Jump to content

Search the Community

Showing results for tags 'security'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 38 results

  1. Torrent Client uTorrent Suffers Security Vulnerability (Updated) BitTorrent client uTorrent is suffering from an as yet undisclosed vulnerability. The security flaw was discovered by Google security researcher Tavis Ormandy, who previously said he would reveal a series of "remote code execution flaws" in torrent clients. BitTorrent Inc. has rolled out a 'patch' in the latest Beta release and hopes to fix the stable uTorrent client later this week. With dozens of millions of active users a day, uTorrent has long been the most used torrent client. The software has been around for well over a decade and it’s still used to shift petabytes of data day after day. While there haven’t been many feature updates recently, parent company BitTorrent Inc. was alerted to a serious security vulnerability recently. The security flaw in question was reported by Google vulnerability researcher Tavis Ormandy, who first reached out to BitTorrent in November last year. Google’s Project Zero allows developers a 90-day window to address security flaws but with this deadline creeping up, BitTorrent had remained quiet. Late last month Ormandy again reached out to BitTorrent Inc’s Bram Cohen, fearing that the company might not fix the vulnerability in time. “I don’t think bittorrent are going to make a 90 day disclosure deadline, do you have any direct contacts who could help? I’m not convinced they understand the severity or urgency,” Ormandy wrote on Twitter. Nudge While Google’s security researcher might have expected a more swift response, the issue wasn’t ignored. BitTorrent Inc has yet to fix the problem in the stable release, but a patch was deployed in the Beta version last week. BitTorrent’s Vice President of Engineering David Rees informed us that this will be promoted to the regular release this week, if all goes well. While no specific details about the vulnerability have yet to be released (update below), it is likely to be a remote execution flaw. Ormandy previously exposed a similar vulnerability in Transmission, which he said was the “first of a few remote code execution flaws in various popular torrent clients.” BitTorrent Inc. told us that they have shared their patch with Ormandy, who according to the company confirmed that this fixes the security issues (update below). uTorrent Beta release notes “We have also sent the build to Tavis and he has confirmed that it addresses all the security issues he reported,” Rees told us. “Since we have not promoted this build to stable, I will reserve reporting on the details of the security issue and its fix for now.” BitTorrent Inc. plans to release more details about the issue when all clients are patched. Then it will also recommend users to upgrade their clients, so they are no longer at risk, and further information will also be available on Google’s Project Zero site. Of course, people who are concerned about the issue can already upgrade to the latest uTorrent Beta release right away. Or, assuming that it’s related to the client’s remote control functionality, disable that for now. Update: More details about the vulnerability (and a demo) have been published by Ormandy after we finished this article. It is indeed a DNS rebinding issue that potentially allows outsiders to remotely execute code through uTorrent’s remote control feature. Also, uTorrent’s patch appears not to be as solid as BitTorrent Inc. believes, according to Google’s security researcher. “Hmm, it looks like BitTorrent just added a second token to uTorrent Web. That does not solve the DNS rebinding issue, it just broke my exploit,” he writes. Still vulnerable? Fixed? Update 2: BitTorrent inc just released the following statement: “On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and BitTorrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user’s consent (e.g. adding a torrent). A fix for uTorrent Web was released a few hours ago according to BitTorrent Inc and users are recommended to update this to the latest available build as well. To be continued... Note: uTorrent’s Beta changelog states that the fixes were applied on January 15, but we believe that this should read February 15 instead. SOURCE
  2. Browser in the Box 4.6.1

    Browser in the Box The virtual environment for secured and comfortable web browsing Browsing the Internet has become an absolutely necessity in today’s work environments. No-one even considers collecting information without using the web. But our computers also process confidential and critical information such personal and company-internal data. Using the Internet offers huge benefits, but is also subject to constantly changing threats. The development of different browser versions in the past years can be seen not only as functional progress but as a constant race in the battle against various attack scenarios. Ever since the Internet has become active with the advent of Web 2.0, the balance between threats and benefits has been lost. “Active content” has become a standard part of modern web sites. Websites are more and more indistinguishable from full blown native applications. Programming interfaces like JavaScript, Java, ActiveX or VBScript provide a means for accessing the computer and its resources such as its file system or webcam. Trojans and viruses can abuse such powerful tools e.g. to steal confidential data. Companies and authorities alike are facing a dilemma: to substantially limit the use of the Internet or to find a way of living with existing threats. Homepage https://cybersecurity.rohde-schwarz.com/en/products/secure-endpoint/browser-box Downloads Browser in the Box with Firefox for Windows 7/8.1/10 https://cybersecurity.rohde-schwarz.com/sites/default/files/download/browser_in_the_box.4.6.1-r352.firefox.archive.exe Browser in the Box with Chrome for Windows 7/8.1/10 https://cybersecurity.rohde-schwarz.com/sites/default/files/download/browser_in_the_box.4.6.1-r352.chrome.archive.exe User Manual https://myrscs.rohde-schwarz.com/confluence/display/CKB/Documentation?preview=/9306435/9306454/Browser-in-the-Box_user_manual.pdf
  3. Dr.Web Security Space PRO v12.1.1 + Keys Requirements: 4.0+ Overview: Complex protection from all kinds of threats for mobile devices, Anti-virus for TV sets, media players, and game consoles based on Android TV. Complex protection from all kinds of threats for mobile devices, Anti-virus for TV sets, media players, and game consoles based on Android TV. The product is free for 14 days; after that you need to purchase a commercial license valid for a year or more. Use Dr.Web Security Space for Android for free with the purchase of Dr.Web Security Space or Dr.Web Anti-virus for PC/Mac. Features and Advantages • Quick and full file system scanning; scanning of individual files and folders upon a request. Real-time scanning of a file system. Unlocking of data from ransomware Trojans and data safety with no need to pay a ransom to cybercriminals. Even when a phone is fully blocked, even by blockers unknown to the Dr.Web virus databases. • Detection of new, unknown malicious programs using the unique Origins Tracing™ technology. • Moving of detected threats to the quarantine; restoration of files. Password protection of the Anti-virus settings and access to applications Minimal load on the operating system. • Discreet use of battery resources. • Traffic saving due to a small size of the virus database updates. • Detailed statistics. A convenient and informative widget on a device home screen. Call and SMS Filter Protection from unwanted calls and SMS messages. • Selection of filtration modes. - Personal filtering profiles. • Black list. • Review of blocked calls and messages. Caution: The Call and SMS Filter does not operate on devices without a SIM card. Anti-theft It will help in locating a device in case of its loss or theft; its data can be remotely deleted if necessary. • Blocking of a device after a restart • Blocking of a device with a request to enter a password for unlocking • Unlocking using SMS/via the website https://asc.drweb.com • GPS coordinates of a device • Possibility to remotely delete data from a device memory and its SD card. • Audio alarm • Possibility to display a text on a screen of a blocked device • Possibility to create a list of contacts that will receive a notification on a change of a SIM card on the lost device with the number of the new SIM card, which can be used when appealing to police. These numbers can be used to unlock a phone, if you forget a password. Caution: Anti-theft does not operate on devices without a SIM card. URL filter Restricts access to unwanted Internet resources. Blocking of websites that distribute viruses. Blocking according to subject categories (drugs, violence, etc.). White and black lists of websites Access only to websites from the White list Parental Control Protects application from an unauthorized access and the Anti-virus settings—from unwanted changes by outsiders and children. Blocking of access to applications. Blocking of Dr.Web settings modification. Password protection Security Auditor • Runs diagnostics, exposes security issues and proposes their solutions. Firewall Controls network activity of applications. • Filtering of external network traffic of applications, that are installed on a device, and system applications—according to a user choice (Wi-Fi, network) and configurable rules (according to IP addresses and/or ports, entire networks, address ranges); • Monitoring of current and already transferred traffic—with information on addresses/ports connected by applications and on incoming and outgoing traffic; • Detailed logs. Features of Dr.Web removal when Anti-theft is installed If Dr.Web Anti-theft is enabled on your device, disable it before the application removal. This app uses the Device Administrator permission. This app uses Accessibility services. What's New * Fixed an issue of an emergency application shutdown that occurred on some devices. * Introduced minor interface changes. 1) Install Dr.Web 2) Unzip key 3) Open Dr.Web 4) Select "Use existing license" 5) Select "Copy from file" then OK 6) Browser for the key and select it 7) It shows "The key file is received" This app has no advertisements More Info: https://play.google.com/store/apps/details?id=com.drweb.pro&hl=en Download Instructions https://uploadocean.com http://turbobit.net
  4. ESET Mobile Security & Antivirus PREMIUM v4.0.8.0 + Key Requirements: 4.0+ Overview: ESET Mobile Security is a premium cyber security solution that protects your smartphone and tablet. After installing, you automatically get to try all PREMIUM features for 30 days – without subscribing. Then you can upgrade to PREMIUM, or continue with basic protection, which is lifetime for FREE. BENEFIT FROM FREE FEATURES ✓ On-demand Scan triggered by the user ✓ On-access Scan of downloaded applications and files ✓ Quarantine ✓ Anti-Theft – with Remote Lock, Remote Siren and GPS Localization activated by SMS ✓ Support ✓ USSD vulnerability protection ✓ Tablet friendly interface SUBSCRIBE TO PREMIUM FEATURES ✪ Proactive Anti-Theft with web interface on my.eset.com ✪ Anti-Phishing ✪ Scheduled scanning ✪ On-charger scan ✪ Automatic updates ✪ SMS/MMS/Call blocking ✪ Device Monitoring of important settings ✪ Application Audit TRY PROACTIVE ANTI-THEFT ★ Integration with _my.eset.com web interface for Android devices and Windows laptops protected by ESET Smart Security ★ Suspicious state – Autonomous action when wrong PIN/pattern is entered or unauthorized SIM change detected ★ Camera Pictures – Front/back camera snapshots ★ On Screen Message – Customizable message to potential device finder ★ Low Battery – If the device hits critical battery level, its current location is sent to my.eset.com ★ User IP Address Details – Listing of IP addresses the device was connected to if marked as missing JOIN OUR BETA TESTING COMMUNITY Get your hands on the latest versions of ESET Mobile Security and help us shape the future of our Android apps by following this link: _https://play.google.com/apps/testing/com.eset.ems2.gp PERMISSIONS In order to protect your Android device and valuable information, we will ask you to grant ESET various permissions. ESET will NEVER use these permissions for data collection or Marketing purposes. Promise! For a detailed explanation of what each type of permission is used for, please see our Knowledge Base _http://kb.eset.com/android IF SOMETHING DOESN’T WORK If you are experiencing any issues with the latest version of ESET Mobile Security & Antivirus, please send us the log files using the in-app form, which you can access by pushing the menu button (generally a hardware button located in the lower part of the device) and then tapping on ‘Customer Care’. FEEDBACK After you install ESET Mobile Security & Antivirus, you will become part of our community, which will enable you to send your feedback. If you have any suggestions, questions or just want to say hello, please send us an e-mail to [email protected] What's New - Small bug-fixes and optimizations Key until 2019 This app has no advertisements More Info: https://play.google.com/store/apps/details?id=com.eset.ems2.gp&hl=en Download Instructions: https://uploadocean.com http://turbobit.net
  5. WikiLeaks Chat Reportedly Reveals GOP Bias Leaked conversations from a private WikiLeaks chat group reportedly reveal founder Julian Assange as favoring a Republican Party candidate in the last US presidential election. Rumors have been swirling for some time that the whistleblowing site in some way colluded with Russia over the leaking of hacked Democratic Party emails during the race for the White House. Special counsel Robert Mueller is also investigating possible collusion between the Trump campaign and Russian intelligence, which is said by the CIA, NSA and others to have leaked the damaging emails under the “Guccifer 2.0” moniker. Hillary Clinton has described the efforts of “Russian WikiLeaks” as contributing to her election loss. The leaked transcripts from the direct message group chat would seem to support her suspicions. “We believe it would be much better for GOP to win,” Assange is reported to have written. “[Clinton]’s a bright, well connected, sadistic sociopath.” The private group chat with several WikiLeaks supporters was leaked to The Intercept by the person who originally set it up in 2015; someone who goes by the pseudonym 'Hazelpress'. That person is said to have decided to go public after reports were published claiming that Donald Trump Jr had secretly contacted the site ahead of the election, during which correspondence he was advised to tell his father to reject the results as rigged if he lost and to ask if he could get Assange an Australian ambassadorship. WikiLeaks claims to be a neutral transparency organization. The leaked transcripts also reveal an underlying current of misogyny and anti-Semitism. There's no direct evidence that Assange penned the WikiLeaks entries in the chat log, although as founder he’s widely believed to be in control of the site’s Twitter feed. He’s currently holed up in the Ecuadorian embassy in London, where he’s been hiding from the police since 2012. SOURCE
  6. FedEx S3 Bucket Exposes Private Details on Thousands Worldwide Personal information for thousands of FedEx customers worldwide has been exposed after a legacy Amazon Web Services (AWS) cloud storage server was left open to public access without a password. Kromtech Security Center researchers stumbled upon the AWS S3 bucket, finding that it contained more than 119,000 scanned documents, including passports, drivers’ licenses and Applications for Delivery of Mail Through Agent forms, which contain names, home addresses, phone numbers and ZIP codes. The victims include citizens of countries around the globe, including Australia, Canada, China, EU countries, Japan, Kuwait, Malaysia, Mexico, Saudi Arabia and others. The server turned out to be an inherited one, with information from Bongo International – a company that FedEx bought in 2014. Bob Diachenko, head of communications at Kromtech, noted that the shipping giant relaunched Bongo in 2016 as FedEx Cross Border International, to enable international shipping delivery and logistics. That service was closed down last April, but the bucket remained exposed. "Technically, anybody who used Bongo International services back in 2009–2012 is at risk of having his/her documents scanned and available online for so many years,” Diachenko said. “Seems like [the] bucket has been available for public access for many years in a row. Applications are dated within [the] 2009–2012 range, and it is unknown whether FedEx was aware of that ‘heritage’ when it bought Bongo International back in 2014." FedEx has now removed the server from public access and issued a statement saying that there’s no evidence that the data fell into nefarious hands. “After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx told ZDnet. “The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.” Tim Prendergast, CEO of Evident.io, noted that nonetheless, it’s a fact that hackers are actively searching for these kinds of misconfigurations. “Hackers are going after S3 buckets and other repositories because that's where the data is but also because they're easy to find,” he said via email. “There's a whole hacker cottage industry around finding and exploiting S3 buckets, and it's growing because as cloud environments grow, so do the number of unsecured assets that are discoverable.” The incident shows once again that many companies aren’t following best practices when it comes to securing their cloud infrastructure, and many seem confused about whose responsibility it is to provide that security. “The incident, echoing others we’ve seen time and time again…raises the larger issue that many organizations have not yet fully grasped the idea that most public cloud providers are not managing their data – but are just providing a platform or infrastructure, so the management protection of data is left up to the companies themselves,” Obsidian Security CTO Ben Johnson said via email. “It’s critical that enterprises understand the risks of the cloud – that availability and uptime also mean that their data can be easily accessed unless they have the right controls in place.” Brian NeSmith, CEO and co-founder at Arctic Wolf Networks, added: “We need to get our heads out of the clouds, because cloud services are only as secure as you make them. Companies need to start applying the same rigor and discipline to their cloud infrastructure as they do to their on-premises network.” The incident also showcases the need to implement good security practices after a merger or acquisition. “During any M&A transaction it is important that the company who is selling their assets notify their customers that the business is going to be sold and their private data will be transferred to new ownership,” Kromtech’s Diachenko said. “The purchasing company should give customers the option to opt out of their data being transferred and provide a data protection notice. This case highlights just how important it is to audit the digital assets when a company acquires another and to ensure that customer data is secured and properly stored before, during and after the sale. During the integration or migration phase is usually the best time to identify any security and data privacy risks.” SOURCE
  7. Energy-efficient encryption for the internet of things MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. Credit: Massachusetts Institute of Technology Most sensitive web transactions are protected by public-key cryptography, a type of encryption that lets computers share information securely without first agreeing on a secret encryption key. Public-key encryption protocols are complicated, and in computer networks, they're executed by software. But that won't work in the internet of things, an envisioned network that would connect many different sensors—embedded in vehicles, appliances, civil structures, manufacturing equipment, and even livestock tags—to online servers. Embedded sensors that need to maximize battery life can't afford the energy and memory space that software execution of encryption protocols would require. MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. The researchers describe the chip in a paper they're presenting this week at the International Solid-State Circuits Conference. Like most modern public-key encryption systems, the researchers' chip uses a technique called elliptic-curve encryption. As its name suggests, elliptic-curve encryption relies on a type of mathematical function called an elliptic curve. In the past, researchers—including the same MIT group that developed the new chip—have built chips hardwired to handle specific elliptic curves or families of curves. What sets the new chip apart is that it is designed to handle any elliptic curve. "Cryptographers are coming up with curves with different properties, and they use different primes," says Utsav Banerjee, an MIT graduate student in electrical engineering and computer science and first author on the paper. "There is a lot of debate regarding which curve is secure and which curve to use, and there are multiple governments with different standards coming up that talk about different curves. With this chip, we can support all of them, and hopefully, when new curves come along in the future, we can support them as well." Joining Banerjee on the paper are his thesis advisor, Anantha Chandrakasan, dean of MIT's School of Engineering and the Vannevar Bush Professor of Electrical Engineering and Computer Science; Arvind, the Johnson Professor in Computer Science Engineering; and Andrew Wright and Chiraag Juvekar, both graduate students in electrical engineering and computer science. Modular reasoning To create their general-purpose elliptic-curve chip, the researchers decomposed the cryptographic computation into its constituent parts. Elliptic-curve cryptography relies on modular arithmetic, meaning that the values of the numbers that figure into the computation are assigned a limit. If the result of some calculation exceeds that limit, it's divided by the limit, and only the remainder is preserved. The secrecy of the limit helps ensure cryptographic security. One of the computations to which the MIT chip devotes a special-purpose circuit is thus modular multiplication. But because elliptic-curve cryptography deals with large numbers, the chip's modular multiplier is massive. Typically, a modular multiplier might be able to handle numbers with 16 or maybe 32 binary digits, or bits. For larger computations, the results of discrete 16- or 32-bit multiplications would be integrated by additional logic circuits. The MIT chip's modular multiplier can handle 256-bit numbers, however. Eliminating the extra circuitry for integrating smaller computations both reduces the chip's energy consumption and increases its speed. Another key operation in elliptic-curve cryptography is called inversion. Inversion is the calculation of a number that, when multiplied by a given number, will yield a modular product of 1. In previous chips dedicated to elliptic-curve cryptography, inversions were performed by the same circuits that did the modular multiplications, saving chip space. But the MIT researchers instead equipped their chip with a special-purpose inverter circuit. This increases the chip's surface area by 10 percent, but it cuts the power consumption in half. The most common encryption protocol to use elliptic-curve cryptography is called the datagram transport layer security protocol, which governs not only the elliptic-curve computations themselves but also the formatting, transmission, and handling of the encrypted data. In fact, the entire protocol is hardwired into the MIT researchers' chip, which dramatically reduces the amount of memory required for its execution. The chip also features a general-purpose processor that can be used in conjunction with the dedicated circuitry to execute other elliptic-curve-based security protocols. But it can be powered down when not in use, so it doesn't compromise the chip's energy efficiency. "They move a certain amount of functionality that used to be in software into hardware," says Xiaolin Lu, director of the internet of things (IOT) lab at Texas Instruments. "That has advantages that include power and cost. But from an industrial IOT perspective, it's also a more user-friendly implementation. For whoever writes the software, it's much simpler." SOURCE
