Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'privacy'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 459 results

  1. Looks like KB 2952664 (for Win7) and KB 2976978 (Win 8.1) are back These are the two patches implicated with various snooping proclivities, and tied into upgrading from Windows 7 to Win10, or Win8.1 to Win10 — which should be a non-starter tat this point. I can see them in the Microsoft Update Catalog: KB 2952664 KB 2976978 They’re both listed as “Last Updated 2/17/2017.” They aren’t listed on the Windows Update official page, but PKCano reports that she’s seeing the Win7 patch, released today, optional and unchecked. Of course you should avoid them. Source: Looks like KB 2952664 (for Win7) and KB 2976978 (Win 8.1) are back (AskWoody) Looks like KB 2952664 (for Win7) and KB 2976978 (Win 8.1) are back (AskWoody forums)
  2. Cerber Ransomware Switches To .CERBER3 Extension For Encrypted Files A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version. The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below. Encrypted Files Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url. The previous Cerber version had also sent UDP packets to the range of IP addresses. This version appears to be using the range for statistical purposes. As this version is further analyzed, more information may become available. When this happens, I will be sure to update this article. Source
  3. With everyone from local scammers to government agencies trying to get hands on your data, there’s never been a better time to beef up your privacy game. Fortunately, there are a ton of options out there to keep your messages, files, and phone safe on Android. Before we begin, we should point this out: using a smartphone is always going to be a risk. Especially one running services from Google. You can use these tips and apps to protect some of your communication, but you’re never going to be totally off the grid as long as you’re using an Android phone. That doesn’t mean you have to make it easy on an attacker, though. Change These System Settings to Protect Your Privacy When you first get your phone, it’s a good time to start protecting yourself. During the setup, make sure you disable any options asking to track your data. After that (or if you’ve already set up your phone), there are a number of precautions you can and should take. We recommend everything on the following list, but they all come with some convenience sacrifice, so decide for yourself which ones you need: Set a strong alphanumeric password. Android gives you the option to use a pattern or PIN to lock your phone, but to be safe, you should use a strong alphanumeric password. Open the Settings app and head to Security > Screen Lock. Set a password that includes numbers and letters. Don’t use your fingerprint to sign in. Fingerprint sensors are convenient, but the law around them is complicated. While it’s still being hashed out in the courts, currently police can compel you to use your fingerprint to unlock your phone. It’s better to just not use it at all. On Nexus and Pixel devices, head to Settings > Security > Pixel Imprint and delete any fingerprints you’ve saved. Encrypt your phone (if it isn’t already). Some manufacturers don’t encrypt your phone by default. If you have to enter a PIN before the phone boots up, it’s probably encrypted already. Just to be sure, head to Settings > Security. Under Encryption, you should see “Encrypt phone.” If it says “Encrypted” below that, you’re good. Otherwise, tap it and follow the instructions to encrypt your phone. This may take a while and it may slow down some older phones, but it’s worth it to protect your data. Hide notification information from the lock screen. Android will show notifications even when your phone is locked, but you can hide sensitive information if you don’t want prying eyes to see. Head to Settings > Notifications then tap the gear icon at the top. Finally, tap “On the lock screen.” You can either choose “Hide sensitive notification content” to conceal things like messages and email contents, or “Don’t show notifications at all” to ensure no one sees anything. Disable Google’s tracking activity. Google is the biggest glutton for data around, so disabling their tracking is almost a Sisyphean task, but you can at least turn off as much as you can. Head to this link, click the menu button at the top, and choose “Activity Controls.” Here, you can disable location tracking, search tracking, voice tracking, and even your YouTube history. Note, Google may still keep some anonymized info about you, but this can minimize how much they have. Turn off Google backup. Google backs up a ton of information about your device, including call history, apps, and even what Wi-Fi network you’re connected to. If you’d rather Google not have that info, head to Settings > Backup & reset > Backup. You can either disable backups entirely (and make your own) or selectively disable the data you don’t want to store. Turn off any unnecessary app permissions. As of Android 6.0 (Marshmallow), Google finally lets you pick which permissions to give to apps. For starters, that means you should probably get an Android phone running Marshmallow if you’re concerned for your privacy. Then, head to Settings > Apps and tap the gear icon at the top. Then tap “App permissions.” Here you’ll be able to see permissions for things like Calendar, Contacts, Location, and Microphone. Tap each one and disable any apps you don’t trust. Keep in mind, this may break some apps if you’re not sure why they need that permission. If you’re really not sure you can trust an app, you might be better off uninstalling it. Turn on two-factor authentication. Your account is only as safe as your password (which isn’t very safe) unless you enable two-factor authentication. You can turn it on for your Google account here, and then for any of your other accounts on this list. It’s also a good idea to use an app like Authy to manage your authentication tokens, since it lets you lock the app with a PIN. This protects your tokens in the event someone steals and unlocks your phone. Enable Android Device Manager. ADM can find your phone remotely, so it might be a bit of a toss up from a privacy standpoint. On the one hand, it means Google will have information about where you are. However, you can also use it to locate or wipe your phone remotely. If you want that nuclear option in case you lose your device, this might be a good tool to have. That should handle a lot of the data and vulnerabilities that come with having an Android phone (though you should still assume there’s some kind of data being tracked from your account). However, that’s only part of the equation. Next, you’ll need to take a look at the apps you use every day. The Productivity Apps That Protect Your Privacy Most productivity apps are designed to help you get stuff done as conveniently as possible. Protecting your privacy, however, is rarely the most convenient. Consequently, you might need to use apps that are designed to protect as much data as possible, even if they have to forego useful features like cloud syncing or complex computer analysis. Some, like a VPN, you might not need all the time, but you should almost always be using apps like a password manager. Also keep in mind that if you received your phone from your company through the Android at Work program, your data will still be visible to them even if you use these apps. If you want to keep your information as private as possible, use your own phone and keep it as locked down as possible. Web Browser: Brave While lots of browsers claim to protect your privacy, we’ve found that Brave stood out as one of the best. It uses HTTPS Everywhere to keep your traffic encrypted and it blocks scripts, cookies, phishing, pop-ups, and ads. If you find that a site doesn’t work with Brave, you can selectively re-enable each of those features to figure out what’s breaking the site and even whitelist it if you decide it’s worth it to you. On the desktop, Brave has a weird system that lets users choose to pay publishers instead of seeing ads. However, this doesn’t appear to exist in the mobile version, so you can safely ignore it. It’s not perfect, but it gives you a lot more flexibility to block third-party data tracking than Chrome does. Email: ProtonMail or Gmail For the most thorough email privacy, ProtonMail is the way to go. It encrypts all of your messages by default. You can send email to other ProtonMail users and they’ll be able to read it like normal. If you send it to anyone else, they’ll be given a link where they’ll need to enter a password in order to read your message. This is a very inconvenient way to send email, but if you need to guarantee that no one but the recipient reads your email, this is the way to go. If you’re slightly less paranoid, Gmail is still an excellent way to keep your email private from everyone except, well, Google. Every email is sent over SSL and Google encrypts each message from sender to receiver. Unfortunately, Google itself is still able to see and scan your emails, and it may even have to turn some data over to the government if they receive a legal request. However, Gmail will at least protect your messages from some random snooper or someone who finds your phone (as long as you have a strong password and two-factor authentication, like we mentioned earlier). In general, email is pretty hard to secure since it always relies on a third-party server to send messages. If you’ve got a good reason to wear your tinfoil hat, you can always try rolling your own email server, but keep in mind it’s really hard. Messaging: Signal or WhatsApp If you really need to communicate with someone securely, Signal and WhatsApp are going to be much better for your privacy than email. Both of these apps feature end-to-end encryption, they don’t store your messages after they’ve been delivered, and they can both do voice calls on top of text messages. Inconveniently, both parties will need to have the app installed to use it, but it’s fairly easy to set up an account. For those who want the absolute most privacy possible, however, Signal offers a slight edge. It doesn’t store