uses an interesting feature of displaying a fake Windows Update screen that pretends Windows is installing a new critical update. In the background, though, Fantom is secretly encrypting a victim's files without them noticing. Unfortunately, there is no way to currently decrypt the Fantom Ransomware and usual methods for get EDA2 based ransomware keys are not available with this variant. For those who wish to discuss this ransomware or need support, you can use the Fantom Ransomware Help Support Topic. Fantom disguises itself as a Critical Windows Update The developers behind the Fantom Ransomware make an extra effort to hide it's malicious activity by pretending the program is a critical update for Windows. To add legitimacy, the file properties for the ransomware states that it is from Microsoft and is called critical update. File Properties When executed, the ransomware will extract and execute another embedded program called WindowsUpdate.exe that displays the fake Windows Update screen shown below. This screen overlays all of the active Windows and does not allow you to switch to any other open applications. Fake Windows Update Screen The above fake update screen also contains a percentage counter that increases as the ransomware silently encrypts a victim's files in the background. This is done to make it look like the fake update is being installed and to provide a reason for the increased activity on the victim's hard drives. It is possible to close this screen by using the Ctrl+F4 keyboard combination. This will terminate the fake Windows update process and display your normal Windows screen, but the ransomware will continue encrypting your files in the background. How the Fantom Ransomware Encrypts a Computer Thanks to MalwareHunterTeam, who deobfuscated the code for Fantom and provided some analysis, we can easily see how the ransomware perform its encryption. Just like other EDA2 based ransomware, it will generate a random AES-128 key, encrypt it using RSA, and then upload it to the malware developers Command & Control server. It then begins to scan the local drives for files that contain targeted file extensions1 and encrypt them using AES-128 encryption. When it encrypts a file it will append the .fantom extension to the encrypted file. For example, apple.jpg would be encrypted as a file named apple.jpg.fantom. In each folder that it encrypts a file, it will also create a DECRYPT_YOUR_FILES.HTML ransom note. Fantom will also create two batch files that are executed when the encryption is finished. These batch files will delete the shadow volume copies and fake Windows update executable. Fantom Cleaning Up Finally, the ransomware will display the ransom note called DECRYPT_YOUR_FILES.HTML that includes the victim's ID key and provides instructions to email [email protected] or [email protected] in order to receive payment instructions. Ransom Note I have to point out that this user obviously does not have a good command of the English language as the grammar and wording could be one of the worst I have seen in a ransom note to date. Finally, the ransomware will download an image from and save it to %UserProfile%\2d5s8g4ed.jpg. This image is downloaded from the following URL, which may provide a clue as to the developer's identity: http://content.screencast.com/users/Gurudrag/folders/Default/media/9289aabe-7b4a-4c7f-b3bb-bdf3407e7a2f/fantom1.jpg This image will then be used as the Windows wallpaper shown below. Fantom Wallpaper Files created by the Fantom Ransomware: %AppData%\delback.bat [Executable_Path]\WindowsUpdate.exe [Executable_Path]\update.bat %UserProfile%\2d5s8g4ed.jpg Registry entries created by the Fantom Ransomware: HKCU\Control Panel\Desktop\ "Wallpaper" "%UserProfile%\How to decrypt your files.jpg" HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 1 Network Communication: http://powertoolsforyou.com/themes/prestashop/cache/stats.php http://templatesupdates.dlinkddns.com/falssk/fksgieksi.php Hashes: SHA256: f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b Targeted File Extensions: .001, .1cd, .3d, .3d4, .3df8, .3fr, .3g2, .3gp, .3gp2, .3mm, .7z, .aac, .abk, .abw, .ac3, .accdb, .ace, .act, .ade, .adi, .adpb, .adr, .adt, .ai, .aim, .aip, .ais, .amf, .amr, .amu, .amx, .amxx, .ans, .ap, .ape, .api, .apk, .arc, .arch00, .ari, .arj, .aro, .arr, .arw, .asa, .asc, .ascx, .ase, .asf, .ashx, .asmx, .asp, .aspx, .asr, .asset, .avi, .avs, .bak, .bar, .bay, .bc6, .bc7, .bck, .bdp, .bdr, .bib, .bic, .big, .bik, .bkf, .bkp, .blob, .blp, .bmc, .bmf, .bml, .bmp, .boc, .bp2, .bp3, .bpl, .bsa, .bsp, .cag, .cam, .cap, .car, .cas, .cbr, .cbz, .cc, .ccd, .cch, .cd, .cdr, .cer, .cfg, .cfr, .cgf, .chk, .clr, .cms, .cod, .col, .cp, .cpp, .cr2, .crd, .crt, .crw, .cs, .csi, .cso, .css, .csv, .ctt, .cty, .cwf, .d3dbsp, .dal, .dap, .das, .dayzprofile, .dazip, .db0, .dbb, .dbf, .dbfv, .dbx, .dcp, .dcr, .dcu, .ddc, .ddcx, .dem, .der, .desc, .dev, .dex, .dic, .dif, .dii, .dir, .disk, .divx, .diz, .djvu, .dmg, .dmp, .dng, .dob, .doc, .docm, .docx, .dot, .dotm, .dotx, .dox, .dpk, .dpl, .dpr, .dsk, .dsp, .dvd, .dvi, .dvx, .dwg, .dxe, .dxf, .dxg, .elf, .epk, .eps, .eql, .erf, .err, .esm, .euc, .evo, .ex, .exif , .f90, .faq, .fcd, .fdr, .fds, .ff, .fla, .flac, .flp, .flv, .for, .forge, .fos, .fpk, .fpp, .fsh, .gam, .gdb, .gho, .gif, .grf, .gthr, .gz, .gzig, .gzip, .h3m, .h4r, .hkdb, .hkx, .hplg, .htm, .html, .hvpl, .ibank, .icxs, .idx, .ifo, .img, .indd, .ink, .ipa, .isu, .isz, .itdb, .itl, .itm, .iwd, .iwi, .jar, .jav, .java, .jc, .jfif, .jgz, .jif, .jiff, .jpc, .jpe, .jpeg, .jpf, .jpg, .jpw, .js, .json, .kdb, .kdc, .kf, .kmz, .kwd, .kwm, .layout, .lbf, .lbi, .lcd, .lcf, .ldb, .lgp, .litemod, .log, .lp2, .lrf, .ltm, .ltr, .ltx, .lvl, .m2, .m2v, .m3u, .m4a, .mag, .man, .map, .max, .mbox, .mbx, .mcd, .mcgame, .mcmeta, .md, .md3, .mdb, .mdbackup, .mddata, .mdf, .mdl, .mdn, .mds, .mef, .menu, .mic, .mip, .mkv, .mlx, .mod, .mov, .moz, .mp3, .mp4, .mpeg, .mpg, .mpqge, .mrw, .mrwref, .msg, .msp, .mxp, .nav, .ncd, .ncf, .nds, .nef, .nfo, .now, .nrg, .nri, .nrw, .ntl, .odb, .odc, .odf, .odi, .odm, .odp, .ods, .odt, .odtb .oft, .oga, .ogg, .opf, .orf, .owl, .oxt, .p12, .p7b, .p7c, .pab, .pak, .pbf, .pbp, .pbs, .pcv, .pdd, .pdf, .pef, .pem, .pfx, .php, .pkb, .pkh, .pkpass, .pl, .plc, .pli, .pm, .png, .pot, .potm, .potx, .ppd, .ppf, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prc, .prt, .psa, .psd, .psk, .pst, .ptx, .puz, .pwf, .pwi, .pwm, .pxp, .py, .qbb, .qdf, .qel, .qic, .qif, .qpx, .qtq, .qtr, .r3d, .ra, .raf, .rar, .raw, .rb, .re4, .res, .rev, .rgn, .rgss3a, .rim, .rng, .rofl, .rrt, .rsrc, .rsw, .rte, .rtf, .rts, .rtx, .rum, .run, .rv, .rw2, .rwl, .sad, .saf, .sav, .sb, .sc2save, .scm, .scn, .scx, .sdb, .sdc, .sdn, .sds, .sdt, .sen, .sfs, .sfx, .sh, .shar, .shr, .shw, .sid, .sidd, .sidn, .sie, .sis, .slm, .sln, .slt, .snp, .snx, .so, .spr, .sql, .sqx, .sr2, .srf, .srt, .srw, .ssa, .std, .stt, .stx, .sud, .sum, .svg, .svi, .svr, .swd, .swf, .syncdb, .t12, .t13, .tar, .tax, .tax2015, .tax2016, .tbz2, .tch, .tcx, .text, .tg, .thmx, .tif, .tlz, .tor, .tpu, .tpx, .trp, .tu, .tur, .txd, .txf, .txt, .uax, .udf, .umx, .unity3d, .unr, .unx, .uop, .upk, .upoi, .url, .usa, .usx, .ut2, .ut3, .utc, .utx, .uvx, .uxx, .val, .vc, .vcd, .vdf, .vdo, .ver, .vfs0, .vhd, .vmf, .vmt, .vob, .vpk, .vpp_pc, .vsi, .vtf, .w3g, .w3x, .wad, .war, .wav, .wave, .waw, .wb2, .wbk, .wdgt, .wks, .wm, .wma, .wmd, .wmdb, .wmmp, .wmo, .wmv, .wmx, .wotreplay, .wow, .wpd, .wpk, .wpl, .wps, .wsh, .wtd, .wtf, .wvx, .x3f, .xf, .xl, .xla, .xlam, .xlc, .xlk, .xll, .xlm, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xltx, .xlv, .xlwx, .xml, .xpi, .xpt, .xvid, .xwd, .xxx, .yab, .yps, .z02, .z04, .zap, .zip, .zipx, .zoo, .ztp Source
  24. This password manager can generate and store random strong passwords for users. Passwords are generated on users' browsers and then encrypted using AES256 (mode CBC). Key for encryption is generated by PBKDF2 based on login password (Password_1) PBKDF2 with SHA512 is used for user identification check. Raw password will be mapped to a pseudo password with a key related to Password_1 before applying AES256. The mapping algorithm is alphabet and position based. Some part of information in Password_1 won't involve in calculations for identity check, So password_1 can't be obtained by enumerating password_0 (used for authentication). You can read more information about implementation in wiki. Extentions You can easily add E-mail verification, Google authentication... in your version of password manager. Put your implementation inside check.php, which is used for login authentication. DEMO phppasswordmanager.sourceforge.net This demo is for test ONLY! Do NOT put your real password there. You can access the database for this demo here, with login username p2663268ro and password 12345678 Additional test demo available here: pas.jeffery.cc This demo is for test purpose and might be unstable. Features Client side encryption. Server only keeps the encrypted strings. Customized fields support. You can add/delete fields for the password manager. For example, you might want a URL field to keep login URL for all your accounts. PIN login. You don't need to input your long login password everytime. Instead, you can use a short PIN, in your trusted devices. Files support. You can attach files to accounts. Of course, files are encrypted in your browser before they are uploaded. Tags support and searching support. This makes it easier to manage lots of accounts. Import/Export as CSV file. Easy to use backup/recovery. Authentication control. Account/IP will be blocked for too many failed attempts. After a short time of no action, you'll sign out automatically. Friendly UI. Download zeruniverse Password-Manager Article source
  25. The Nullbyte Ransomware pretends to be the NecroBot Pokemon Go Application A new DetoxCrypto Ransomware variant called the Nullbyte Ransomware has been discovered by Emsisoft security researched xXToffeeXx that pretends to be the popular Pokemon Go bot application called NecroBot, When infected, the ransomware will encrypt a victim's files and then demand .1 bitcoins to decrypt the files. Thankfully, Michael Gillespie was able to create decryptor so that victims can get their files back for free. This ransomware is distributed from a Github project that pretends to be a rebuilt version of the NecroBot application in the hopes that people will download it thinking it was the legitimate application. Fake NecroBot Github Page When someone downloads and executes the application it will show the standard NecroBot interface asking for the victim to login. NecroBot If any login info, real or fake, is entered and the Login button is pressed, the program wil pretend to try and login to the NecroBot servers. In the background, though, the ransomware will begin to encrypt a victim's files. Encrypting When finished, the ransomware will display its lock screen that prompts a user to pay .1 bitcoins to decrypt the files. Ransom Note Lock Screen The Nullbyte Ransomware Encryption Process According to further analysis by MalwareHunterTeam, the Nullbyte ransomware will encrypt files using AES encryption and then append the _nullbyte extension to encrypted files. For example, test.jpg would become test.jpg_nullbyte when the file is encrypted. When encrypting files, the Nullbyte ransomware will encrypt any file located in the following folder: %USERPROFILE%\Documents %USERPROFILE%\Downloads %USERPROFILE%\Favorites %USERPROFILE%\Pictures %USERPROFILE%\Music %USERPROFILE%\Videos %USERPROFILE%\Contacts %USERPROFILE%\Desktop While running, this ransomware will also terminate the chrome, cmd, taskmgr, firefox, iexplore, and opera processes, This is done to make it difficult to remove the ransomware or search for help on the web. Last, but not least, the ransomware will generate a screenshot of the currently active Windows screens and upload it to the ransomware's command & control server. At this time, it is unknown how the screenshot is used, but it could be used for possible information theft or blackmailing. Decrypting the Nullbyte Ransomware Thankfully, Michael Gillespie was able to create a decryptor for the Nullbyte Ransomware. Instructions on how how to use the decryptor can be found in the Nullbyte Ransomware Help and Support Topic. Below is a screenshot of the decryptor decrypting files encrypted by this ransomware. Files associated with the Nullbyte Ransomware %UserProfile%\Desktop\DecryptInfo.exe %UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost32.exe %UserProfile%\Documents\bg.jpg %UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DecryptInfo.exe %UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\enhost32.exe IOCs: SHA256: 96992b32a1bd469dfb778d8d2d1a24dbc41d5adc11d05efa659e6c85de0f50ad Network Traffic: https://tools.feron.it/php/ip.php ftp://ftp.taylorchensportfolio.netai.net/DECRYPTINFO-LAUNCHED ftp://ftp.taylorchensportfolio.netai.net/DECRYPT-REQUEST Source