  8. ShieldApps’ Ransomware Defender deals with known ransomware in a way no other solution can. Specially designed for detecting and blocking ransomware prior to any damage, Ransomware Defender blacklists and stops both common and unique ransomware. Once installed, Ransomware Defender stands guard 24/7 utilizing active protection algorithms enhanced with user-friendly alerts and notifications system. Ransomware Defender is fully automated, taking care of all threats via an advanced Scan > Detect > Lock Down mechanism that proactively stands guard to detected threats, and works alongside all main antiviruses and anti-malware products! Ransomware Defender also features a scheduled automatic scan, secured file eraser, lifetime updates and support! More Screehshots: Homepage: https://shieldapps.com/products/ransomware-defender/ or https://www.shieldapps.online/collections/ransomware-defender Download: https://s3.amazonaws.com/shield-products/RansomwareDefender/ShieldApps/RansomwareDefenderSetup.exe or https://s3.amazonaws.com/shield-products/RansomwareDefender/Reseller/RansomwareDefenderSetup.exe Manual/Guide: https://s3.amazonaws.com/partnertemporary/resellerresources/Ransomware+Defender+Operation+Manual.pdf 3.5.8 - 3.x Patch from URET TEAM - igorca: Site: https://yadi.sk Sharecode[?]: /d/CPeTqzwJ3HqiyP
  9. JenX Botnet Has Grand Theft Auto Hook Researchers at Radware have discovered a new botnet that uses vulnerabilities linked with the Satori botnet and is leveraging the Grand Theft Auto videogame community to infect IoT devices. Satori is a derivative of Mirai, the notorious botnet that in 2016 infamously managed to take down Dyn, a DNS hosting provider that supports some of the world’s largest websites. The vulnerabilities in question are CVE-2014-8361 and CVE-2017-17215, which affect certain Huawei and Realtek routers, Radware researcher Pascal Geenens said in a blog post. Radware’s inquiry into the botnet led it to a command-and-control server hosted at the site San Calvicie, which offers not only multiplayer mod support for Grand Theft Auto: San Andreas, but also DDoS attacks for a fee. Enthusiasts of the venerable videogame series, which places players in an immersive 3-D world of violence and vicarious thrills, have created an extensive universe of add-on features and tweaks, or “mods,” in the name of enriching and extending their experience. Sites such as San Calvicie cater to GTA gamers who want to host their own custom versions of GTA for multiplayer action. “The Corriente Divina (‘divine stream’) option is described as ‘God’s wrath will be employed against the IP that you provide us,” Geenens wrote of the site’s DDoS offering. “It provides a DDoS service with a guaranteed bandwidth of 90-100 Gbps and attack vectors including Valve Source Engine Query and 32 bytes floods, TS3 scripts and a ‘Down OVH’ option which most probably refers to attacks targeting the hosting service of OVH, a cloud hosting provider that also was a victim of the original Mirai attacks back in September 2016. OVH is well known for hosting multi-player gaming servers such as Minecraft, which was the target of the Mirai attacks at the time.” Shortly after Geenens made his initial discovery, he returned to the site and found that the terms of engagement had changed. Now the listing included a reference to “bots,” and offered a DDoS volume of between 290 and 300 Gbps, for the same low price of $20 a pop. While derived from established code, the San Calvicie-hosted botnet, which Geenens has dubbed “JenX”, is deployed in a different manner than its predecessors. “Untypical for IoT botnets we have witnessed in the past year, this botnet uses servers to perform the scanning and the exploits,” he wrote. “Nearly all botnets, including Mirai, Hajime, Persirai, Reaper, Satori and Masuta perform distributed scanning and exploiting. That is, each victim that is infected with the malware will perform its own search for new victims. This distributed scanning provides for an exponential growth of the botnet, but comes at the price of flexibility and sophistication of the malware itself.” The centralized approach employed by JenX trades slower growth for lower detection, he added. The danger from JenX should be mostly confined to GTA San Andreas users, Gessens said, but with a stern caveat. “[T]here is nothing that stops one from using the cheap $20 per target service to perform 290 Gbps attacks on business targets and even government related targets,” he wrote. “I cannot believe the San Calvicie group would oppose to it.” Radware filed abuse notifications related to JenX, resulting in a partial takedown of the botnet’s server footprint, but it remains active. JenX’s implementation makes taking it down a tricky task. “As they opted for a central scan and exploit paradigm, the hackers can easily move their exploit operations to bulletproof hosting providers who provide anonymous VPS and dedicated servers from offshore zones,” he wrote. “These providers do not care about abuse. Some are even providing hosting services from the Darknet. If the exploit servers would be move to the Darknet, it would make it much more difficult to track down the servers’ location and take them down.” SOURCE
  10. [Poster Comment: Personally I don't understand why they would need encryption since they had no protection in the age of film, which could be and was confiscated or destroyed and could be stolen. Just because the medium has changed there doesn't need to be an expensive system put in place that would cost everyone more, not just the professional photographers. And their cards could still be stolen.] A year after photojournalists and filmmakers sent a critical letter to camera makers for failing to add a basic security feature to protect their work from searches and hacking, little progress has been made. The letter, sent in late-2016, called on camera makers to build encryption into their cameras after photojournalists said they face "a variety of threats from border security guards, local police, intelligence agents, terrorists, and criminals when attempting to safely return their footage so that it can be edited and published," according to the Freedom of the Press Foundation, which published the letter. The threat against photojournalists remains high. The foundation's US Press Freedom Tracker tallied more than 125 incidents against reporters last year, including the smashing of reporters' cameras and the "bodyslam" incident. Even when they're out in the field, collecting footage and documenting evidence, reporters have long argued that without encryption, police, the military, and border agents in countries where they work can examine and search their devices. "The consequences can be dire," the letter added. Although iPhones and Android phones, computers, and instant messengers all come with encryption, camera makers have fallen behind. Not only does encryption protect reported work from prying eyes, it also protects sources -- many of whom put their lives at risk to expose corruption or wrongdoing. The lack of encryption means high-end camera makers are forcing their customers to choose between putting their sources at risk, or relying on encrypted, but less-capable devices, like iPhones. We asked the same camera manufacturers if they plan to add encryption to their cameras -- and if not, why. The short answer: don't expect much any time soon. An Olympus spokesperson said the company will "in the next year... continue to review the request to implement encryption technology in our photographic and video products and will develop a plan for implementation where applicable in consideration to the Olympus product roadmap and the market requirements." When reached, Canon said it was "not at liberty to comment on future products and/or innovation." S ony also said it "isn't discussing product roadmaps relative to camera encryption." A Nikon spokesperson said the company is "constantly listening to the needs of an evolving market and considering photographer feedback, and we will continue to evaluate product features to best suit the needs of our users." And Fuji did not respond to several requests for comment by phone and email prior to publication. Trevor Timm, executive director of the Freedom of the Press Foundation, told ZDNet that it's "extremely disappointing the major camera manufacturers haven't even committed to investing resources into more research into this issue, let alone actually building solutions into their cameras." "Dozens of the world's best filmmakers made clear a year ago that camera companies -- in today's world -- have an obligation to build in a way for everyone to encrypt their files and footage to potentially help keep them safe," he added. "I hope the camera companies eventually listen to some of their most important and at-risk customers," he said. Article