metadata about who you’re talking to, but WhatsApp does. Neither app knows what you’re talking about, but WhatsApp knows who you’re talking with and when. If WhatsApp receives a legal warrant, it can hand over that data. WhatsApp can also backup your messages to Google Drive, though they’re encrypted so that shouldn’t be that big of a deal. Even if law enforcement requested it from Google, they wouldn’t be able to read it. Still, it’s important to know that the backup is there. Password Manager: LastPass or 1Password The best way to protect a strong password is to not know what it is. Password managers can generate long, complicated passwords for you and automatically enter them into the sites you visit. Our favorite password managers are LastPass and 1Password. LastPass is free and lets you sync your password vault across platforms, but the downside is that it uses its own servers to do it. While your data is encrypted while it’s on LastPass’s servers, it’s still possible for it to get hacked if someone targets the company, which happened once. Their encryption was strong enough to prevent the attackers from gaining access to users’ stored passwords which is encouraging, but if you need to be super careful, you might not want to risk it. 1Password, on the other hand, offers two kinds of syncing. You can pay $3/month to sync your account through 1Passwords servers, or you can just use your own Dropbox account. You can also skip syncing altogether and store all your passwords in a local vault and manually copy them from one device to another when you need to. This makes sure that no one can get access to your vault, even if they attack a third-party. VPN: Hideman, Tunnelbear, or NordVPN Using a VPN is the most basic way to secure all of your web traffic. Once you connect to a VPN, your traffic is encrypted so no one snooping can see what you’re looking at. This is particularly useful when you’re on public networks where you might not control your internet connection. On this front, we like Hideman, NordVPN, and TunnelBear. Each service requires a monthly fee, but you get a small allotment of data for free each month. You won’t want to watch hours of Netflix with it, but it can help cover your traffic when you’re at the airport or hotel. Notes: Notes Lock Google Keep was a surprise hit for note takers, but you can’t lock your notes down and they’re all stored on Google’s servers to boot. Notes Lock on the other hand keeps all your notes on your device and secures them behind a pass code, PIN, or pattern lock (though for the best security, you should probably use the pass code). You can use Notes Lock to write down notes or create to-do lists in a variety of colors and fonts. Even as a generic notes app it’s pretty robust, which makes the security features the icing on the cake. If you want to sync your notes, you can choose to save your notes vault to Dropbox to share it between devices. Like with 1Password, this gives you more control over how your data is stored, rather than passing it off to a company like Google. Of course, this means someone could find your notes vault in Dropbox, but it will still be encrypted so they shouldn’t be able to read it anyway. Cloud Storage: SpiderOak Dropbox is pretty good at protecting your data, but if you need to go one step further, SpiderOak is the best way to store data in the cloud and keep it secure. The company employs a “zero knowledge” policy, using local encryption so it can’t read what’s in your files before you even upload them. SpiderOak doesn’t offer any free storage, but it offers 100GB/month for $5 which is competitive with services like Dropbox and Google Drive. This should be a good start to protecting your typical Android usage from prying eyes. Nothing in here (or anywhere, really) is 100% bulletproof, but you’ll be one step ahead of the pack, which is often enough to get your everyday attacker off your back. Article source
  4. End-to-end encryption is the new security mantra, but how far will you go to foil the thought police? It's difficult to maintain a healthy level of paranoia when some days it feels like we're living in a gritty reboot of 1984. Revelations of western security agencies systematically spying on their own citizens have driven many people to embrace personal encryption tools, yet at the same time social media has bred a generation of oversharers who seem happy to trade their privacy for magic beans. Some people wear tin foil hats to avoid government mind probes, while others write their passwords on post-it notes for all the world to see. Most of us sit somewhere in the middle, swinging between vigilance and complacency as we navigate the challenges of modern technology. Nothing to hide? It's often said that if you've got nothing to hide then you've got nothing to fear, but that's a dangerous attitude. It downplays legitimate fears and makes it easier for the powers that be to gradually erode civil liberties to the point where we all have something to fear – at which point it's too late. So where do you draw your own line in the sand? I think you need to start by defining the problem; exactly what are you afraid of, realistically what's the likelihood of those things happening to you, and how serious are the consequences if they do? Once you have level-headed answers to these questions you can start to think about the best precautions. These days the words "privacy" and "security" are almost used interchangeably, they're closely related but they don't quite mean the same thing. The way I see it, security is the reason you lock your front door at night, while privacy is the reason you draw the curtains. You can also break data security into two components; keeping your files locked away so others can't get them (let's call this "data security"), and keeping your files safe so you don't lose them (let's call this "data integrity"). Data security requires strong locks, while data integrity requires a robust backup regime. Everything to lose? To be honest I'm primarily concerned about data integrity, followed by security and finally privacy. In most cases losing a file would be much worse than it falling into the wrong hands. Technical disasters are my biggest realistic threat and the consequences could be significant, which is why I'm so paranoid when it comes to maintaining multiple backup systems. Backups aside, realistically I'm more concerned about hackers breaking into my computer and data, perhaps as part of a ransomware attack, than I am concerned about government spooks rummaging through my digital life. Keep in mind that spooks don't necessarily "break" into your accounts, instead they tend to slip in the back door. You might have different priorities, but I primarily focus on sensible security precautions like healthy password habits and employing extra security precautions such as two-factor authentication and Virtual Private Networks when using an untrusted connection. If I was more concerned about privacy I'd place a greater emphasis on issues like end-to-end encryption for email, browsing and instant messaging, in order to keep my communications and other activities safe from prying eyes. Everyone onboard? Of course poor privacy can be a security threat, and vice versa, which is why I'm starting to evaluate secure communications services. There are plenty of options, from PGP-based email encryption like Witopia's SecureMyEmail to encrypted instant messaging tools like Signal, which is adding secure video calls. The trouble is that the person on the other end of the conversation also needs to use these tools in order for you to communicate securely – which is a problem if most of the people that you deal with aren't as concerned about security as you are. Like communications tools in general, your secure comms ecosystem can become a fragmented mess – perhaps making it more trouble than it's worth. What do you see as the most significant threats to your data privacy, security and integrity? What precautions have you taken to stay safe? Ref: < http://www.smh.com.au/technology/gadgets-on-the-go/how-paranoid-is-too-paranoid-when-it-comes-to-privacy-and-security-20170216-guf0h1.html >
  5. Researchers Develop Cross-Browser Fingerprinting Technique Researchers have developed a cross-browser fingerprinting technique that uses operating system and hardware level features. Fingerprinting has been limited for the most part to individual web browsers in the past. If a user switched browsers regularly, fingerprinting could not be used to link the user to these browsers. Fingerprinting tests like the Electronic Frontier Foundation's Panopticlick or BrowserPrint, try to gather data about the browser and underlying operating system. They use all the data to create a fingerprint of the browser/computer combination, and may be able to do the same in future sessions. Cross-browser fingerprinting was out of the picture up until now. While other methods existed to track users across browsers, for instance by requiring them to sign into accounts to use a service or recording IP addresses, no fingerprinting method came close to providing a working solution. Cross-browser fingerprinting The researchers who published the research paper (Cross-)Browser Fingerprinting via OS and Hardware Level Features think that they have found a way. They have created an online service that demonstrates the fingerprinting technique. It is called Unique Machine, and works on any device that supports JavaScript. A click on Get My Fingerprint starts the process. It works, if JavaScript is enabled, and if connections to a few sites are allowed. The scan takes a couple of seconds to complete. The result is a browser fingerprint, and also a computer fingerprint; the latter is not finalized yet and still in development. You may hit the details button on the Unique Machine website for the list of tested cross-browser features. The following features are tested currently: Time Zone. Number of CPU Cores. Fonts. Audio. Screen Ratio and depth. WebGL. Ad Blocking. Canvas. Cookies. Encoding. GPU. Hash values of GPU rendering results. Language. Plugins. The idea is now that you will get similar results when you use a different browser on the same system to run the fingerprinting test a second time. The researchers state that the technique identified 99.2% of users correctly. The sample size is a bit small, 1903 users and 3615 fingerprint samples. I ran tests on a machine using different browsers, and results were mixed. The computer fingerprint was identical when I ran the fingerprinting test in Chrome, Chrome Canary and Vivaldi, but different in Firefox and Edge. The three browsers the hash was identical in are all based on Chromium. This is probably the reason why the fingerprint was identical. The source code of the cross browser fingerprinting site is available on GitHub. Now You: Did you cross-browser fingerprinting work on your devices? Source