  11. After a year of headline-grabbing ransomware campaigns, it looks like hackers are launching the attacks less frequently. Ransomware is malicious software that can lock up your files until you send hackers a ransom payment. It featured in the WannaCry attacks in May and the NotPetya attacks in June, both of which swept through hospitals, banks and governments in several countries. But after July, the rates of ransomware infections dropped sharply, according to a report from Malwarebytes. If the trend continues, it would mean a reprieve from an attack that targeted institutions where time is money, like banks, or where lives could hang in the balance, like hospitals. So why would hackers ditch one of their favorite attacks? It turns out that computer users have a really valuable tool against ransomware: backing up their files. That's according to Chris Boyd, a malware analyst at Malwarebytes, who told ZDNet that publicity around the major ransomware attacks probably helped educate people about how to avoid needing to pay by uploading files to the cloud or a backup device. "This alone, even without additional security precautions, effectively deadens the otherwise considerable sting of the threat," Boyd told ZDNet, a CNET sister site. The company sells a product that detects and blocks malicious software for businesses and regular computer users. That's not to say hackers aren't hacking. They've simply turned to other kinds of attacks to steal money, such as banking trojans and adware, both of which are old-school hacking tricks. Hackers are also still innovating. Adam Kujawa, director of malware intelligence at Malwarebytes, said the biggest trend he observed in December was the rise of "crypto-jacking." That's when websites you visit secretly use your computer's processing power to run a program that creates bitcoins. That lets hackers make money off your computer. And, Kujawa said, "it wears down resources really fast," slowing down your computer's performance. But hey, at least you can still access your files. Source: https://www.cnet.com/news/wannacry-notpetya-ransomware-hackers-2017-less-popular-malwarebytes/
  12. Web browsers are the main target for attacks targeting the recently disclosed Spectre vulnerability. For home systems, one could argue that web browsers are the major attack vector. Why? Because browsers connect to remote sites, and these sites may run JavaScript to exploit the vulnerability. Some browser makers pushed out patches fast. Mozilla and Microsoft did for instance whereas Google and the whole Chromium-based group of browsers are not patched yet. There are ways to mitigate the issue in Chrome and other Chromium-based browsers such as Opera or Vivaldi. To mitigate known attack forms, users or admins have to enable strict site isolation in the web browser to do so. While you can check whether your Windows operating system is vulnerable, you could not check whether your web browser is patched or vulnerable up until now. Web Browser Spectre Check This uncertainty is a thing of the past however as Tencent’s XUANWU Lab released an ONLİNE TESTER that checks whether web browsers are vulnerable to Spectre. Visit the Lab’s website to get started. You find a “click to check” button at the top that you need to activate to run the test. It does not take long to test browsers. Some checks complete almost right away while others take longer to complete and involve cache processing. Here is a quick list of tested browsers and their vulnerability status (always assume the latest version): Firefox — not vulnerable Firefox ESR — not vulnerable Internet Explorer 11 — not vulnerable Microsoft Edge — not vulnerable Pale Moon — not vulnerable Waterfox — not vulnerable Chromium (latest) — not vulnerable Google Chrome Canary — not vulnerable Google Chrome Stable — vulnerable* Opera Stable — vulnerable* Vivaldi Stable — vulnerable* *not vulnerable if you enable strict site isolation in the web browser. Tencent’s security team notes that a result of vulnerable means that Spectre-based attacks will work in the browser. A status of not vulnerable, however, does not necessarily mean that the browser is adequately protected. It is protected against a known attack, but it is possible that unknown attack methods may exist that can exploit the issue still. Closing Words While there is still a bit of uncertainty left after your browser tested as not vulnerable in the test, it is still reassuring that known attacks can’t exploit the vulnerability. A good defense against potential attacks is the disabling of JavaScript or scripts in general. This makes the web less usable, however. Now You: Is your browser vulnerable?
  13. Flaw exists in Transmission app and possibly other clients A major vulnerability in the Transmission BitTorrent app allows hackers to remotely control a vulnerable computer, and Google Project Zero researcher Tavis Ormandy says there’s a good chance the same security flaw exists in other clients as well. The bug resides in the feature that allows users to control BitTorrent clients from their browsers, and such functionality is available in the majority of apps, including Transmission. Ormandy says many users run this feature without a password because they believe physical access to the system is required to control it, but a hacker turning to a method called domain name system rebinding can hijack it and in the end get remote control of the computer. Loading a malicious site that hosts the code needed to exploit the vulnerability is all it takes for a hacker to get access to the system, and right now, it appears that both Google Chrome and Mozilla Firefox on Windows and Linux can be used as part of an attack. Transmission ignored the private disclosure The technical analysis of the vulnerability indicates that hackers can change the download directory of torrents and, at the same time, use Transmission to run commands when downloads come to an end. The worst thing about the vulnerability is that Transmission developers have until now ignored the private disclosure, with Ormandy explaining that he even included a patch to address the flaw when he first contacted the company. “I'm finding it frustrating that the transmission developers are not responding on their private security list, I suggested moving this into the open so that distributions can apply the patch independently. I suspect they won't reply, but let's see,,” the Google researcher said. “I've never had an open source project take this long to fix a vulnerability before, so I usually don't even mention the 90-day limit if the vulnerability is in an open source project. I would say the average response time is measured in hours rather months if we're talking about open source.” Security flaws discovered as part of the Project Zero program are typically disclosed after 90 days since the first report if the parent company does not issue a patch and sooner if a fix is released. This time, however, Ormandy decided to make the details public after only 40 days following Transmission’s failure to answer his disclosure. Source
  14. simplewall 2.0.19

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.0.19 (1 November 2017) new rules editor ui added highlighting rules with errors automatically sorting rules after changing added feature to set custom dns ipv4 server ("DnsServerV4" in .ini) added option to exclude blocklist rules from notifications show process information in statusbar on menu item hover optimized signature information retrieving from binaries updated localization fixed saving profile in some cases fixed parsing rules types (issue #70) fixed dns queries fixed ui bugs fixed bugs Downloads: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.0.19/simplewall-2.0.19-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.0.19/simplewall-2.0.19-bin.zip 566 Bytes simplewall-2.0.19-setup.sig 372 Bytes simplewall-2.0.19.sha256 Source code (zip) Source code (tar.gz)
  15. Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. Canvas blocking is an important addition to Firefox's user privacy protection measures, as canvas fingerprinting has been used for a long time by the advertising industry to track users. Canvas fingerprinting has become widespread in recent years The method has become widespread in recent years after the EU has forced websites to show cookie popups. Because canvas fingerprinting doesn't need to store anything in the user's browser, there are very few legal complications that come with it and this user tracking/fingerprinting solution has become a favorite among ad networks. Canvas fingerprinting works by loading a canvas HTML tag inside a hidden iframe and making the user's browser draw a series of elements and texts. The resulting image is converted into a file hash. Because each computer and browser draws these elements differently, ad networks can reliably track the user's browser as he accesses various sites on the Internet. Canvas fingerprinting is described in better detail in this 2012 research paper. Feature borrowed from the Tor Browser The Tor Browser has fixed this problem by blocking any website from accessing canvas data by default. The Tor Browser displays the following popup every time a site wants to access the canvas element. Tor Browser's canvas fingerprinting blocking system Based on an entry in the Mozilla bug tracker, engineers plan to prompt users with a site permission popup when a website wants to extract data from a < canvas > HTML element. This is similar to the permission shown when websites wish to access a user's webcam or microphone. Firefox 58 is scheduled for release on January 16, 2018. The second feature Firefox takes from the Tor Browser Canvas fingerprinting blocking is the second feature Mozilla engineers have borrowed from the Tor Project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts. Mozilla's efforts to harden Firefox are part of the Tor Uplift project, an initiative to import more privacy-focused feature from the Tor Browser into Firefox. The Tor Browser is based on Firefox ESR, and usually features flowed from Firefox to Tor, and not the other way around. In August 2016, Mozilla also blocked a list of URLs known to host fingerprinting scripts. Previous efforts to improve Firefox user privacy also included removing the Battery Status API. Source
  16. Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefox's built-in password management." Mozilla released the new extension for employee-use only at first, but users can install it by going to this or this links. Lockbox revamps Firefox's antiquated password management utility with a new user interface (UI). A new Firefox UI button is also included, in case users want to add a shortcut in their browser's main interface to open Lockbox without going through all the menu options. Support for a master password is included, helping users secure their passwords from unauthorized access by co-workers, family members, or others. There are no public plans on Lockbox's future at the moment, but Mozilla will most likely ship it with Test Pilot for some user testing before deciding if to deploy it in the stable branch. Firefox Test Pilot is a Firefox add-on that allows users to install, test, and vote on experimental features that may be added to Firefox in the future. Mozilla has tested several other Firefox features inside Test Pilot before [1, 2]. For example, Firefox's new built-in page screenshot utility — launched through Firefox 55 and 56 — was also tested via Test Pilot. At the moment, Mozilla engineers say Lockbox has only been tested on Firefox 57 and above and that installing on Firefox 56 or lower may not function at all. Also, there's no way to reset the Lockbox master password (at the moment). Source
  17. RabbitHole v0.1.2

    AES-256 encrypted file archive with any number of hidden volumes for plausible deniability. Encrypted file archive AES 256 (Rijndael block cipher) Bouncy Castle, trusted crypto Any number of hidden volumes Encrypted volumes indistinguishable from random data Plausible deniability Very small code base, easily inspected and audited Open source, free software (GNU GPL v3) Getting started Get started by downloading the latest release. For maximum security you may opt to download the source code and compile it yourself. How to use Check out the How To Use Introduction Inspired by TrueCrypt and similar software, this application offers serious encryption for your files through a command line tool for Windows. It's uses BouncyCastle 1.8.1, an acclaimed crypto library providing strong encryption. Because your file archive is first populated with random data, any encrypted volumes you create inside are indistinguishable from the random data. Thus there is no way to ascertain whether you have 0, 1, 2 or 20 volumes within your archive. This gives you plausible deniability, so that an adversary cannot prove or be sure that any encrypted volume exists. A typical way to use this is to create at least 2 volumes, one that you can safely decrypt and reveal should you be forced to, and one that contains your real secrets and which existence you can plausibly deny. For a cryptography tool to have any value we believe is has to be open source software, so users and experts can inspect the code and make sure no vulnerabilities or back doors exist. That is why this project is released under the open source GPLv3 lisence. For maximum security, download the source code, download the Bouncy Castle crypto library for C# and compile it yourself. How it works Q and A RabbitHole v. 0.1.2 To get started, download setup.exe, or download the source code if you want to compile it yourself. *Fixed bug with write permissions check. Downloads 2.43 MB setup.exe Source code (zip) Source code (tar.gz)
  18. Pirate Tor Browser Pirate Tor Browser is a bundle package of the Updated Tor client Vidalia, Updated FireFox Portable browser (with Updated foxyproxy addon) and some custom configs , all has been revamped and Updated , Self extracting archive For those wanting to reach torrent webpages they cant reach on a normal browser try the updated pirate browser.. portable.. you might have seen the first version that the pirate bay shared http://piratebrowser.com/ now its been updated and revamped.. better updated links added , updated and added some good extensions to hide yourself online , Pirate Tor Browser version 08 build 7.0.8 Better Pirate Browser version 07 build 56.0.2 - New Pirate.Tor.Browser.0.8.(7.0.8) Better Pirate Browser 0.7 (56.0.2) 27/10/2017 - New HOMEPAGE https://lilfellauk.wordpress.com/pirate-tor-browser/ Download - Pirate.Tor.Browser.0.8.(7.0.8): Site: https://mega.nz Sharecode[?]: /#!Z25lAD4T!2OPkWG4lTEqq7kgEyTNs33LmYXR573b-e4sbfeUHk_8 Download - Better Pirate Browser version 07 build 56.0.2: - New Site: https://mega.nz Sharecode[?]: /#!13ATGQ6L!YgDypu2bvimH6qXZFHdMiXdlePPm1KeFceUfUh8xfd4
  19. SecurityCheck is a program that searches for installed and running security programs on a user's computer. After it is finished, SecurityCheck will then display a log file that contains information about the security programs found on your computer and the status of security services such as Windows Firewall. The log file that SecurityCheck creates is broken down into different sections. These sections are: The Antivirus/Firewall Check section will contain information about antivirus programs that are installed on your computer and whether or not you have a firewall enabled. The Anti-malware/Other Utilities Check lists installed anti-malware programs as well as utility programs that include Java, Adobe Reader, and Flash. The Process Check section will list all of the running processes at the time the log was created. Security Check by glax24 is the Utility to quickly check for the presence of vulnerable applications Supported OS: Windows XP, Vista, 7, 8, 8.1, 10. Not depend on the bitness of the OS (thanks to Severnyj for testing) When you start you need administrator rights. Check the parameters: 1. User account control (UAC). 2. Service-Pak. 3. The version of IE. 4. Auto update of the OS. 5. Antivirus, firewall. 6. Java Version, Oracle Virtualbox. 7. Version of Adobe Flash Player, Adobe Shockwave Player, Adobe AIR. 8. Versions of Adobe Reader, Acrobat Reader, Foxit Reader. 9. Version Bonjour, iTunes. 10. Versions Of Silverlight, Skype. 11. Version of installed browsers (Chrome, Opera, Firefox, Yandex, Safari). 12. Versions of mail programs (The Bat, Thunderbird). 13. Checking the running processes of browsers. 14. Search the most common Adware programs. Additional settings for run. -! /htmllog creation of additional log to html. -! /program - adds a log of all installed programs. -! /unwanted - only search Adware. Changelog: Update 1. Added display of level UAC Update 1. Added check which Windows updates are installed Update 1. In the log attached shows the version of Windows 10 2. Changed the definition for the version of Windows 10 in xml 3. Fixed a bug in Windows 10 in the log was an empty string. Home: https://safezone.cc/resources/security-check-by-glax24.25/ Download: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheckH.exe create additional log to html For Example SecurityCheck.exe -! /htmllog The program created with the support of participants www.safezone.cc