  6. Microsoft Edge Browser Accused of Displaying Fake News in New Tabs News outlet partnership go wrong for Edge users All the news is delivered by MSN with help from news outlets across the world, and while at first glance everything should be pretty helpful for users, it turns out that the browser is suffering from an issue that the Internet is trying to deal with as we speak: fake news. A number of users have turned to the built-in Windows 10 Feedback Hub app to complain about what they claim to be fake news displayed in Microsoft Edge, explaining that the balanced news that they should find in the browser do not exist and most sources are trying to give articles a certain spin that shouldn’t be there. “I have been disgusted to read such clearly slanted stories. I would prefer to read news reports that allowed me to draw my own conclusions that did not seem intent on spinning the news in one direction or another. It is time that you offered BALANCED news instead of relying on your partnerships with news outlets that clearly have an agenda in their news reporting,” one such comment reads. Microsoft still tightlipped Microsoft Edge does not allow users to edit news sources, but only to choose the categories they want to receive articles for, so there’s no way to deal with the alleged fake news without the company’s own tweaks. Of course, Microsoft Edge does not deliberately spread fake news, and if this is indeed happening, it’s only the fault of the sources that the browser is configured to use to show articles in the start page and in new tabs. Microsoft, however, hasn’t said a single thing until now and is yet to respond to the suggestion posted in the Feedback Hub, so it remains to be seen if the company gives more power to users to configure news sources or if the company itself removes sources involved in spreading fake news. Source
  7. If you own a company-sponsored laptop or connect to your company’s private network, there is a good chance that your employer is monitoring your Internet usage at work. It is not uncommon for companies to be known for employee monitoring. In fact, there are even guides online teaching employers how to effectively monitor their employees. Private things on your computer you would probably appreciate keeping it that way; private. Nobody really wants their employers or co-workers snooping about in there. So it is only natural to be interested in knowing as to who is watching you. How are your employers monitoring their employees? What are they looking at? Why do they do it? And is that even legal? WHAT CAN MY EMPLOYER SEE? So just how much is your employer able to see if they were monitoring your Internet access or laptops? Well, just imagine as if your boss was standing behind you and looking over your shoulder while you worked. THAT is what your employers can see. Given a company-supplied laptop device and Internet over the company’s network, your employer could monitor virtually almost anything and everything that goes in and out of your screen. Spending a little too much time shopping on Amazon? Your boss knows. Chatting with a friend about how sucky your boss is? He sees it. Sending a job application out through your email and then deleting it? Don’t think your employer cannot retrieve it. Your web surfing, emails, instant messages, downloads, files stored, display screen, keyboard strokes etc.; all these can and are probably being recorded. And if you were using a company mobile, that could be monitored too. HOW AM I BEING MONITORED? Two common ways employers monitor Internet usage are by: 1) Software on your computer. Software installed on your company-sponsored computer allows your employer to see what is on your screen or stored in your hard disks. There are numerous programs used by employers to track all your activity and sends reports to your boss or the IT department. The logs can show details from your web surfing habits, to time spent in specific software programs or your emails. 2) Monitoring over a corporate network. This method also allows an employer to track emails, websites and files but is harder to detect because it is done through a company’s private network. Even if you were using your company’s computer anywhere outside the office, a network analyser (aka. packet sniffer) that has been setup by network administrator to perform network troubleshoots can still be used as a ‘spyware’ as long as you are connected to the company’s network. WHY ARE COMPANIES MONITORING EMPLOYEES? It is unlikely that a boss would be monitoring their employees 24/7, as they would be ending up spending more time playing Big Brother rather than doing actual managing. It is also improbable of an employer to be actively monitoring each and every employee, and is more likely to do so only if a certain employee has given reason for them to question his/her behaviour. Employers may choose to monitor employees’ Internet usage for a variety of reasons. The company might be dealing with sensitive information and wish to prevent data misuse or leaks outside the company. Or perhaps a company wishes to hinder employees from performing malicious actions or downloading illegal content which could lead to malware compromising an entire network infrastructure. Employers may even use monitoring to gauge productivity of employees by means of keystroke monitoring (eg. How many keystrokes per hour each employee is performing). IS MY EMPLOYER ALLOWED TO DO ALL THIS? Yes and no. In the U.S., the Electronic Communications Privacy Act of 1986 (ECPA) states that it is against the law to “intercept” electronic communications like telephone, emails or computer. However, due to exceptions in this act, since your employer owns the equipment, they basically are free to access the equipment as they please. The exception in the law states that given employer-owned systems, they are allowed to access emails, phone message systems and instant messages as the company owns the computer network and terminals. Another exception is that the employer may monitor employees using their systems for “legitimate business needs”, which ultimately leaves it open to interpretation and misuse. In Malaysia, there are not many laws (if none) pertaining to workplace right to privacy. The closest we have is said to be the Personal Data Protection Act 2010 (PDPA) which focuses on the processing of personal data in commercial transactions, but probably less in regards to privacy rights. WHAT CAN YOU DO Some companies allow for ‘Bring Your Own Device (BYOD) Policies. This is a good solution to counter monitoring software that may be implanted on a company’s device. If bringing your own computer to the workplace seems a bit drastic, even bringing your own tablet is handy for checking a quick personal email or stealthy surfing. Got a smartphone? Or a mobile broadband? Great. These can be alternatives to using your company’s Wifi. Use a wireless tethering device and your cellular data if lack trust of your company’s network. Because you can still be tracked outside of the office whenever you connect to the company’s virtual private network, the simple way to offset this would be to disconnect from the company’s VPN any time you do not need to use it. Companies can see what you are doing online when the traffic on the corporate network is unencrypted. Using anonymizers like a VPN, such as BolehVPN, or a proxy can encrypt your traffic. Creating your own secure VPN tunnel hides your traffic from the local unencrypted network, which is something you should be using anyway especially if you are surfing over public Wifi. Be smart about your online habits when you are at work. If privacy is your concern, it is best to just keep your work and personal life separate if you're concerned about your privacy. Article source
  8. Microsoft’s Obscure ‘Self Service for Mobile’ Office Activation Microsoft requires a product activation after installing. Users of Microsoft Office currently are facing trouble during telephone activation. After dealing with this issue, I came across another obscure behavior, Microsoft’s ‘Self Service for Mobile’ solution to activate Microsoft Office via mobile devices. Microsoft describes how to activate Microsoft Office 2013, 2016 and Office 365 within this document. There are several possibilities to activate an installed product, via Internet or via Telephone for instance. Activation by phone is required, if the maximum Internet activation threshold is reached. But Office activation by phone fails Within my blog post Office Telephone activation is no longer supported error I’ve addressed the basis issue. If a user re-installs Office, the phone activation fails. The activation dialog box shows the message “Telephone activation is no longer supported for your product“. Microsoft has confirmed this issue for Office 2016 users having a non subscriber installation. But also users of Microsoft Office 2010 or Microsoft Office 2013 are affected. A blog reader posted a tip: Use Mobile devices activation… I’ve posted an article Office 2010: Telefonaktivierung eingestellt? – Merkwürdigkeit II about the Office 2010 telephone activation issue within my German blog, back in January 2017. Then a reader pointed me within a comment to a Self Service for Mobile website. The link http: // bit.ly/2cQPMCb, shortened by bit.ly, points to a website https: // microsoft.gointeract.io/mobileweb/… that provides an ability to activate Microsoft Office (see screenshot below). After selecting a 6 or 7 Digits entry, an activation window with numerical buttons to enter the installation id will be shown (see screenshots shown below). The user has to enter the installation id and receives the activation id – plain and simple. Some users commented within my German blog, that this feature works like a charm. Obscurity, conspiracy, oh my God, what have they done? I didn’t inspect the posted link until writing last Fridays blog post Office Telephone activation is no longer supported error. My idea was, to mention the “Self Service for Mobile” page within the new article. I managed to alter the link to direct it to the English Self Service for Mobile language service site. Suddenly I noticed, that both, the German and also the English “Self Service for Mobile” sites uses https, but are flagged as “unsecure” in Google Chrome (see the screenshot below, showing the German edition of this web page. The popup shown for the web site „Self Service for Mobile“ says, that there is mixed content (images) on the page, so it’s not secure. That catches my attention, and I started to investigate the details. Below are the details for the German version of the web site shown in Google Chrome (but the English web site has the same issues). First of all, I noticed, that the „Self Service for Mobile“ site doesn’t belongs to a microsoft.com domain – in my view a must for a Microsoft activation page. Inspecting the details, I found out, the site contains mixed content (an image contained within the site was delivered via http). The content of the site was also delivered by Cloudflare (I’ve never noticed that case for MS websites before). The image flagged in the mixed content issue was the Microsoft logo, shown within the sites header, transferred via http. The certificate was issued by Go Daddy (an US company) and ends on March 2017. I’ve never noticed, that Go Daddy belongs to Microsoft. I came across Go Daddy during analyzing a phishing campaign months ago. A compromised server, used as a relay by a phishing campaign, has been hosted (according to Whois records) by Go Daddy. But my take down notice send to Go Daddy has never been answered. That causes all alarm bells ringing in my head, because it’s a typical behavior used in phishing sites. Also my further findings didn’t calm the alarm bells in my head. The subdomain microsoft used above doesn’t belongs to a Microsoft domain, it points to a domain gointeract.io. Tying to obtain details about the owner of gointeract.io via WhoIs ended with the following record. Domain : gointeract.io Status : Live Expiry : 2021-03-14 NS 1 : ns-887.awsdns-46.net NS 2 : ns-1211.awsdns-23.org NS 3 : ns-127.awsdns-15.com NS 4 : ns-1980.awsdns-55.co.uk Owner OrgName : Jacada Check for 'gointeract.sh' --- http://www.nic.sh/go/whois/gointeract.sh Check for 'gointeract.ac' --- http://www.nic.ac/go/whois/gointeract.ac Pretty short, isn’t it? No Admin c, no contact person, and Microsoft isn’t mentioned at all, but the domain has been registered till 2021. The Owner OrgName Jacada was unknown to me. Searching the web didn’t gave me more insights at first. Overall, the whole site looks obscure to me. The tiny text, shown within the browser’s lower left corner, was a hyperlink. The German edition of the „Self Service for Mobile“ site opens a French Microsoft site – the English site opens an English Microsoft site. My first conclusion was: Hell, I was tricked by a phishing comment – somebody set up this site to grab installation ids of Office users. So I deactivated the link within the comment and I posted a warning within my German blog post, not to use this „Self Service for Mobile“ site. I also tried to contact the user, who has posted the comment, via e-mail. … but “Microsoft” provides these links … User JaDz responded immediately in an additional comment, and wrote, that the link shortened via bit.ly has been send from Microsoft via SMS – after he tried the telephone activation and selected the option to activate via a mobile device. I didn’t noticed that before – so my conclusion was: Hell, this obscure „Self Service for Mobile“ site is indeed related to Microsoft. Then I started again a web search, but this time with the keywords Jacada and Microsoft. Google showed several hits, pointing to the site jacada.com (see screenshot below). It seems that Jacada is a kind of service provider for several customers. I wasn’t able to find Microsoft within the customer reference. But I know, that Microsoft used external services for some activities. Now I suppose, that somebody from Jacada set up the „Self Service for Mobile“ activation site. The Ajax code used is obviously able to communicate with Microsoft’s activation servers and obtain an activation id. And Microsoft’s activation mechanism provides an option to send the bit.ly link via SMS. Closing words: Security by obscurity? At this point I was left really puzzled. We are not talking about a startup located within a garage. We are having dealing with Microsoft, a multi billion company, that claims to run highly secured and trustable cloud infrastructures world wide. But what’s left, after we wipe of the marketing stuff? The Office activation via telephone is broken (Microsoft confirmed that, after it was reported by customers!). As a customer in need to activate a legal owned, but re-installed, Microsoft Office is facing a nasty situation. Telephone activation is refused, the customers will be (wrongly) notified, that this option is no longer supported. Internet activation is refused due “to many online activations” – well done. But we are not finish yet. They set up a „Self Service for Mobile“ activation site in a way, that is frequently used by phishers. They are sending links via SMS to this site requesting to enter sensitive data like install ids. A site that is using mixed content via https, and is displaying an activation id. In my eyes a security night mare. But maybe I’ve overlooked or misinterpreted something. If you have more insights or an idea, or if my assumptions a wrong, feel free, to drop a comment. I will try to reach out and ask Microsoft for a comment about this issue. Article in German Source Alternate Source reading - AskWoody: Born: Office activation site controlled by a non-Microsoft company
  9. Dear friends, Nowadays our privacy is very important. I am interested to know which VPN service do you use and which is the best according to your opinion. Not to all vpn services are enough secure. Recently, has been discovered that HotSpot Shield in some cases could show your real ip. Have a look here : 1.Android 2. Windows Thanks for your time spent with this poll ! :)
  10. Ghacks.net Firefox Privacy And Security user.js 0.11 Is Out The most comprehensive Firefox privacy and security settings collection has been updated to version 0.11 to take into account changes in newer versions of Firefox. Ghacks champion Pants created the initial list in 2015, and has been on it ever since that day with help of others including earthling and Tom Hawack. The new user.js file replaces the old one. The download includes the user.js file, the changelog, and two HTML documents that lists all preferences, information and comments. You are probably wondering what is new in version 0.11 of the file. First of all, the preferences have been updated to take into account changes in Firefox. Mozilla has added, changed or removed preferences since the last release of the Ghacks user.js file. Apart from that, there are new sections that you may find interesting. There are new sections for Service Workers, First Party Isolation, Fingerprint resisting and Tor uplift. The add-ons section has been filled with links to recommended add-ons on top of that. Some fun stats about the latest privacy and security user.js file: The list features a total of 464 preferences of which 48 are commented out. 33 items contain warnings. The file links to 71 http and 243 https resources for research Click here to open the original article that has been updated with the new information, or download the new user.js file directly with a click on the following link: user.js-ghacks-0.11.zip Here is the change log: Added 2300: NEW SECTION for Service Workers (items renumbered from other sections) 2698: NEW SECTION for FPI (First Party Isolation) - commented out, it's not ready yet to go prime time 2699: NEW SECTION for privacy.resistFingerprinting (was 2630) 9998: NEW SECTION for To Investigate - Tor Uplift : APPENDIX B for Add-ons Renumbered sections 9996: PALE MOON, section renumbered and no longer maintained 9997: DEPRECATED Moved 2302: was 1012 dom.caches.enabled .. ALL the stuff in the 2300s were moved there, some are new 2301+2303+2304: were 2432+2430+2431 respectively, also new prefs 1216: was 2609 insecure active content 1217: was 2610 insecure passive content 2024: was 3014 media.mediasource.webm.enabled : some other numbers may have been reused, moved Deprecated Loads of them, just look in the deprecated section, its in order of version dropped, then number. Added 0101: browser.laterrun.enabled 0301: app.update.silent and app.update.staging.enabled 0336: browser.selfsupport.enabled (also merged 0371 with this) 0374: social.enabled 0376: FlyWeb 0380: Sync 0402: Kinto 0410: the entire section: many prefs deprecated, replaced with others, new section 0410g 0421: privacy.trackingprotection.ui.enabled 0440: mozilla flash blocklisting 0608: network.predictor.enable-prefetch 0818: taskbar preview 0819: browser.urlbar.oneOffSearches 0820: disable search reset 0907: force warnings for logins on non-secure sites 0908: browser.fixup.hide_user_pass 0909: signon.formlessCapture.enabled 1012: browser.sessionstore.resume_from_crash (note: old number was moved to 2300s) 1209: TLS extra prefs to control min and max and fallback versions 1213: cyphers disable 3DES 1214: cyphers disable 128 bit ecdhe 1215: disable MS Family Safety cert 1218: HSTS Priming 1219: HSTS preload 1220: disable intermediate CA caching 1408: gfx.font_rendering.graphite.enabled 1602: returned DNT (do not track) from deprecated 1808: disable audio auto-play in non-active tabs 1820+1825+1830+1840+1850: revamp, additions etc to GMP, DRM, OpenH264, Widevine, EME 2001: media.navigator.video.enabled 2001a: media.peerconnection.ice.no_host 2011: webgl.enable-debug-renderer-info 2012: webgl.dxgl.enabled + webgl.enable-webgl2 2022: extra prefs for screensharing 2024: MSE (Media Source Extensions) 2025: enable/disable media types 2026: disable canvas capture stream 2027: disable camera image capture 2028: disable offscreen canvas 2403: dom.allow_cut_copy 2415b: limit events that can cause a popup 2425: disable Archive API 2450: offline data storage 2504: new vr prefs 2510: Web Audio API 2511: media.ondevicechange.enabled 2627: revamped section from a single pref about build ID into all your UA/Navigator objects 2628: browser.uitour.url 2650: e10s stuff, never used by me, may be obsolete as e10s rollout changes with each release 2651: control e10s number of container processes 2652: enable console e10s shim warnings 2660: browser.tabs.remote.separateFileUriProcess 2662: browser.download.forbid_open_with 2663: MathML 2664: DeviceStorage API 2665: sanitize webchannel whitelist 2666: HTTP Alternative Services 2667: devtools.chrome.enabled 2668: extension directory lockdown 2669: strip paths when sending URLs to PAC scripts 2670: security.block_script_with_wrong_mime 2671: svg.disabled (FF53+) 2706: Storage API 2707: clear localStorage when a WebExtension is uninstalled 2803a: privacy.clearOnShutdown.openWindows 2804a: privacy.cpd.openWindows 2805: privacy.sanitize.timeSpan 3022: hide recently bookmarked items 3023: browser.migrate.automigrate.enabled Appendix A: new test sites: Browserprint, HTML Security, Symantec, AudioContext, HTML5, Keyboard Events, rel=noopener Appendix A: new section:; 5 Safe Browsing, Tracking Protection tests Changed : custom pref renamed and configured as the Monty Python parrot : custom pref expanded to each section with euphemisms for the parrot's demise 1211: SHA-1 variables/definitions have been changed by mozilla, recommeneded value has changed 2201: dom.event.contextmenu.enabled is now active 2404: dom.indexedDB.enabled - i turned this on and use an extension to toggle it on and off for sites 2421: two javascript.options now commented out, the performance loss isn't worth it : some other prefs may have been turned on/off Deleted 3019: network.proxy.type - it is not my place to control end users connections/proxies/vpns etc Source
  11. Lately, I have been collecting IoT security and privacy guidelines. Here's everything I've found: "Internet of Things (IoT) Broadband Internet Technical Advisory Group, Broadband Internet Technical Advisory Group, Nov 2016. "IoT Security Guidance," Open Web Application Security Project (OWASP), May 2016. "Strategic Principles for Securing the Internet of Things (IoT)," US Department of Homeland Security, Nov 2016. "Security," OneM2M Technical Specification, Aug 2016. "Security Solutions," OneM2M Technical Specification, Aug 2016. "IoT Security Guidelines Overview Document," GSM Alliance, Feb 2016. "IoT Security Guidelines For Service Ecosystems," GSM Alliance, Feb 2016. "IoT Security Guidelines for Endpoint Ecosystems," GSM Alliance, Feb 2016. "IoT Security Guidelines for Network Operators," GSM Alliance, Feb 2016. "Establishing Principles for Internet of Things Security," IoT Security Foundation, undated. "IoT Design Manifesto," www.iotmanifesto.com, May 2015. "NYC Guidelines for the Internet of Things," City of New York, undated. "IoT Security Compliance Framework," IoT Security Foundation, 2016. "Principles, Practices and a Prescription for Responsible IoT and Embedded Systems Development," IoTIAP, Nov 2016. "IoT Trust Framework," Online Trust Alliance, Jan 2017. "Five Star Automotive Cyber Safety Framework," I am the Cavalry, Feb 2015. "Hippocratic Oath for Connected Medical Devices," I am the Cavalry, Jan 2016. "Industrial Internet of Things Volume G4: Security Framework," Industrial Internet Consortium, 2016. "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products," Cloud Security Alliance, 2016. Other, related, items: "We All Live in the Computer Now," The Netgain Partnership, Oct 2016. "Comments of EPIC to the FTC on the Privacy and Security Implications of the Internet of Things," Electronic Privacy Information Center, Jun 2013. "Internet of Things Software Update Workshop (IoTSU)," Internet Architecture Board, Jun 2016. "Multistakeholder Process; Internet of Things (IoT) Security Upgradability and Patching," National Telecommunications & Information Administration, Jan 2017. They all largely say the same things: avoid known vulnerabilities, don't have insecure defaults, make your systems patchable, and so on. My guess is that everyone knows that IoT regulation is coming, and is either trying to impose self-regulation to forestall government action or establish principles to influence government action. It'll be interesting to see how the next few years unfold. If there are any IoT security or privacy guideline documents that I'm missing, please tell me in the comments. EDITED TO ADD: Documents added to the list, above. By Bruce Schneier https://www.schneier.com/blog/archives/2017/02/security_and_pr.html
  12. Microsoft Re-Releases Snooping Patches KB 2952664, KB 2976978 Earlier versions of the Win7 and 8.1 patches kicked off enhanced snooping routines, and there's no indication what's changed in these versions We don't know what KB 2952664 (for Windows 7) and KB 2976978 (for Windows 8.1) actually do. But both patches have been shown in the past to trigger a new Windows task called DoScheduledTelemetryRun. The patches appeared in the Automatic Update chute earlier todayas Optional, so they won't be installed unless you specifically check and install them. But in the past, the Optional versions have been converted rapidly to Recommended, and thus installed on most machines. The last release of KB 2952664 went from Optional to Recommend in a week. Microsoft's descriptions of the patches are quite bland: GWX, of course, is Microsoft's malware-like "Get Windows 10" campaign that plagued Windows 7 and 8.1 users last year. I last wrote about the patches on Oct. 5, 2016: The revision dates on the KB articles don't instill any confidence. When I wrote about KB 2952664 last October, I noted that the KB article was up to revision 25, dated Oct. 4, 2016. The current KB article, dated Feb. 9, 2017, is at revision 11. I have no idea what's up. Why is Microsoft releasing this CEIP diagnostic program on a Thursday? Why isn't it being held for next Tuesday's Monthly Rollup? Why does it fall outside the announced schedule of Security Only and Monthly Rollup patches? Why did the revision numbers change? But I do know that earlier versions of these patches triggered new snooping scans, whether the Customer Experience Improvement Program is enabled or not. And I do know that Microsoft hasn't documented much at all. Discussion continues on the AskWoody Lounge. AskWoody Lounge - Comments Source Alternate Source: Windows KB2652664 And KB2976978 Telemetry Updates Re-Released (Again)
  13. AppFalcon - 1 Year[365 Days] Unlimited PC License Promo by Orman Kuza Overview: UNINSTALL STUBBORN PROGRAMS! FORCE DELETE ANY FILE! Get rid of all installed CrApps See better alternatives with AppFalcon® Get rid of all installed CrApps, see alternatives, remove malware, update your apps to stay secure online! Features: Uninstall Any Program - Can remove any leftovers created by programs “Deletes what other tools can’t” - FORCIBLY DELETE ANY FILE, “UNINSTALLS AND DELETES PROGRAMS LIKE NO OTHER TOOL” Get better alternatives - Save Money on Software: GET HAND-PICKED ALTERNATIVES, REMOVE CRAPPS Detect and Remove CrApps Force Removal Improve PC Security 24/7 e-mail support More Info: Product Homepage, FAQ, Privacy Policy Supported OS: 32-bit and 64-bit versions of Windows Vista; Windows 7; Windows 8; Windows 8.1, and Windows 10. AppFalcon not only supports 32-bit and 64-bit operating systems but it supports them natively. This means that it uses the full potential of 64-bit on Windows x64 and 32-bit on Windows x86. Links: Offer: https://www.ormankuza.com/AppFalcon/giveaway/ Note: Limited Period Offer. Expires by 12 February 2017. Current Status: Open. Terms: Unlimited PC License - Can be installed in any number of devices. Personal Use Only. You'll receive free updates during the term of the license. 24/7 e-mail support. Steps: Visit the above promotional page and scroll-down to locate the request form. Enter your name and email and Click on "Request License". After receiving a registration email, you'll get another email with the license key details within 24 hours. FYI: Mostly within 2-3 or 5 hours. Install and Activate ASAP. To enter license and activate, just go to the upright corner of the application and click on the “?” (question mark). Downloads: AppFalcon v2.1.0.8 - Size: 7.0 MB: https://www.ormankuza.com/instantdelivery/afsetup.exe
  14. The desk I’m typing this on is a little wobbly. I adjusted the legs yesterday to be a little shorter after noticing the reason my wrists were hurting was because they were bent upward at an uncomfortable angle. My office at home is now clean and empty, after spending several hours the day before throwing away empty boxes of electronics that I for some reason found value in keeping. I also finally fixed our “broken” bathroom door, which for the last three months wouldn’t shut all the way for some complex reason that I never took the time to investigate. Turns out it was a loose screw. Righty tighty. Being in an existential crisis is surprisingly good for doing things around the house. My latest bout with my brain’s reality was about the project I’m working on: a notes app that focuses on privacy. It encrypts your notes on your device before it sends it to the server. Why? For your privacy. Why? I don’t know. And so it begins. What’s the point?, I cry. What if this whole privacy wave we’re all swimming in ends up being shallow? What if this war we’re waging ends up being a cold war between ourselves and those we aim to hide information from, and it one day ceases to be the looming threat it is today? What if this monster we claim is out to eat our information turns out to be just a shadow? The whispers begin pointing at me. What if I’m putting all this time into this for nothing? I mean, do you even care about privacy? Ouch. But here, after being pushed to the bottom, I found a small strand of reason, and it reasoned with me: Privacy isn’t about you. It’s about all of us. To worry about privacy today, even though you may have no compelling reason to, is one of the largest contributions you can make to the future of humankind and the nature of governance. Privacy is about power. Many of us have taken a middle school course on civics, and the functioning of the U.S government. You know, three branches of government and checks and balances, or you may remember it as, like that’s ever going to come up. Enter February 2017. Oh. We owe this balanced functioning of a government to the strong paranoia of several individuals 240 years ago, enacting what can be described as even ridiculous measures to ensure some abstract functioning of a government that hadn’t even begun yet. None of these individuals reaped any tangible benefits from their actions and contributions in their lifetime. But without them, our lives and reality today would be very different. Many of us are today exhausted worrying after our privacy, not knowing how to keep up with the newest trends in encrypted messaging apps or which new wire-tapping programs can monitor which type of software on what port over what technology. And after the initial burst of adrenaline rush from hide-and-seek wears off, it’s easy to feel worn out, especially because we aren’t seeing any tangible benefits to our efforts. But privacy isn’t just about you or me, and what immediate returns we may see on our investment. It’s about the future of power. Of ensuring a system of checks and balances between ourselves and our governments and other large entities. There is a reason the information we produce is so cherished by these entities, and they will fight till the end to make sure our information is in their control. And because these entities are already so much more powerful than the collective privacy conscious, self-doubt and defeat is a reoccurring event. Battles may be lost, but never doubt the significance of this cause. A paranoia is in the air, like the paranoia of 1776. Don’t ignore it. Don’t believe it isn’t real. Don’t believe it’s not important. You are creating a better future for the people of 2217. And as humans who live comfortably today on the contributions and sacrifices of those before us, we owe it to contribute just as much to ensure a better life for our descendants. The fight for privacy will wage on for the next hundred years, and it starts with the actions, sacrifices, and decisions we make today. As humans in this century, some of the most important byproducts of our existence is the information produced and stored in our emails, notes, and messages. And make no mistake about it: this information belongs to you, and to no one else. You can join the fight for a balanced control of power by using and supporting applications that strive for privacy first and foremost. Email ProtonMail — Secure Email Based in Switzerland FastMail — Private, secure, ad-free email hosting for you or your business Notes Standard Notes (by the author) — A standard notes app with an un-standard focus on longevity, portability, and privacy. Turtl — Take notes, bookmark websites, and store documents for sensitive projects. Laverna — Keep your notes private. Messaging Semaphor — Encrypted group chat and file-sharing. Signal — Private messaging. Telegram — A new era of messaging. By Mo Bita https://journal.standardnotes.org/privacy-is-power-f0a064ab36ea#.j1vlvh12i
  15. Microsoft’s New Windows 10 Version Is Malware, Epic CEO Says Tim Sweeney can’t stop his rant against Windows 10 Cloud In a series of tweets, Sweeney calls Windows 10 Cloud “ransomware,” a form of malware that compromises computers by locking down files and asking for a ransom to restore access. “Windows Cloud is ransomware: It locks out Windows software you previously bought and makes you pay to unlock it by upgrading to Windows Pro,” he said in a tweet dated February 7. “Firefox blocked. Google Chrome blocked. Google search blocked as web browser search option. OpenGL, Vulcan, OpenVR, Oculus VR blocked,” he continued. “Microsoft is making a huge move against the whole PC ecosystem: @Adobe, @Autodesk, #Valve, @EA, @Activision, @Google, @Mozilla. All blocked. Windows Cloud will steal your Steam PC game library and ransom it back to you...for a price.” The Windows 10 Cloud story So is this thing true? Not at all, and it all starts with the purpose of Windows 10 Cloud, which by the way, is not yet confirmed and we don’t even know if everything we heard about it is true. First and foremost, Windows 10 Cloud appears to be a version of the Windows 10 operating system that exclusively focuses on Store apps, just like Windows RT did when it was launched in 2012 with the Surface RT. There is a good chance that Windows 10 Cloud would be offered to OEMs completely free to install it on their devices, and this contributes to lower prices when these models hits the shelves. Microsoft is expected to offer a built-in upgrade option that would allow Windows 10 Cloud users to switch to Windows 10 Pro, and thus get Win32 app support, should they pay for a license. This is pretty much what Sweeney is criticizing, claiming that once users pay for the upgrade, they get access to Win32 apps (this is also most likely the reason he calls Windows 10 Cloud “ransomware”). And yet, this is by no means ransomware, but only a way to bring cheaper devices to the market and boost adoption of UWP apps. The Epic CEO, however, is also criticizing Microsoft’s aggressive push for universal apps, claiming that the company is actually trying to destroy the Win32 ecosystem by forcing users to switch to Store apps entirely. Windows Cloud is ransomware: It locks out Windows software you previously bought and makes you pay to unlock it by upgrading to Windows Pro. — Tim Sweeney (@TimSweeneyEpic) February 7, 2017 Source
  16. Firewall App Blocker 1.5: Easier Windows Application Blocking Firewall App Blocker 1.5 is the latest version of the popular third-party program for Windows to block applications from accessing the Internet. While you can block any process from connecting to the Internet using the built-in firewall on Windows machines, the process is not overly comfortable as it involves several steps to complete. That's one of the main reasons why programs such as Windows Firewall Control and Firewall App Blocker are popular. Firewall App Blocker 1.5 Firewall App Blocker was designed to improve the process of allowing or blocking applications in Windows Firewall. The portable program extends Windows Firewall in this regard. To use it, download the latest version of the firewall program from the developer website (linked in the summary box below this article), and extract the archive that it is provided in. The program is provided as a 32-bit and 64-bit application in the program folder after extraction. The 64-bit version of the application is a new feature of this release. If you have used the last version of the program, released in 2014, you may notice differences immediately. The outbound and inbound rules are now separated, so that it is easier to keep an overview. All existing rules are listed in the interface. Each entry is listed with its name (usually program name and filename), the location on the disk, whether the rule is enabled, and the action (allow, block). You can sort the data with a click on a column header, for instance to display all active rules, or all rules that block connections. Add process is another new feature of Firewall App Blocker 1.5. You had to select programs on the disk in previous versions to add rules for them. With the new add process option, it is now possible to pick running processes as well which makes it easier as you don't have to browse the system for the file location anymore. Another feature that adds to the comfort level of the program is the add a folder option. It blocks all executable files in the selected folder automatically. This is useful if there are multiple executable files in a folder that you want to block. Instead of selecting each executable file individually, you'd simply block the whole folder using the program. How that is done? Simple: click on File > Add Folder Contents, and select the folder using the file browser that opens. This adds all executable files of that folder to the block list. Please note that this is a one-time process. The folder is not monitored for new executable files. So, any executable file placed in the folder after you run the operation is still allowed to run. You need to re-run the add folder option in this case or add the new executable file manually. Firewall App Blocker supports a new and handy "block all Internet" feature which you can toggle with a click on Firewall > Block Internet. You may use the same Firewall menu to disable the firewall as well. What else? The program window is resizable now, and you may change the font used by the application to display the firewall rules in the list. Last but not least, there is a new whitelist mode feature which blocks all processes from connecting to the Internet except for those on the whitelist. You switch between default mode and whitelist mode in the firewall menu. Closing Words The Firewall App Blocker 1.5 update improves the program in several significant ways: 64-bit program support, the new whitelist and folder blocking features, and the new handy process blocking options. Now You: Which firewall, and program, do you use on your machines? Source
  17. We've all wished we could be somebody else at some point in time; and while that isn't actually possible in reality, on the Internet it might sometimes be a necessity; Or at least make you feel more secure about registering at sites that insist upon names and other info that you don't want to provide and that they don't need to have. Well between these two sites, you can be someone else. http://www.fakenamegenerator.com/ *You'll notice that the above site has an email that you can activate, but given that it's not free, use what you can of it in the following site: http://hidebox.org/ *Use them to protect yourself and not to defraud someone else.
  18. Kryptel Standard 7.4.1 - Latest - Full Version Promo by Comss.ru Overview: Kryptel Standard offers reliable protection using encryption and ability to encrypt your files and folders with a single click. After this, your data will be part of an impregnable fortress. The app is easy to use to encrypt sensitive data, important files and documents. Kryptel Standard allows you to decrypt all or only some files at a time, and also includes a built-in browser that allows you to view the contents of the encrypted container. Kryptel Standard uses the latest encryption standard (NIST-Approved Advanced Encryption Standard - AES 256-bit), and also some additional ciphers for advanced users. You can even use Kryptel Standard to scan your hard disks in search for certain types of files to encrypt them when they are there. In addition, the application Kryptel Standard is so small that it can be run on a USB flash drive for protection on the go. More Info: Product Homepage, Edition Comparison Links: Offer: https://www.comss.info/page.php?al=Kryptel_Standard Shared Key: Note: Limited Period Offer. Current Status: Open. Terms: License should be activated by February 7, 2017 Lifetime license only for Kryptel Standard version 7.4.1[Specific Version] No upgrades to future versions No free support Personal use only Downloads: Kryptel Standard v7.4.1 - [Size: 17.56 MB]: https://www.kryptel.com/download/KryptelTrial.7.4.1.exe
  19. Steganos Online Shield VPN - 1 Year[365 Days] 2GB / 5GB / Unlimited* Per Month Promo by PC Pro Pals, this is not a new product from Steganos. It is the same old Online Shield 365. Now, it is just re-launched as Online Shield VPN. Actual Cost of OnlineShield VPN - 1 Year - $49.95. With Discount - $24.97 or $14.97. Now, you can get this for FREE - No Ads. NOTE: Limited Bandwidth - 2GB / 5GB / Unlimited* Per Month; 3 Devices; No Support; Personal Use Only. *Update: Some users are able to get Unlimited Bandwidth on at-least 1 key while using different browsers for 2 or multiple requests with different emails. Encryption Comparison between Steganos VPN Products: OkayFreedom VPN - 128-bit blowfish OnlineShield VPN - 256-bit AES More Info from TorrentFreak: https://torrentfreak.com/anonymous-vpn-providers-2016-edition2#steganos Links: Offer: https://www.steganos.com/specials/?m=pcpro0317&p=sos or https://www.steganos.com/specials/pcpro0317/sos Steps: Just click on any of the above links and enter your email. If you don't want to receive newsletters from Steganos Team, Uncheck the option. Now. Click on "Seriennummer anfordern". Check your mail and store the key. Tip: Note: Limited Period Offer. Current Status: Open. Downloads: Online Installer - Size: 2.6MB: https://file.steganos.com/software/downloader/steganos/sosintdle.exe Full Installer[Latest version]: https://file.steganos.com/software/sosint.exe - Size: 37.2MB (or) https://file.steganos.com/update/sosint.exe - Size: 37.2MB (or) https://file.steganos.com/software/wrappers/pcpro0317/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/auslogics0117/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/pcformatpl0217/sosintwr.exe - Size: 35.4MB - Link not working. Use any of the above/below links (or) https://file.steganos.com/software/wrappers/downloadmixcom1216/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/pcgo0117/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/chip1116/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/chip/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/steganos/sosintwr.exe - Size: 35.4MB - Link not working. Use any of the above links Other Downloads: Android App iOS App Support/FAQ: https://www.steganos.com/service
  20. Bad Ad Johnny Is An Ad, Tracker And Malware-Blocker For Chrome Developed by VPN provider PureVPN, Bad Ad Johnny is a one-stop ad, tracker and malware-blocker for Chrome. The extension aims to block absolutely everything, says the website, in particular those "acceptable ads": "I DO NOT shake hands with publishers under the table and let some ads slide." Installation is automatic and initially there’s nothing to do, just browse as usual and enjoy your ad-free existence. The Bad Ad Johnny icon updates in real time with the total number of blocked threats on the current page. If a figure seems high or you’re just curious, clicking the icon breaks down the figure by ads, trackers and malware. If this doesn’t completely work, a "Targeted Elements" enables choosing an area of the current page to block. A "Disable on this site" button turns the extension off for the current site only, and as you click a voice says "Enable me if you want to live". That’s funny for the first two or three times, annoying after that, but fortunately it can be turned off with a click. If you need more control, there are plenty of settings available. The "Global List" section is a good place to start, displaying the lists used to identify ads, malware, privacy and social media intrusions. You can disable some of these if they’re causing problems, or turn on others to try and block even more threats. Bad Ad Johnny is a free extension for Google Chrome. Source
  21. Tails 3.0 Anonymous Live OS Enters Beta, Ships with Linux 4.9 and GNOME 3.22 It will only work on 64-bit desktop and laptop computers The next version of the Tails 2.x series will be 2.11, currently scheduled for launch in early March, but it looks like the development of the Tails 3.0 major release continues in the background, and now users can get their hands on the Beta build. Tails 3.0 Beta comes two and a half months after the Alpha milestone released last year in November, when the project's developers announced that they would drop support for 32-bit systems, allowing the amnesic incognito live system to run only on 64-bit PCs. As usual, we took the Beta version of Tails 3.0 for a test drive to see what's new, and we can report that it's based on the upcoming Debian GNU/Linux 9 "Stretch" operating system and it's powered by the long-term supported Linux 4.9 kernel. GNOME 3.22 is the default desktop environment with redesigned Greeter However, probably the coolest new features of Tails 3.0 is the revamped Tails Greeter, a small dialog that will pop-up when you run the live system for the first time on your computer, helping you set up the default language, keyboard layout, formats, and other settings. Of course, Tails 3.0 will come pre-installed with all the anonymity tools that you love, including the recently introduced OnionShare utility for anonymous file sharing. The latest Tor and Tor Browser applications are also included to keep your identity safe from hackers and hide from government agencies. Numerous bugs have been squashed in this new pre-release version of Tails 3.0, but many known issues remain unresolved, and you can read all about them before jumping on the beta testing bandwagon in the official release notes. Without further ado, you can download the Tails 3.0 Beta Live ISO image right now, write it on a USB flash drive, and take it for a test drive on your modern, 64-bit computer. If you decide to stick with it, please keep in mind that it's a pre-release version, not suitable for production use, despite the fact that it will receive security updates. Source
  22. Some Windows 10 Devices Still Exposed to DMA Attacks That Can Steal BitLocker Keys An upcoming Windows 10 Insiders Build version will include a patch that will improve the protection against DMA attacks that could allow attackers to extract BitLocker encryption keys and other sensitive information from Windows 10 and 8.1 PCs. DMA (Direct Memory Access) is an acronym used to describe hardware ports that allow external components to directly connect and access a computer's memory (RAM). DMA attacks are a combo of software and hardware hacks that allow an intruder to obtain a computer's memory content via one of the computer's DMA ports. Depending on the timing of his attack, the stolen memory data can contain sensitive information such as the BitLocker PIN, encryption keys, passwords, and others. Researcher demoes DMA attack against protected PC DMA attacks aren't new, and have existed since the 90s, and Microsoft introduced protections against such attack vectors with the release of Windows 8.1 and Windows 10. Protection measures included certain group policies that would disable all DMA ports during startup, and would later freeze all DMA ports if the user locked his PC, but keep DMA ports open to data transfers if they were connected before the PC was locked. According to Finish security expert Sami Laiho, the protection measures Microsoft introduced were inneffective and didn't cover all types of DMA ports. This lead to situations where an attacker could extract data from DMA ports even if the computer's owner had enabled DMA port protections. Laiho demoed one such attack via a FireWire port at the Microsoft Ignite conference last year. The attack's description and demo start at 44:55 in the video below: Microsoft's DMA port protections were ineffective Via email, Laiho has detailed some of Microsoft's problems with DMA ports and their protections: "DMA-attacks were for years blocked with instructions from Microsoft," Laiho said. "They have been and are incorrect." "In Windows 8.1 Microsoft said they had a feature that would not allow DMA-attacks if the computer was locked. This ended up being misinformation," Laiho noted. "In Windows 10 Microsoft said this [DMA protection] feature was now in place and ON by default. This was misinformation as well as it is there but not ON by default, and [...] it doesn’t apply to all devices, only some." Laiho also added that "this [DMA protection feature] was configurable only for people who used Microsoft InTune MDM (very few)." For the past few years, the researcher has been pestering the Microsoft security team to expand this protection. Last week, Microsoft finally admitted he was right. "This [current] mitigation only protects PCI-based buses, for example, ExpressCard, Thunderbolt, & some docking stations (PCIe based). Older, non-PCI buses such as 1394 and CardBus are still vulnerable," Microsoft admitted. Updated DMA attack protection coming in a few weeks "They will provide a Group Policy setting in a few weeks to the Windows Insiders [Build] and later publicly," Laiho told Bleeping Computer. "This will still only protect against the more modern busses, so you need to use this and my instructions to make it a safe combo." Visit Laiho's blog for updated instructions on how to properly shut down DMA ports running on old buses. Source
  23. Avast Releases Three New Decryption Tools to Fight Ransomware There are now 14 anti-ransomware tools available from Avast “In the past year more than 200 new strains of ransomware were discovered, it’s growth of in-the-wild samples two-folded, but the good news is that hundreds of millions of Avast and AVG users were protected against this popular threat,” reads a blog post signed by Jakub Kroustek, reverse engineer and malware analyst at Avast. The three new decryption tools address three different ransomware strains – HiddenTear, Jigsaw and Stampado/Philadelphia. Some solutions for these particular strains are already available, coming from other security researchers. Avast decided, however, that it is always best to have multiple options. That’s because these three strains are particularly active and frequently encountered, especially in the past few months. Since the used encryption keys update often, so must the decryption tools. In the end, whether it’s Avast’s tools or those made by other security researchers that work against the ransomware, it’s all for the same purpose. “Last but not least, we were able to significantly speed-up the decryption time, more precisely the password brute-force process, so e.g. some of the HiddenTear variants will be decrypted within minutes instead of days. The best results are achieved when decrypting files directly from the infected machine,” Kroustek writes. Decrypting HiddenTear HiddenTear has been around for a while and the code is actually hosted on GitHub. Given the fact that it is so present, many hackers have gone and tweaked the code and starting using it. Encrypted files have a wide range of extensions: .locked, .34xxx, .bloccato, .BUGSECCCC, .Hollycrypt, .lock, .saeid, .unlockit, .razy, .mecpt, .monstro, .lok, .암호화됨, .8lock8, .fucked, .flyper, .kratos, .krypted, .CAZZO, .doomed. and more. After all the files are encrypted, a text file will appear on the user’s desktop. Decrypting Jigsaw Jigsaw was first spotted in the wild in March 2016, and many of its strains use the picture of the Jigsaw Killer from the same-name movie in the ransom screen. Files encrypted after the computer was infected with Jigsaw have Encrypted files will have one of the following extensions: .kkk, .btc, .gws, .J, .encrypted, .porno, .payransom, .pornoransom, .epic, .xyz, .versiegelt, .encrypted, .payb, .pays, .payms, .paymds, .paymts, .paymst, .payrms, .payrmts, .paymrts, .paybtcs, .fun, .hush. Keeping up with the movie script, the malware will delete a file per hour if you don’t pay up. Decrypting Stampado This particular ransomware has been around since August 2016, and it’s being sold on the dark web. Multiple versions have been circulating on the Internet, one of them is called Philadelphia. Most often than not, Stampado adds the .locked extension to the encrypted files. Stampado will delete a new file every 6 hours unless you pay the ransom. Check out Avast’s list of anti-ransomware tools and see if you can find one to help you out. Source
  24. Megaupload 2.0 News Delayed By ‘Expected’ Roadblock A few hours ago Kim Dotcom was gearing up to make an important announcement about a new version of the defunct Megaupload service. However, with minutes left to go, the Megaupload 2.0 plans hit an "expected" roadblock, which means that the wait continues. January 2012, New Zealand Police carried out the largest action ever against individuals accused of copyright infringement. The raid on Kim Dotcom’s Coatesville mansion was carried out on behalf of United States authorities, who are still trying to extradite him and several of his former colleagues. Meanwhile, Dotcom hasn’t been sitting still. Today, exactly five years after the raid on his house and the destruction of the original Megaupload, the entrepreneur planned to announce fresh details on a new and improved version, Megaupload 2.0. Dotcom, who is not officially part of the venture but acts as its chief “evangelist,” informed us a few months ago that the launch was delayed but that more information would come out today. “It is unlikely that we can make a full January 20th launch happen. The fund-raising was delayed and the legal team needed more time for the new setup. But we will reveal more details about Megaupload 2 and Bitcache on that special day,” Dotcom said at the time. Those who followed Dotcom’s Twitter updates were indeed promised some “big news,” but at the end of the day things turned out quite differently. The announcement had to be delayed due to an “expected” roadblock. “Sorry but there has been an expected hiccup. Will tell you all about it later today. Let this play out and give me some time to update you,” Dotcom noted. No further details on the exact reason for the delay were provided, but the Megaupload 2.0 team is actively working on a solution. This may take a few days, according to a message posted by Dotcom a few hours ago. Operation Destroy roadblock This appears to be the first bump in the road after Megaupload 2.0 was first mentioned last summer. Prospective users who are eager for more details have to be patient for a little longer. From what has been revealed thus far, Megaupload 2.0 and the associated Bitcache platform will allow people to share and store files, linking every file-transfer to a bitcoin transaction. The bitcoin element is not the only part that’s new. Unlike the original Megaupload, the new incarnation isn’t going to store all files itself. Instead, it plans to use third-party providers such as Maidsafe and Storj. This means that the new Megaupload will mostly act as a middleman between other file-storage platforms, adding a separate layer of encryption through Bitcache. More information and perhaps some technical details are expected to follow in the near future. Source
  25. BitChute is a BitTorrent-Powered YouTube Alternative YouTube is without doubt one of the Internet's best platforms, but it does have its weaknesses, particularly when it comes to monetizing controversial content. Using BitTorrent under the hood to avoid expensive bandwidth bills, could the recently launched BitChute become a viable alternative? YouTube attracts over a billion visitors every month, with many flocking to the platform to view original content uploaded by thousands of contributors. However, those contributors aren’t completely free to upload and make money from whatever they like. Since it needs to please its advertisers, YouTube has rules in place over what kind of content can be monetized, something which caused a huge backlash last year alongside claims of censorship. But what if there was an alternative to YouTube, one that doesn’t impose the same kinds of restrictions on uploaders? Enter BitChute, a BitTorrent-powered video platform that seeks to hand freedom back to its users. “The idea comes from seeing the increased levels of censorship by the large social media platforms in the last couple of years. Bannings, demonetization, and tweaking algorithms to send certain content into obscurity and, wanting to do something about it,” BitChute founder Ray Vahey informs TorrentFreak. “I knew building a clone wasn’t the answer, many have tried and failed. And it would inevitably grow into an organization with the same problems anyway.” As seen in the image below, the site has a familiar layout for anyone used to YouTube-like video platforms. It has similar video controls, view counts, and the ability to vote on content. It also has a fully-functioning comment section. Of course, one of the main obstacles for video content hosting platforms is the obscene amounts of bandwidth they consume. Any level of success is usually accompanied by big hosting bills. But along with its people-powered philosophy, BitChute does things a little differently. Instead of utilizing central servers, BitChute uses WebTorrent, a system which allows people to share videos directly from their browser, without having to configure or install anything. Essentially this means that the site’s users become hosts of the videos they’re watching, which slams BitChute’s hosting costs into the ground. “Distributed systems and WebTorrent invert the scalability advantage the Googles and Facebooks have. The bigger our user base grows, the more efficiently it can serve while retaining the simplicity of the web browser,” Vahey says. “Also by the nature of all torrent technology, we are not locking users into a single site, and they have the choice to retain and continue sharing the files they download. That puts more power back in the hands of the consumer where it should be.” The only hints that BitChute is using peer-to-peer technology are the peer counts under each video and a short delay before a selected video begins to play. This is necessary for the system to find peers but thankfully it isn’t too intrusive. As far as we know, BitChute is the first attempt at a YouTube-like platform that leverages peer-to-peer technology. It’s only been in operation for a short time but according to its founder, things are going well. “As far as I could tell, no one had yet run with this idea as a service, so that’s what myself and few like-minded people decided. To put it out there and see what people think. So far it’s been an amazingly positive response from people who understand and agree with what we’re doing,” Vahey explains. “Just over three weeks ago we launched with limited upload access on a first come first served basis. We are flat out busy working on the next version of the site; I have two other co-founders based out of the UK who are supporting me, watch this space,” he concludes. Certainly, people will be cheering the team on. Last September, popular YouTuber Bluedrake experimented with WebTorrent to distribute his videos after becoming frustrated with YouTube’s policies. “All I want is a site where people can say what they want,” he said at the time. “I want a site where people can operate their business without having somebody else step in and take away their content when they say something they don’t like.” For now, BitChute is still under development, but so far it has impressed Feross Aboukhadijeh, the Stanford University graduate who invented WebTorrent. “BitChute is an exciting new product,” he told TF this week. “This is exactly the kind of ‘people-powered’ website that WebTorrent technology was designed to enable. I’m eager to see where the team takes it.” BitChute can be found here. Source