  20. AES-256 encrypted file archive with any number of hidden volumes for plausible deniability. Encrypted file archive AES 256 (Rijndael block cipher) Bouncy Castle, trusted crypto Any number of hidden volumes Encrypted volumes indistinguishable from random data Plausible deniability Very small code base, easily inspected and audited Open source, free software (GNU GPL v3) Getting started Get started by downloading the latest release. For maximum security you may opt to download the source code and compile it yourself. How to use Check out the How To Use Introduction Inspired by TrueCrypt and similar software, this application offers serious encryption for your files through a command line tool for Windows. It's uses BouncyCastle 1.8.1, an acclaimed crypto library providing strong encryption. Because your file archive is first populated with random data, any encrypted volumes you create inside are indistinguishable from the random data. Thus there is no way to ascertain whether you have 0, 1, 2 or 20 volumes within your archive. This gives you plausible deniability, so that an adversary cannot prove or be sure that any encrypted volume exists. A typical way to use this is to create at least 2 volumes, one that you can safely decrypt and reveal should you be forced to, and one that contains your real secrets and which existence you can plausibly deny. For a cryptography tool to have any value we believe is has to be open source software, so users and experts can inspect the code and make sure no vulnerabilities or back doors exist. That is why this project is released under the open source GPLv3 lisence. For maximum security, download the source code, download the Bouncy Castle crypto library for C# and compile it yourself. How it works Q and A Initial release To get started, download setup.exe, or download the source code if you want to compile it yourself. Downloads 2.4 MB setup.exe Source code (zip) Source code (tar.gz)
  21. Of the many new features in Apple’s iOS 11—which hit your iPhone a few weeks ago—a tool called Core ML stands out. It gives developers an easy way to implement pre-trained machine learning algorithms, so apps can instantly tailor their offerings to a specific person’s preferences. With this advance comes a lot of personal data crunching, though, and some security researchers worry that Core ML could cough up more information than you might expect—to apps that you’d rather not have it. Core ML boosts tasks like image and facial recognition, natural language processing, and object detection, and supports a lot of buzzy machine learning tools like neural networks and decision trees. And as with all iOS apps, those using Core ML ask user permission to access data streams like your microphone or calendar. But researchers note that Core ML could introduce some new edge cases, where an app that offers a legitimate service could also quietly use Core ML to draw conclusions about a user for ulterior purposes. "The key issue with using Core ML in an app from a privacy perspective is that it makes the App Store screening process even harder than for regular, non-ML apps," says Suman Jana, a security and privacy researcher at Columbia University, who studies machine learning framework analysis and vetting. "Most of the machine learning models are not human-interpretable, and are hard to test for different corner cases. For example, it's hard to tell during App Store screening whether a Core ML model can accidentally or willingly leak or steal sensitive data." The Core ML platform offers supervised learning algorithms, pre-trained to be able to identify, or "see," certain features in new data. Core ML algorithms prep by working through a ton of examples (usually millions of data points) to build up a framework. They then use this context to go through, say, your Photo Stream and actually "look at" the photos to find those that include dogs or surfboards or pictures of your driver's license you took three years ago for a job application. It can be almost anything. 'It's hard to tell during App Store screening whether a Core ML model can accidentally or willingly leak or steal sensitive data.' Suman Jana, Columbia University For an example of where that could go wrong, thing of a photo filter or editing app that you might grant access to your albums. With that access secured, an app with bad intentions could provide its stated service, while also using Core ML to ascertain what products appear in your photos, or what activities you seem to enjoy, and then go on to use that information for targeted advertising. This type of deception would violate Apple's App Store Review Guidelines. But it may take some evolution before Apple and other companies can fully vet the ways an app intends to utilize machine learning. And Apple's App Store, though generally secure, does already occasionally approve malicious apps by mistake. Attackers with permission to access a user's photos could have found a way to sort through them before, but machine learning tools like Core ML—or Google's similar TensorFlow Mobile—could make it quick and easy to surface sensitive data instead of requiring laborious human sorting. Depending on what users grant an app access to, this could make all sorts of gray behavior possible for marketers, spammers, and phishers. The more mobile machine learning tools exist for developers, the more screening challenges there could be for both the iOS App Store and Google Play. Core ML does have a lot of privacy and security features built in. Crucially, its data processing occurs locally on a user's device. This way, if an app does surface hidden trends in your activity, and heartbeat data from Apple's Health tool, it doesn't need to secure all that private information in transit to a cloud processor and then back to your device. That approach also cuts down on the need for apps to store your sensitive data on their servers. You can use a facial recognition tool, for instance, that analyzes your photos, or a messaging tool that converts things you write into emojis, without that data ever leaving your iPhone. Local processing also benefits developers, because it means that their app will function normally even if a device loses internet access. iOS apps are only just starting to incorporate Core ML, so the practical implications of the tool remain largely unknown. A new app called Nude, launched on Friday, uses Core ML to promote user privacy by scanning your albums for nude photos and automatically moving them from the general iOS Camera Roll to a more secure digital vault on your phone. Another app scanning for sexy photos might not be so respectful. A more direct example of how Core ML could facilitate malicious snooping is a project that takes the example of the iOS "Hidden Photos" album (the inconspicuous place photos go when iOS users "hide" them from the regular Camera Roll). Those images aren't hidden from apps with photo access permissions. So the project converted an open-source neural network that finds and ranks illicit photos to run on Core ML, and used it to comb through test examples of the Hidden Photos album to quickly rate how salacious the images in it were. In a comparable real-world scenario, a malicious dev could use Core ML to find your nudes. Researchers are quick to note that while Core ML introduces important nuances—particularly to the app-vetting process—it doesn't necessarily represent a fundamentally new threat. "I suppose CoreML could be abused, but as it stands apps can already get full photo access," says Will Strafach, an iOS security researcher and the president of Sudo Security Group. "So if they wanted to grab and upload your full photo library, that is already possible if permission is granted." The easier or more automated the trawling process becomes, though, the more enticing it may look. Every new technology presents potential gray sides; the question now with Core ML is what sneaky uses bad actors will find for it along with the good. Article
  22. WiFi Password Remover 6.0

    WiFi Password Remover is the Free software to quickly recover and remove Wireless account passwords stored on your system. For each recovered Wi-Fi account, it displays following details, WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP) Password Type Password in Hex format Password in clear text Once recovered, you can either remove single or all of them with just a click. Before proceeding with deletion, you can also take a backup of recovered Wi-Fi password list to HTML/XML/TEXT/CSV file. Note: Wi-Fi Password Remover is not hacking or cracking tool as it can only help you to recover and remove your wireless config passwords stored on your system. One of the unique feature of this tool is that it can recover all type of Wi-Fi passwords including the ones which are not shown by 'Windows Wireless Manager', thus allowing you to remove all the hidden wireless passwords/profiles also. WiFi Password Remover is fully portable and works on both 32-bit & 64-bit platforms starting from Windows Vista to new Windows 10 version. Ad-Supported Version 6.0 : 25th Oct 2017 Mega 2017 release with the enhanced Wi-Fi Security settings details. Also added right click menu option to quickly copy both Hex & Text Password. Website: http://securityxploded.com/wifi-password-remover.php Features & Benefits Installation & Uninstallation How to Use? Screenshots Release History Download or Download
  23. Hi, this is the new beta! Yandex just Added more security features It can protect the browser form almost everything! High-quality browser Give it a try The objects of protection: the file browser your browser settings extensions user data (credit card numbers, pins, bookmarks, browsing history) confidential information (passwords, keyboard input, screen contents, etc.) other resources of the browser, affecting its security operating system settings that affect browser security Threats, which protects the module change the files of the browser extension and third-party applications (can be embedded malicious code); theft of user data (passwords, credit card numbers, bookmarks, browsing history); the interception or substitution of downloaded and sent data (MITM attack); any unauthorized changes to browser settings such as default search or security settings; the withdrawal of the application screenshots (used to collect user information); record the application sequence of keystrokes on the keyboard (used to steal passwords); unauthorized removal of the browser or module protection third-party applications. How protection works The protection module is installed with the browser but is a separate application. It only takes a small amount of virtual memory that protects all the user's browser and works even when the browser is closed. The module uses the technology of HIPS. It monitors and warns of potentially dangerous activity programs in the operating system. If the application performs an action that threatens the integrity of the browser protection module blocks the action and reports it. Download it from here Download Yandex Browser (beta) It's beta but stable and reliable. Source Lite - Online Installer: Win (1.3 MB): https://cache-mskdataline01.cdn.yandex.net/download.yandex.ru/browser/beta-custo-int/en/lite/Yandex.exe Standalone Direct links: Win (66.1 MB): https://cache-mskdataline02.cdn.yandex.net/download.cdn.yandex.net/browser/beta-custo-int/en/Yandex.exe Mac (65.3 MB): https://cache-mskdataline11.cdn.yandex.net/download.cdn.yandex.net/browser/beta-custo-int/en/Yandex.dmg Linux - deb x64 (63.7 MB): https://cache-mskdataline03.cdn.yandex.net/download.cdn.yandex.net/browser/yandex/ru/beta/Yandex.deb Linux - rpm x64 (63.5 MB): https://cache-mskdataline05.cdn.yandex.net/download.cdn.yandex.net/browser/yandex/ru/beta/Yandex.rpm
  24. The by default highly questionable set options concerning privacy and data protection in Windows 10 brought me to the idea for the development of this little program. Microsoft generously enables everybody to change the concerning settings, but hides them in countless menus, where a normal user does not want to search for! The program should therefore be a help, to display the available settings relatively clearly and to set the desired options if necessary. The primary focus is on settings for Windows 10 and its apps (for example the new browser "Edge"). The program will be expanded gradually, if possible and available, with the corresponding Windows 8.1 features in the future. W10Privacy is certainly no programming masterpiece, but meets my envisaged purpose. The software is still in an early development phase: suggestions and requests will be gladly accepted and considered, if necessary, in the further development! Manual/Instructions + Screenshots - EN Manual/Instructions + Screenshots - DE Changes in (20.10.2017) - The list of telemetry-IP addresses contained two invalid IP-addresses, which meant that the Firewall-rule 19 was not. Homepage Download page Download SHA1-Hash: 29bcc435bd37084566e08a26ebe2a9c78e009397 SHA256-Hash: e40d69a70cf7aeb35dc4d2b1f567b4edaecb10afdd94173980011e8ed9f5c92a .paf Portable Online Installer by @Geez - Updated - New Due to constant changes to download path by developers, updated the installer to read the last number added to the download page to get the latest version. The last installer was unable to get the last version. First screen enter: 1508535683 Site: https://www.upload.ee Sharecode[?]: /files/7578959/W10Privacy_Portable_x.x_Rev1_Multilingual_Online.exe.html
  25. Windscribe VPN 1.80 Build 28 Stable Internet As It Should Be Windscribe is a desktop application and browser extension that work together to block ads and trackers, restore access to blocked content and help you safeguard your privacy online. Learn More. What's New: https://blog.windscribe.com/windscribe-1-80-changelog-bdc9183bcac4 We’ve been working on this version for quite a while, existing installations should prompt you to update the app over the next 48 hrs. Here is what’s new. Changelog: New features LAN proxy gateway — https://windscribe.com/features/proxy-gateway Secure Hotspot (Experimental) — https://windscribe.com/features/secure-hotspot Variable location drawer height Auto login after signup Ability to choose NDIS5 TAP driver Upgrade to OpenVPN 2.4.x with 2.3.x fallback Service notifications Show Pro data-centers to free users Location latency tool-tips added to signal bars Fixed bugs Always on firewall not working on OS boot on some machines Application crashes after connection attempts are exceeded with “minimize to tray” option checked Application freeze with firewall ON requires reboot API calls not made if app starts with no Internet connectivity Custom installation now allows for non-standard install path Auto-enable disabled TAP adapter 100% CPU when app starts with no Internet connectivity Don’t try UDP protocol if system proxy is configured Constant application window size on variable DPI screens Login form DPI bug On multi-screen computers, tool-tips show on primary monitor Other Changes Leave firewall ON if ran out of free bandwidth to prevent IP leak Increase reconnect timeout from 5 min to 1 hour Server list source changed Moved server location update process to separate thread Only do ping tests while disconnected Update available UI change Output installed anti-virus software into debug log for troubleshooting Open survey on application uninstall Installer command line arg support Black and white top bar icon on MacOS Ping nodes in batches instead of all at the same time Allow for verbose OpenVPN logging via Advanced Parameters screen When beta channel is selected, check for updates right away To-do list for next version: IKEv2 protocol support Emergency Connect Firewall whitelisting overhaul Command line interface Wakeup from hibernation fix Add disconnecting state Async DNS resolver Browser Extensions — New Features Downloads: Windscribe for Your Computer: Windscribe for Your Browser: Windscribe for Your Phone: Windscribe for Your Router: