Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'security'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 971 results

  1. Cerber Ransomware Switches To .CERBER3 Extension For Encrypted Files A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version. The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below. Encrypted Files Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url. The previous Cerber version had also sent UDP packets to the 31.184.235.0/24 range of IP addresses. This version appears to be using the 31.184.235.0/24 range for statistical purposes. As this version is further analyzed, more information may become available. When this happens, I will be sure to update this article. Source
  2. End-to-end encryption is the new security mantra, but how far will you go to foil the thought police? It's difficult to maintain a healthy level of paranoia when some days it feels like we're living in a gritty reboot of 1984. Revelations of western security agencies systematically spying on their own citizens have driven many people to embrace personal encryption tools, yet at the same time social media has bred a generation of oversharers who seem happy to trade their privacy for magic beans. Some people wear tin foil hats to avoid government mind probes, while others write their passwords on post-it notes for all the world to see. Most of us sit somewhere in the middle, swinging between vigilance and complacency as we navigate the challenges of modern technology. Nothing to hide? It's often said that if you've got nothing to hide then you've got nothing to fear, but that's a dangerous attitude. It downplays legitimate fears and makes it easier for the powers that be to gradually erode civil liberties to the point where we all have something to fear – at which point it's too late. So where do you draw your own line in the sand? I think you need to start by defining the problem; exactly what are you afraid of, realistically what's the likelihood of those things happening to you, and how serious are the consequences if they do? Once you have level-headed answers to these questions you can start to think about the best precautions. These days the words "privacy" and "security" are almost used interchangeably, they're closely related but they don't quite mean the same thing. The way I see it, security is the reason you lock your front door at night, while privacy is the reason you draw the curtains. You can also break data security into two components; keeping your files locked away so others can't get them (let's call this "data security"), and keeping your files safe so you don't lose them (let's call this "data integrity"). Data security requires strong locks, while data integrity requires a robust backup regime. Everything to lose? To be honest I'm primarily concerned about data integrity, followed by security and finally privacy. In most cases losing a file would be much worse than it falling into the wrong hands. Technical disasters are my biggest realistic threat and the consequences could be significant, which is why I'm so paranoid when it comes to maintaining multiple backup systems. Backups aside, realistically I'm more concerned about hackers breaking into my computer and data, perhaps as part of a ransomware attack, than I am concerned about government spooks rummaging through my digital life. Keep in mind that spooks don't necessarily "break" into your accounts, instead they tend to slip in the back door. You might have different priorities, but I primarily focus on sensible security precautions like healthy password habits and employing extra security precautions such as two-factor authentication and Virtual Private Networks when using an untrusted connection. If I was more concerned about privacy I'd place a greater emphasis on issues like end-to-end encryption for email, browsing and instant messaging, in order to keep my communications and other activities safe from prying eyes. Everyone onboard? Of course poor privacy can be a security threat, and vice versa, which is why I'm starting to evaluate secure communications services. There are plenty of options, from PGP-based email encryption like Witopia's SecureMyEmail to encrypted instant messaging tools like Signal, which is adding secure video calls. The trouble is that the person on the other end of the conversation also needs to use these tools in order for you to communicate securely – which is a problem if most of the people that you deal with aren't as concerned about security as you are. Like communications tools in general, your secure comms ecosystem can become a fragmented mess – perhaps making it more trouble than it's worth. What do you see as the most significant threats to your data privacy, security and integrity? What precautions have you taken to stay safe? Ref: < http://www.smh.com.au/technology/gadgets-on-the-go/how-paranoid-is-too-paranoid-when-it-comes-to-privacy-and-security-20170216-guf0h1.html >
  3. Researchers Develop Cross-Browser Fingerprinting Technique Researchers have developed a cross-browser fingerprinting technique that uses operating system and hardware level features. Fingerprinting has been limited for the most part to individual web browsers in the past. If a user switched browsers regularly, fingerprinting could not be used to link the user to these browsers. Fingerprinting tests like the Electronic Frontier Foundation's Panopticlick or BrowserPrint, try to gather data about the browser and underlying operating system. They use all the data to create a fingerprint of the browser/computer combination, and may be able to do the same in future sessions. Cross-browser fingerprinting was out of the picture up until now. While other methods existed to track users across browsers, for instance by requiring them to sign into accounts to use a service or recording IP addresses, no fingerprinting method came close to providing a working solution. Cross-browser fingerprinting The researchers who published the research paper (Cross-)Browser Fingerprinting via OS and Hardware Level Features think that they have found a way. They have created an online service that demonstrates the fingerprinting technique. It is called Unique Machine, and works on any device that supports JavaScript. A click on Get My Fingerprint starts the process. It works, if JavaScript is enabled, and if connections to a few sites are allowed. The scan takes a couple of seconds to complete. The result is a browser fingerprint, and also a computer fingerprint; the latter is not finalized yet and still in development. You may hit the details button on the Unique Machine website for the list of tested cross-browser features. The following features are tested currently: Time Zone. Number of CPU Cores. Fonts. Audio. Screen Ratio and depth. WebGL. Ad Blocking. Canvas. Cookies. Encoding. GPU. Hash values of GPU rendering results. Language. Plugins. The idea is now that you will get similar results when you use a different browser on the same system to run the fingerprinting test a second time. The researchers state that the technique identified 99.2% of users correctly. The sample size is a bit small, 1903 users and 3615 fingerprint samples. I ran tests on a machine using different browsers, and results were mixed. The computer fingerprint was identical when I ran the fingerprinting test in Chrome, Chrome Canary and Vivaldi, but different in Firefox and Edge. The three browsers the hash was identical in are all based on Chromium. This is probably the reason why the fingerprint was identical. The source code of the cross browser fingerprinting site is available on GitHub. Now You: Did you cross-browser fingerprinting work on your devices? Source
  4. Microsoft Edge Browser Accused of Displaying Fake News in New Tabs News outlet partnership go wrong for Edge users All the news is delivered by MSN with help from news outlets across the world, and while at first glance everything should be pretty helpful for users, it turns out that the browser is suffering from an issue that the Internet is trying to deal with as we speak: fake news. A number of users have turned to the built-in Windows 10 Feedback Hub app to complain about what they claim to be fake news displayed in Microsoft Edge, explaining that the balanced news that they should find in the browser do not exist and most sources are trying to give articles a certain spin that shouldn’t be there. “I have been disgusted to read such clearly slanted stories. I would prefer to read news reports that allowed me to draw my own conclusions that did not seem intent on spinning the news in one direction or another. It is time that you offered BALANCED news instead of relying on your partnerships with news outlets that clearly have an agenda in their news reporting,” one such comment reads. Microsoft still tightlipped Microsoft Edge does not allow users to edit news sources, but only to choose the categories they want to receive articles for, so there’s no way to deal with the alleged fake news without the company’s own tweaks. Of course, Microsoft Edge does not deliberately spread fake news, and if this is indeed happening, it’s only the fault of the sources that the browser is configured to use to show articles in the start page and in new tabs. Microsoft, however, hasn’t said a single thing until now and is yet to respond to the suggestion posted in the Feedback Hub, so it remains to be seen if the company gives more power to users to configure news sources or if the company itself removes sources involved in spreading fake news. Source
  5. Microsoft’s Obscure ‘Self Service for Mobile’ Office Activation Microsoft requires a product activation after installing. Users of Microsoft Office currently are facing trouble during telephone activation. After dealing with this issue, I came across another obscure behavior, Microsoft’s ‘Self Service for Mobile’ solution to activate Microsoft Office via mobile devices. Microsoft describes how to activate Microsoft Office 2013, 2016 and Office 365 within this document. There are several possibilities to activate an installed product, via Internet or via Telephone for instance. Activation by phone is required, if the maximum Internet activation threshold is reached. But Office activation by phone fails Within my blog post Office Telephone activation is no longer supported error I’ve addressed the basis issue. If a user re-installs Office, the phone activation fails. The activation dialog box shows the message “Telephone activation is no longer supported for your product“. Microsoft has confirmed this issue for Office 2016 users having a non subscriber installation. But also users of Microsoft Office 2010 or Microsoft Office 2013 are affected. A blog reader posted a tip: Use Mobile devices activation… I’ve posted an article Office 2010: Telefonaktivierung eingestellt? – Merkwürdigkeit II about the Office 2010 telephone activation issue within my German blog, back in January 2017. Then a reader pointed me within a comment to a Self Service for Mobile website. The link http: // bit.ly/2cQPMCb, shortened by bit.ly, points to a website https: // microsoft.gointeract.io/mobileweb/… that provides an ability to activate Microsoft Office (see screenshot below). After selecting a 6 or 7 Digits entry, an activation window with numerical buttons to enter the installation id will be shown (see screenshots shown below). The user has to enter the installation id and receives the activation id – plain and simple. Some users commented within my German blog, that this feature works like a charm. Obscurity, conspiracy, oh my God, what have they done? I didn’t inspect the posted link until writing last Fridays blog post Office Telephone activation is no longer supported error. My idea was, to mention the “Self Service for Mobile” page within the new article. I managed to alter the link to direct it to the English Self Service for Mobile language service site. Suddenly I noticed, that both, the German and also the English “Self Service for Mobile” sites uses https, but are flagged as “unsecure” in Google Chrome (see the screenshot below, showing the German edition of this web page. The popup shown for the web site „Self Service for Mobile“ says, that there is mixed content (images) on the page, so it’s not secure. That catches my attention, and I started to investigate the details. Below are the details for the German version of the web site shown in Google Chrome (but the English web site has the same issues). First of all, I noticed, that the „Self Service for Mobile“ site doesn’t belongs to a microsoft.com domain – in my view a must for a Microsoft activation page. Inspecting the details, I found out, the site contains mixed content (an image contained within the site was delivered via http). The content of the site was also delivered by Cloudflare (I’ve never noticed that case for MS websites before). The image flagged in the mixed content issue was the Microsoft logo, shown within the sites header, transferred via http. The certificate was issued by Go Daddy (an US company) and ends on March 2017. I’ve never noticed, that Go Daddy belongs to Microsoft. I came across Go Daddy during analyzing a phishing campaign months ago. A compromised server, used as a relay by a phishing campaign, has been hosted (according to Whois records) by Go Daddy. But my take down notice send to Go Daddy has never been answered. That causes all alarm bells ringing in my head, because it’s a typical behavior used in phishing sites. Also my further findings didn’t calm the alarm bells in my head. The subdomain microsoft used above doesn’t belongs to a Microsoft domain, it points to a domain gointeract.io. Tying to obtain details about the owner of gointeract.io via WhoIs ended with the following record. Domain : gointeract.io Status : Live Expiry : 2021-03-14 NS 1 : ns-887.awsdns-46.net NS 2 : ns-1211.awsdns-23.org NS 3 : ns-127.awsdns-15.com NS 4 : ns-1980.awsdns-55.co.uk Owner OrgName : Jacada Check for 'gointeract.sh' --- http://www.nic.sh/go/whois/gointeract.sh Check for 'gointeract.ac' --- http://www.nic.ac/go/whois/gointeract.ac Pretty short, isn’t it? No Admin c, no contact person, and Microsoft isn’t mentioned at all, but the domain has been registered till 2021. The Owner OrgName Jacada was unknown to me. Searching the web didn’t gave me more insights at first. Overall, the whole site looks obscure to me. The tiny text, shown within the browser’s lower left corner, was a hyperlink. The German edition of the „Self Service for Mobile“ site opens a French Microsoft site – the English site opens an English Microsoft site. My first conclusion was: Hell, I was tricked by a phishing comment – somebody set up this site to grab installation ids of Office users. So I deactivated the link within the comment and I posted a warning within my German blog post, not to use this „Self Service for Mobile“ site. I also tried to contact the user, who has posted the comment, via e-mail. … but “Microsoft” provides these links … User JaDz responded immediately in an additional comment, and wrote, that the link shortened via bit.ly has been send from Microsoft via SMS – after he tried the telephone activation and selected the option to activate via a mobile device. I didn’t noticed that before – so my conclusion was: Hell, this obscure „Self Service for Mobile“ site is indeed related to Microsoft. Then I started again a web search, but this time with the keywords Jacada and Microsoft. Google showed several hits, pointing to the site jacada.com (see screenshot below). It seems that Jacada is a kind of service provider for several customers. I wasn’t able to find Microsoft within the customer reference. But I know, that Microsoft used external services for some activities. Now I suppose, that somebody from Jacada set up the „Self Service for Mobile“ activation site. The Ajax code used is obviously able to communicate with Microsoft’s activation servers and obtain an activation id. And Microsoft’s activation mechanism provides an option to send the bit.ly link via SMS. Closing words: Security by obscurity? At this point I was left really puzzled. We are not talking about a startup located within a garage. We are having dealing with Microsoft, a multi billion company, that claims to run highly secured and trustable cloud infrastructures world wide. But what’s left, after we wipe of the marketing stuff? The Office activation via telephone is broken (Microsoft confirmed that, after it was reported by customers!). As a customer in need to activate a legal owned, but re-installed, Microsoft Office is facing a nasty situation. Telephone activation is refused, the customers will be (wrongly) notified, that this option is no longer supported. Internet activation is refused due “to many online activations” – well done. But we are not finish yet. They set up a „Self Service for Mobile“ activation site in a way, that is frequently used by phishers. They are sending links via SMS to this site requesting to enter sensitive data like install ids. A site that is using mixed content via https, and is displaying an activation id. In my eyes a security night mare. But maybe I’ve overlooked or misinterpreted something. If you have more insights or an idea, or if my assumptions a wrong, feel free, to drop a comment. I will try to reach out and ask Microsoft for a comment about this issue. Article in German Source Alternate Source reading - AskWoody: Born: Office activation site controlled by a non-Microsoft company
  6. Ghacks.net Firefox Privacy And Security user.js 0.11 Is Out The most comprehensive Firefox privacy and security settings collection has been updated to version 0.11 to take into account changes in newer versions of Firefox. Ghacks champion Pants created the initial list in 2015, and has been on it ever since that day with help of others including earthling and Tom Hawack. The new user.js file replaces the old one. The download includes the user.js file, the changelog, and two HTML documents that lists all preferences, information and comments. You are probably wondering what is new in version 0.11 of the file. First of all, the preferences have been updated to take into account changes in Firefox. Mozilla has added, changed or removed preferences since the last release of the Ghacks user.js file. Apart from that, there are new sections that you may find interesting. There are new sections for Service Workers, First Party Isolation, Fingerprint resisting and Tor uplift. The add-ons section has been filled with links to recommended add-ons on top of that. Some fun stats about the latest privacy and security user.js file: The list features a total of 464 preferences of which 48 are commented out. 33 items contain warnings. The file links to 71 http and 243 https resources for research Click here to open the original article that has been updated with the new information, or download the new user.js file directly with a click on the following link: user.js-ghacks-0.11.zip Here is the change log: Added 2300: NEW SECTION for Service Workers (items renumbered from other sections) 2698: NEW SECTION for FPI (First Party Isolation) - commented out, it's not ready yet to go prime time 2699: NEW SECTION for privacy.resistFingerprinting (was 2630) 9998: NEW SECTION for To Investigate - Tor Uplift : APPENDIX B for Add-ons Renumbered sections 9996: PALE MOON, section renumbered and no longer maintained 9997: DEPRECATED Moved 2302: was 1012 dom.caches.enabled .. ALL the stuff in the 2300s were moved there, some are new 2301+2303+2304: were 2432+2430+2431 respectively, also new prefs 1216: was 2609 insecure active content 1217: was 2610 insecure passive content 2024: was 3014 media.mediasource.webm.enabled : some other numbers may have been reused, moved Deprecated Loads of them, just look in the deprecated section, its in order of version dropped, then number. Added 0101: browser.laterrun.enabled 0301: app.update.silent and app.update.staging.enabled 0336: browser.selfsupport.enabled (also merged 0371 with this) 0374: social.enabled 0376: FlyWeb 0380: Sync 0402: Kinto 0410: the entire section: many prefs deprecated, replaced with others, new section 0410g 0421: privacy.trackingprotection.ui.enabled 0440: mozilla flash blocklisting 0608: network.predictor.enable-prefetch 0818: taskbar preview 0819: browser.urlbar.oneOffSearches 0820: disable search reset 0907: force warnings for logins on non-secure sites 0908: browser.fixup.hide_user_pass 0909: signon.formlessCapture.enabled 1012: browser.sessionstore.resume_from_crash (note: old number was moved to 2300s) 1209: TLS extra prefs to control min and max and fallback versions 1213: cyphers disable 3DES 1214: cyphers disable 128 bit ecdhe 1215: disable MS Family Safety cert 1218: HSTS Priming 1219: HSTS preload 1220: disable intermediate CA caching 1408: gfx.font_rendering.graphite.enabled 1602: returned DNT (do not track) from deprecated 1808: disable audio auto-play in non-active tabs 1820+1825+1830+1840+1850: revamp, additions etc to GMP, DRM, OpenH264, Widevine, EME 2001: media.navigator.video.enabled 2001a: media.peerconnection.ice.no_host 2011: webgl.enable-debug-renderer-info 2012: webgl.dxgl.enabled + webgl.enable-webgl2 2022: extra prefs for screensharing 2024: MSE (Media Source Extensions) 2025: enable/disable media types 2026: disable canvas capture stream 2027: disable camera image capture 2028: disable offscreen canvas 2403: dom.allow_cut_copy 2415b: limit events that can cause a popup 2425: disable Archive API 2450: offline data storage 2504: new vr prefs 2510: Web Audio API 2511: media.ondevicechange.enabled 2627: revamped section from a single pref about build ID into all your UA/Navigator objects 2628: browser.uitour.url 2650: e10s stuff, never used by me, may be obsolete as e10s rollout changes with each release 2651: control e10s number of container processes 2652: enable console e10s shim warnings 2660: browser.tabs.remote.separateFileUriProcess 2662: browser.download.forbid_open_with 2663: MathML 2664: DeviceStorage API 2665: sanitize webchannel whitelist 2666: HTTP Alternative Services 2667: devtools.chrome.enabled 2668: extension directory lockdown 2669: strip paths when sending URLs to PAC scripts 2670: security.block_script_with_wrong_mime 2671: svg.disabled (FF53+) 2706: Storage API 2707: clear localStorage when a WebExtension is uninstalled 2803a: privacy.clearOnShutdown.openWindows 2804a: privacy.cpd.openWindows 2805: privacy.sanitize.timeSpan 3022: hide recently bookmarked items 3023: browser.migrate.automigrate.enabled Appendix A: new test sites: Browserprint, HTML Security, Symantec, AudioContext, HTML5, Keyboard Events, rel=noopener Appendix A: new section:; 5 Safe Browsing, Tracking Protection tests Changed : custom pref renamed and configured as the Monty Python parrot : custom pref expanded to each section with euphemisms for the parrot's demise 1211: SHA-1 variables/definitions have been changed by mozilla, recommeneded value has changed 2201: dom.event.contextmenu.enabled is now active 2404: dom.indexedDB.enabled - i turned this on and use an extension to toggle it on and off for sites 2421: two javascript.options now commented out, the performance loss isn't worth it : some other prefs may have been turned on/off Deleted 3019: network.proxy.type - it is not my place to control end users connections/proxies/vpns etc Source
  7. Lately, I have been collecting IoT security and privacy guidelines. Here's everything I've found: "Internet of Things (IoT) Broadband Internet Technical Advisory Group, Broadband Internet Technical Advisory Group, Nov 2016. "IoT Security Guidance," Open Web Application Security Project (OWASP), May 2016. "Strategic Principles for Securing the Internet of Things (IoT)," US Department of Homeland Security, Nov 2016. "Security," OneM2M Technical Specification, Aug 2016. "Security Solutions," OneM2M Technical Specification, Aug 2016. "IoT Security Guidelines Overview Document," GSM Alliance, Feb 2016. "IoT Security Guidelines For Service Ecosystems," GSM Alliance, Feb 2016. "IoT Security Guidelines for Endpoint Ecosystems," GSM Alliance, Feb 2016. "IoT Security Guidelines for Network Operators," GSM Alliance, Feb 2016. "Establishing Principles for Internet of Things Security," IoT Security Foundation, undated. "IoT Design Manifesto," www.iotmanifesto.com, May 2015. "NYC Guidelines for the Internet of Things," City of New York, undated. "IoT Security Compliance Framework," IoT Security Foundation, 2016. "Principles, Practices and a Prescription for Responsible IoT and Embedded Systems Development," IoTIAP, Nov 2016. "IoT Trust Framework," Online Trust Alliance, Jan 2017. "Five Star Automotive Cyber Safety Framework," I am the Cavalry, Feb 2015. "Hippocratic Oath for Connected Medical Devices," I am the Cavalry, Jan 2016. "Industrial Internet of Things Volume G4: Security Framework," Industrial Internet Consortium, 2016. "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products," Cloud Security Alliance, 2016. Other, related, items: "We All Live in the Computer Now," The Netgain Partnership, Oct 2016. "Comments of EPIC to the FTC on the Privacy and Security Implications of the Internet of Things," Electronic Privacy Information Center, Jun 2013. "Internet of Things Software Update Workshop (IoTSU)," Internet Architecture Board, Jun 2016. "Multistakeholder Process; Internet of Things (IoT) Security Upgradability and Patching," National Telecommunications & Information Administration, Jan 2017. They all largely say the same things: avoid known vulnerabilities, don't have insecure defaults, make your systems patchable, and so on. My guess is that everyone knows that IoT regulation is coming, and is either trying to impose self-regulation to forestall government action or establish principles to influence government action. It'll be interesting to see how the next few years unfold. If there are any IoT security or privacy guideline documents that I'm missing, please tell me in the comments. EDITED TO ADD: Documents added to the list, above. By Bruce Schneier https://www.schneier.com/blog/archives/2017/02/security_and_pr.html
  8. NOD32 Antivirus & ESET Smart Security v8.0.319.0 English Silent Note: Update: - Excluded a new site that TNod use Credits to Cerberus (Scripting Help) ESET NOD32 Antivirus: 32Bit (Size: 70.6 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/1RCBMOLD/ESET_NOD32_Antivirus_v8.0.319.0_32Bit.zip_links 64Bit (Size: 79.9 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/07MFNOKR/ESET_NOD32_Antivirus_v8.0.319.0_64Bit.zip_links ESET Smart Security 32Bit (Size: 77.7 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/OLZAEFQI/ESET_Smart_Security_v8.0.319.0_32Bit.zip_links 64Bit (Size: 88 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/17IRIU9W/ESET_Smart_Security_v8.0.319.0_64Bit.zip_links ESET NOD32 Antivirus & ESET Smart Security v9.0.386.0 English Silent Note: Update: - Updated to v9.0.386.0 - Added a new key ESET NOD32 Antivirus: 32Bit (Size: 88.5 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/0PIHCVWO/ESET_NOD32_Antivirus_v9.0.386.0_32Bit_Silent.zip_links 64Bit (Size: 92.4 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/AFKOXL3O/ESET_NOD32_Antivirus_v9.0.386.0_64Bit_Silent.zip_links ESET Smart Security 32Bit (Size: 98.3 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/0QJWT5U1/ESET_Smart_Security_v9.0.386.0_32Bit_Silent.zip_links 64Bit (Size: 102 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/1PHMCQKT/ESET_Smart_Security_v9.0.386.0_64Bit_Silent.zip_links ESET NOD32 Antivirus & ESET Internet Security & ESET Smart Security v10.0.390.0 English Silent Note: A Video To See How Silent Work ESET NOD32 Antivirus: 32Bit (Size: 91 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/B5CEPJLE/ESET_NOD32_Antivirus_v10.0.390.0_32Bit_Silent.zip_links 64Bit (Size: 95.5 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/ELMJLG5D/ESET_NOD32_Antivirus_v10.0.390.0_64Bit_Silent.zip_links ESET Internet Security 32Bit (Size: 97.9 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/1OPFSSTM/ESET_Internet_Security_v10.0.390.0_32Bit_Silent.zip_links 64Bit (Size: 103 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/Z9GBWYC1/ESET_Internet_Security_v10.0.390.0_64Bit_Silent.zip_links ESET Smart Security 32Bit (Size: 98.3 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/0EVEXTZJ/ESET_Smart_Security_v10.0.390.0_32Bit_Silent.zip_links 64Bit (Size: 103 MB) Site: http://www.mirrorcreator.com Sharecode[?]: /files/8BKTB8LU/ESET_Smart_Security_v10.0.390.0_64Bit_Silent.zip_links Additional info for v9 & v10:
  9. Microsoft Re-Releases Snooping Patches KB 2952664, KB 2976978 Earlier versions of the Win7 and 8.1 patches kicked off enhanced snooping routines, and there's no indication what's changed in these versions We don't know what KB 2952664 (for Windows 7) and KB 2976978 (for Windows 8.1) actually do. But both patches have been shown in the past to trigger a new Windows task called DoScheduledTelemetryRun. The patches appeared in the Automatic Update chute earlier todayas Optional, so they won't be installed unless you specifically check and install them. But in the past, the Optional versions have been converted rapidly to Recommended, and thus installed on most machines. The last release of KB 2952664 went from Optional to Recommend in a week. Microsoft's descriptions of the patches are quite bland: GWX, of course, is Microsoft's malware-like "Get Windows 10" campaign that plagued Windows 7 and 8.1 users last year. I last wrote about the patches on Oct. 5, 2016: The revision dates on the KB articles don't instill any confidence. When I wrote about KB 2952664 last October, I noted that the KB article was up to revision 25, dated Oct. 4, 2016. The current KB article, dated Feb. 9, 2017, is at revision 11. I have no idea what's up. Why is Microsoft releasing this CEIP diagnostic program on a Thursday? Why isn't it being held for next Tuesday's Monthly Rollup? Why does it fall outside the announced schedule of Security Only and Monthly Rollup patches? Why did the revision numbers change? But I do know that earlier versions of these patches triggered new snooping scans, whether the Customer Experience Improvement Program is enabled or not. And I do know that Microsoft hasn't documented much at all. Discussion continues on the AskWoody Lounge. AskWoody Lounge - Comments Source Alternate Source: Windows KB2652664 And KB2976978 Telemetry Updates Re-Released (Again)
  10. AppFalcon - 1 Year[365 Days] Unlimited PC License Promo by Orman Kuza Overview: UNINSTALL STUBBORN PROGRAMS! FORCE DELETE ANY FILE! Get rid of all installed CrApps See better alternatives with AppFalcon® Get rid of all installed CrApps, see alternatives, remove malware, update your apps to stay secure online! Features: Uninstall Any Program - Can remove any leftovers created by programs “Deletes what other tools can’t” - FORCIBLY DELETE ANY FILE, “UNINSTALLS AND DELETES PROGRAMS LIKE NO OTHER TOOL” Get better alternatives - Save Money on Software: GET HAND-PICKED ALTERNATIVES, REMOVE CRAPPS Detect and Remove CrApps Force Removal Improve PC Security 24/7 e-mail support More Info: Product Homepage, FAQ, Privacy Policy Supported OS: 32-bit and 64-bit versions of Windows Vista; Windows 7; Windows 8; Windows 8.1, and Windows 10. AppFalcon not only supports 32-bit and 64-bit operating systems but it supports them natively. This means that it uses the full potential of 64-bit on Windows x64 and 32-bit on Windows x86. Links: Offer: https://www.ormankuza.com/AppFalcon/giveaway/ Note: Limited Period Offer. Expires by 12 February 2017. Current Status: Open. Terms: Unlimited PC License - Can be installed in any number of devices. Personal Use Only. You'll receive free updates during the term of the license. 24/7 e-mail support. Steps: Visit the above promotional page and scroll-down to locate the request form. Enter your name and email and Click on "Request License". After receiving a registration email, you'll get another email with the license key details within 24 hours. FYI: Mostly within 2-3 or 5 hours. Install and Activate ASAP. To enter license and activate, just go to the upright corner of the application and click on the “?” (question mark). Downloads: AppFalcon v2.1.0.8 - Size: 7.0 MB: https://www.ormankuza.com/instantdelivery/afsetup.exe
  11. Introduce Logjam, POODLE, CRIME and other vulnerabilities. Popular security products such as anti-viruses and middleboxes put customers at risk through poor transport layer security (TLS) interception implementations, researchers have found. A group of researchers from United States universities as well as tech companies Google, Mozilla, and Cloudflare tested middleboxes - which act as network proxies for traffic analysis and content filtering - from A10, Blue Coat, Barracuda, CheckPoint, Cisco, Fortinet, Juniper, Microsoft, Sophos, Untangle, and WebTitan. All but the BlueCoat device weakened connection security and introduced TLS vulnerabilities such as Logjam, weak export and RC4 ciphers, or didn't validate digital certificates properly. The researchers also tested [pdf] 29 anti-viruses, and found 13 would intercept TLS connections. Only Avast versions 10 and 11 for Windows did not reduce TLS connection security. Avast 11.7 for macOS, however, advertised support for the insecure and deprecated data encryption standard (DES) encryption, earning a F score by the researchers for being severely broken. Interception of TLS connections involves security products injecting their own certificates in web browsers or devices in organisation networks. This alllows them to terminate TLS connections, decrypt the traffic so as to look for malicious or disallowed content, and then re-initiate the TLS connection after analysis is complete. Such interception is increasingly prevalent, the researchers said, meaning the security community is working at cross purposes - the attempts to detect and block harmful traffic dramatically reduces connection security, the researchers said. "Many of the vulnerabilities we find in anti-virus products and corporate middleboxes — such as failing to validate certificates and advertising broken ciphers — are negligent and another data point in a worrying trend of security products worsening security rather than improving it," they wrote. Compounding the problem, the researchers noted that while it was possible to adjust middlebox settings in many cases to avoid them degrading TLS security, their configuration was "confusing, oftentimes with little or no documentation". "We note that the installation process for many of these proxies is convoluted, crash-prone, and at times, non-deterministic," they said. Testing middleboxes with services such as Qualys SSL Labs, How's My SSL, and Bad SSL is a must for administrators, the researchers said. There is no good reason for anti-virus vendors to intercept TLS since their software operates locally and already has access to the file system, browser memory, and any content loaded over HTTPS, they claimed. The researchers disclosed the vulnerabilities in the security products to vendors, but said the reception to the reports varied greatly. "In many cases, we received no response and in other cases, we were unable to convince manufacturers that TLS vulnerabilities such as Logjam required patching," they wrote. "One company would not accept our vulnerability report without a product serial number, and several indicated that secure product configuration was a customer responsibility and that they would not be updating their default configuration." Article source
  12. Microsoft’s New Windows 10 Version Is Malware, Epic CEO Says Tim Sweeney can’t stop his rant against Windows 10 Cloud In a series of tweets, Sweeney calls Windows 10 Cloud “ransomware,” a form of malware that compromises computers by locking down files and asking for a ransom to restore access. “Windows Cloud is ransomware: It locks out Windows software you previously bought and makes you pay to unlock it by upgrading to Windows Pro,” he said in a tweet dated February 7. “Firefox blocked. Google Chrome blocked. Google search blocked as web browser search option. OpenGL, Vulcan, OpenVR, Oculus VR blocked,” he continued. “Microsoft is making a huge move against the whole PC ecosystem: @Adobe, @Autodesk, #Valve, @EA, @Activision, @Google, @Mozilla. All blocked. Windows Cloud will steal your Steam PC game library and ransom it back to you...for a price.” The Windows 10 Cloud story So is this thing true? Not at all, and it all starts with the purpose of Windows 10 Cloud, which by the way, is not yet confirmed and we don’t even know if everything we heard about it is true. First and foremost, Windows 10 Cloud appears to be a version of the Windows 10 operating system that exclusively focuses on Store apps, just like Windows RT did when it was launched in 2012 with the Surface RT. There is a good chance that Windows 10 Cloud would be offered to OEMs completely free to install it on their devices, and this contributes to lower prices when these models hits the shelves. Microsoft is expected to offer a built-in upgrade option that would allow Windows 10 Cloud users to switch to Windows 10 Pro, and thus get Win32 app support, should they pay for a license. This is pretty much what Sweeney is criticizing, claiming that once users pay for the upgrade, they get access to Win32 apps (this is also most likely the reason he calls Windows 10 Cloud “ransomware”). And yet, this is by no means ransomware, but only a way to bring cheaper devices to the market and boost adoption of UWP apps. The Epic CEO, however, is also criticizing Microsoft’s aggressive push for universal apps, claiming that the company is actually trying to destroy the Win32 ecosystem by forcing users to switch to Store apps entirely. Windows Cloud is ransomware: It locks out Windows software you previously bought and makes you pay to unlock it by upgrading to Windows Pro. — Tim Sweeney (@TimSweeneyEpic) February 7, 2017 Source
  13. Firewall App Blocker 1.5: Easier Windows Application Blocking Firewall App Blocker 1.5 is the latest version of the popular third-party program for Windows to block applications from accessing the Internet. While you can block any process from connecting to the Internet using the built-in firewall on Windows machines, the process is not overly comfortable as it involves several steps to complete. That's one of the main reasons why programs such as Windows Firewall Control and Firewall App Blocker are popular. Firewall App Blocker 1.5 Firewall App Blocker was designed to improve the process of allowing or blocking applications in Windows Firewall. The portable program extends Windows Firewall in this regard. To use it, download the latest version of the firewall program from the developer website (linked in the summary box below this article), and extract the archive that it is provided in. The program is provided as a 32-bit and 64-bit application in the program folder after extraction. The 64-bit version of the application is a new feature of this release. If you have used the last version of the program, released in 2014, you may notice differences immediately. The outbound and inbound rules are now separated, so that it is easier to keep an overview. All existing rules are listed in the interface. Each entry is listed with its name (usually program name and filename), the location on the disk, whether the rule is enabled, and the action (allow, block). You can sort the data with a click on a column header, for instance to display all active rules, or all rules that block connections. Add process is another new feature of Firewall App Blocker 1.5. You had to select programs on the disk in previous versions to add rules for them. With the new add process option, it is now possible to pick running processes as well which makes it easier as you don't have to browse the system for the file location anymore. Another feature that adds to the comfort level of the program is the add a folder option. It blocks all executable files in the selected folder automatically. This is useful if there are multiple executable files in a folder that you want to block. Instead of selecting each executable file individually, you'd simply block the whole folder using the program. How that is done? Simple: click on File > Add Folder Contents, and select the folder using the file browser that opens. This adds all executable files of that folder to the block list. Please note that this is a one-time process. The folder is not monitored for new executable files. So, any executable file placed in the folder after you run the operation is still allowed to run. You need to re-run the add folder option in this case or add the new executable file manually. Firewall App Blocker supports a new and handy "block all Internet" feature which you can toggle with a click on Firewall > Block Internet. You may use the same Firewall menu to disable the firewall as well. What else? The program window is resizable now, and you may change the font used by the application to display the firewall rules in the list. Last but not least, there is a new whitelist mode feature which blocks all processes from connecting to the Internet except for those on the whitelist. You switch between default mode and whitelist mode in the firewall menu. Closing Words The Firewall App Blocker 1.5 update improves the program in several significant ways: 64-bit program support, the new whitelist and folder blocking features, and the new handy process blocking options. Now You: Which firewall, and program, do you use on your machines? Source
  14. Windows 10 Had More Vulnerabilities than Windows 7 Last Year This doesn’t necessarily mean it’s less secure though Specifically, the study shows that last year, Microsoft addressed a total of 729 vulnerabilities in its software, more than the 703 confirmed for 2015. What’s a bit worrying, however, is that this is nearly the double of the vulnerability count in 2014, when Microsoft found and fixed 383 security flaws. The research also indicates that Internet Explorer continues to be the Microsoft application with the biggest number of vulnerabilities, with an all-time chart indicating that the browser was affected by no less than 1,261 flaws. Surprisingly, however, Windows 10 is the runner-up, with Microsoft’s latest operating system getting the second spot with 705 vulnerabilities. Windows 10 was launched in July 2015 and 2016 was its first full year on the market. Windows Server 2012 is third with 660 vulnerabilities, while Windows 7 comes next with 647 flaws. Windows Vista is fifth with 621. Users not exposed despite the bigger number of vulnerabilities What’s essential to know is that although the number of vulnerabilities increased in Windows 10, this doesn’t necessarily mean that the latest operating system is less secure than its predecessors. Most of these vulnerabilities were privately reported to Microsoft and they were fixed before any exploits went public, so users weren’t exposed to any attacks. At the same time, Microsoft is also paying particular focus to making Windows 10 capable of mitigating zero-day vulnerabilities even when no patch is available. Recently, the company revealed that Windows 10 Anniversary Update, which was launched in August 2016, managed to cope with attacks aimed at exploiting unpatched vulnerabilities in the operating system, keeping users secure until Microsoft actually delivered a fix. Furthermore, Microsoft has already started downplaying Windows 7, explaining that it’s less secure than Windows 10 and pointing to the security features that its latest operating system has and which are missing because of the obvious technical limitations on its predecessors. Source
  15. We've all wished we could be somebody else at some point in time; and while that isn't actually possible in reality, on the Internet it might sometimes be a necessity; Or at least make you feel more secure about registering at sites that insist upon names and other info that you don't want to provide and that they don't need to have. Well between these two sites, you can be someone else. http://www.fakenamegenerator.com/ *You'll notice that the above site has an email that you can activate, but given that it's not free, use what you can of it in the following site: http://hidebox.org/ *Use them to protect yourself and not to defraud someone else.
  16. Kryptel Standard 7.4.1 - Latest - Full Version Promo by Comss.ru Overview: Kryptel Standard offers reliable protection using encryption and ability to encrypt your files and folders with a single click. After this, your data will be part of an impregnable fortress. The app is easy to use to encrypt sensitive data, important files and documents. Kryptel Standard allows you to decrypt all or only some files at a time, and also includes a built-in browser that allows you to view the contents of the encrypted container. Kryptel Standard uses the latest encryption standard (NIST-Approved Advanced Encryption Standard - AES 256-bit), and also some additional ciphers for advanced users. You can even use Kryptel Standard to scan your hard disks in search for certain types of files to encrypt them when they are there. In addition, the application Kryptel Standard is so small that it can be run on a USB flash drive for protection on the go. More Info: Product Homepage, Edition Comparison Links: Offer: https://www.comss.info/page.php?al=Kryptel_Standard Shared Key: Note: Limited Period Offer. Current Status: Open. Terms: License should be activated by February 7, 2017 Lifetime license only for Kryptel Standard version 7.4.1[Specific Version] No upgrades to future versions No free support Personal use only Downloads: Kryptel Standard v7.4.1 - [Size: 17.56 MB]: https://www.kryptel.com/download/KryptelTrial.7.4.1.exe
  17. Steganos Online Shield VPN - 1 Year[365 Days] 2GB / 5GB / Unlimited* Per Month Promo by PC Pro Pals, this is not a new product from Steganos. It is the same old Online Shield 365. Now, it is just re-launched as Online Shield VPN. Actual Cost of OnlineShield VPN - 1 Year - $49.95. With Discount - $24.97 or $14.97. Now, you can get this for FREE - No Ads. NOTE: Limited Bandwidth - 2GB / 5GB / Unlimited* Per Month; 3 Devices; No Support; Personal Use Only. *Update: Some users are able to get Unlimited Bandwidth on at-least 1 key while using different browsers for 2 or multiple requests with different emails. Encryption Comparison between Steganos VPN Products: OkayFreedom VPN - 128-bit blowfish OnlineShield VPN - 256-bit AES More Info from TorrentFreak: https://torrentfreak.com/anonymous-vpn-providers-2016-edition2#steganos Links: Offer: https://www.steganos.com/specials/?m=pcpro0317&p=sos or https://www.steganos.com/specials/pcpro0317/sos Steps: Just click on any of the above links and enter your email. If you don't want to receive newsletters from Steganos Team, Uncheck the option. Now. Click on "Seriennummer anfordern". Check your mail and store the key. Tip: Note: Limited Period Offer. Current Status: Open. Downloads: Online Installer - Size: 2.6MB: https://file.steganos.com/software/downloader/steganos/sosintdle.exe Full Installer[Latest version]: https://file.steganos.com/software/sosint.exe - Size: 37.2MB (or) https://file.steganos.com/update/sosint.exe - Size: 37.2MB (or) https://file.steganos.com/software/wrappers/pcpro0317/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/auslogics0117/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/pcformatpl0217/sosintwr.exe - Size: 35.4MB - Link not working. Use any of the above/below links (or) https://file.steganos.com/software/wrappers/downloadmixcom1216/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/pcgo0117/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/chip1116/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/chip/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/steganos/sosintwr.exe - Size: 35.4MB - Link not working. Use any of the above links Other Downloads: Android App iOS App Support/FAQ: https://www.steganos.com/service
  18. Mine is extremely light, but undoubtedly powerful. Here is my setup: Defensewall ShadowDefender Keyscrambler Sandboxie (custom rules) (A2, SAS, MBAM used rarely, on demand)
  19. Bad Ad Johnny Is An Ad, Tracker And Malware-Blocker For Chrome Developed by VPN provider PureVPN, Bad Ad Johnny is a one-stop ad, tracker and malware-blocker for Chrome. The extension aims to block absolutely everything, says the website, in particular those "acceptable ads": "I DO NOT shake hands with publishers under the table and let some ads slide." Installation is automatic and initially there’s nothing to do, just browse as usual and enjoy your ad-free existence. The Bad Ad Johnny icon updates in real time with the total number of blocked threats on the current page. If a figure seems high or you’re just curious, clicking the icon breaks down the figure by ads, trackers and malware. If this doesn’t completely work, a "Targeted Elements" enables choosing an area of the current page to block. A "Disable on this site" button turns the extension off for the current site only, and as you click a voice says "Enable me if you want to live". That’s funny for the first two or three times, annoying after that, but fortunately it can be turned off with a click. If you need more control, there are plenty of settings available. The "Global List" section is a good place to start, displaying the lists used to identify ads, malware, privacy and social media intrusions. You can disable some of these if they’re causing problems, or turn on others to try and block even more threats. Bad Ad Johnny is a free extension for Google Chrome. Source
  20. Tails 3.0 Anonymous Live OS Enters Beta, Ships with Linux 4.9 and GNOME 3.22 It will only work on 64-bit desktop and laptop computers The next version of the Tails 2.x series will be 2.11, currently scheduled for launch in early March, but it looks like the development of the Tails 3.0 major release continues in the background, and now users can get their hands on the Beta build. Tails 3.0 Beta comes two and a half months after the Alpha milestone released last year in November, when the project's developers announced that they would drop support for 32-bit systems, allowing the amnesic incognito live system to run only on 64-bit PCs. As usual, we took the Beta version of Tails 3.0 for a test drive to see what's new, and we can report that it's based on the upcoming Debian GNU/Linux 9 "Stretch" operating system and it's powered by the long-term supported Linux 4.9 kernel. GNOME 3.22 is the default desktop environment with redesigned Greeter However, probably the coolest new features of Tails 3.0 is the revamped Tails Greeter, a small dialog that will pop-up when you run the live system for the first time on your computer, helping you set up the default language, keyboard layout, formats, and other settings. Of course, Tails 3.0 will come pre-installed with all the anonymity tools that you love, including the recently introduced OnionShare utility for anonymous file sharing. The latest Tor and Tor Browser applications are also included to keep your identity safe from hackers and hide from government agencies. Numerous bugs have been squashed in this new pre-release version of Tails 3.0, but many known issues remain unresolved, and you can read all about them before jumping on the beta testing bandwagon in the official release notes. Without further ado, you can download the Tails 3.0 Beta Live ISO image right now, write it on a USB flash drive, and take it for a test drive on your modern, 64-bit computer. If you decide to stick with it, please keep in mind that it's a pre-release version, not suitable for production use, despite the fact that it will receive security updates. Source
  21. UPDATE 1 UPDATE 2 ------------------------------------------ 1) - Spycar What is Spycar? Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form. Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool. Spycar runs only on Windows, the same platform most targeted by spyware developers. What does Spycar do? The following links are Spycar. Clicking on each of the links will make Spycar try to take some benign action on your system. When you first run it, Spycar will ask you to name a test profile, a small file where we'll store state information about a given series of Spycar tests you perform. Then, when you click on each link, Spycar works by pushing a Windows executable to your browser. Currently, Spycar runs only on Windows, and its browser-centric alterations focus on IE, although it can be triggered by any Windows browser (Firefox-altering Spycar modules will be released soon!). Spycar does not include any exploits, so you must click "OK" in the message that appears in your browser to run the given Spycar function. If, after you click "OK", your anti-spyware tool blocks the given Spycar action, good for you! If not, this benign alteration will occur. Then, when you have clicked each of these links, you can click on the Results/Clean-Up link to have the Spycar tool called TowTruck automatically measure how your anti-spyware tool did, and to restore your machine to the pre-Spycar settings. Note that we designed Spycar as a series of different links and associated executables. We did not make it a monolithic one-click-to-conduct-all-actions programs, because an anti-spyware tool may shut down a given program early on in its cycle, without letting Spycar accurately test later modules. That's why you have to click on each link, giving your anti-spyware tool a fair shot at stopping each individual action. Spycar Tests Spycar Homepage 2) -Shields UP Without your knowledge or explicit permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world at this very moment! GRC Shields UP Test 3) - DNS Nameserver Spoofability Test Can you trust your Domain Name Servers? You and your web browser would believe you were at your banking site. You entered the URL correctly, or used a reliable link or shortcut. Everything would look right. But you would be logged onto a malicious foreign web site which was ready and able to capture your private banking information. DNS Spoofability test 4) -Symantec Security Check Symantec Security Test 5) -PC Security Test PC Security Test is a free program for Windows that checks computer security against viruses, spyware and hackers. With a few mouse clicks, users can easily control the efficiency of their protection software (anti-virus programs, spyware scanners and firewalls). PC Security Test simulates virus, spyware and hacking attacks and monitors the responses of your protection software. Don't worry, no real viruses are involved !After the tests are complete, PC Securtiy computes a security index and provides tips on improving PC security. Download PC Security Test Homepage 6) -PC Flanks Battery of Tests PC Flanks Tests 7)- Security Scan from Audit My PC scans done - Firewall Scanner , Privacy Scanner , Exploit Scanner Audit My PC 8 ) -Test My PC Security Battery of Tests . Test My PC Security has a wide range of downloadable firewall leak and HIPS tests so you can find out just how good your security software is. Firewall Leak Tests – Firewall leak tests are written to test how effective the firewall component of your security software is at detecting and blocking outgoing connection attempts. If a program is able to connect to the internet without your knowledge then it is capable of transmitting any private data you may have on your machine. The techniques used by these programs are sophisticated but are representative of real world threats – so your firewall needs to block them. HIPS Tests – Tests designed to check how well your security software protects your internal system from attack by malicious executables such as viruses. A good HIPS system will restrict access to your critical operating system files, registry keys, COM interfaces and running processes. It should block untrusted processes from modifying the memory space of other programs and stop malware whenever it tries to install itself. Firewall Leak and HIPS tests – These tests are designed to test both of the above at the same time (both the Firewall and Host Intrusion Prevention components of your software). Download Complete Set of tests (Zip ) Individual Tests Home Page 9) -Belarc Advisor - Free Personal PC Audit The Belarc Advisor builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes, anti-virus status, CIS (Center for Internet Security) benchmarks, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server. Download BelArc Security Advisor BelArc Home Page 10) - Qualys Browser Check Perform a security analysis of your browser and its installed and missing plug ins and / or any other security patches or any other security issues . Qualys Browser Check 11) - Browser Spy BrowserSpy.dk is a collection of online tests that shows you just how much personal information can be collected from your browser just by visiting a page. BrowserSpy.dk can tell you all kinds of detailed information about you and your browser. Information ranging from simple stuff like the name and version of your browser to more detailed stuff like what kind of fonts you have installed and what hardware you're running on. You name it, BrowserSpy.dk shows it! When you surf around the internet your browser leaves behind a trail of digital footprints. Websites can use these footprints to check your system. BrowserSpy.dk is a service where you can check just what information it's possible to gather from your system, just by visiting a website.Privacy to the ultimate test! Browser Spy 12) - Eicar Test File The Eicar Test file , your anti virus should alert you to both the files when you click on them . if it doesnt , let them download , and then extract them or use them or scan your pc with your AV scanner . if working , your AV scanner should alert you this ( FAKE ) threat ... Eicar2com test Zip eicar.com 13) - Firewall Leak Tester Download Firewall Leak Test Leak Test Home Page 14) - Zemana Logging Tests . These test programs simulate the activities of different loggers. If your security software is protecting you proactively, then the simulation should trigger a warning message. No warning means no proactive protection... and probably no protection at all! If the simulation does not trigger a warning, then your current security software does not protect you . http://zemana.com/SecurityTests.aspx 15) - Spy Shelter Security Test Tool Download Spy Shelter Test Spy Shelter Home Page 16) - BufferZone Security Test Tool In the following demo, we will simulate what will happen when you receive a malicious file. It could come in through any number of ways: browsing, as an email attachment, from a USB storage device, just to name a few. We will attempt to prove that none of your security system's defense layers will identify or alert you to our intrusion attempt. Note: This is only a demo and no actual damage will be caused to your PC. Download Test File BufferZone Test Homepage 17) - Matousec Security Software Testing Suite Security Software Testing Suite (SSTS) is a set of tools used for testing Windows security software that implement application-based security – i.e. most of the Internet security suites, HIPS, personal firewalls, behavior blockers etc. SSTS is based on the idea of independent programs that attempt to bypass various features of the security software. Each test of SSTS is directed against a single feature or against a few closely connected features of the security software. Download SSTS. Matousec SSTS Homepage 18) - RUBotted - Test if your PC is Acting like a BOT . RUBotted monitors your computer for potential infection and suspicious activities associated with bots. Bots are malicious files that enable cybercriminals to secretly take control of your computer. As more bots secretly take control of computers and use these infected machines in malicious activities, bot networks are becoming more resilient. The emergence of new bot families and the continued proliferation of some of the threat landscape's most notorious botnets only reinforce the need for a reliable solution against botnets. It is capable of detecting known and unknown variants of known botnet families including some of the most notorious botnets today: ZBOT/ZeuS – bank information stealerKOOBFACE – most successful Web 2.0 botnetWALEDAC – infamous spamming botDownload RUBotted RUBotted Homepage 19) Comodo Tests ( Thanks to Alienforce1) Comodo Parent Injection Leak Test Suite (contains 3 Tests) The CPIL suite contains three separate tests especially developed by Comodo engineers to test a firewall's protection against parent injection leak attacks Download CPIL -- -------------------- Comodo HIPS and Firewall Leak Test Suite (contains 5 tests) Comodo's latest suite of tests cover a wider range of exploits and will tell quickly inform you if your computer is vulnerable to Root kits, Background Intelligent Transfer attacks and process injection attacks. Download HIPS and Firewall Test 20) Phish Test Verify the authenticity of a URL with this online live tool . suspect a link to be Phishy test it here . and see if its been reported a web forgery or not . other way to use the tool is to check your system for Phishing safety . copy a link from the website which has already been reported to be a web forgery . open it in your browser and see if you get any alerts . PhishTank PS-- please read all the instructions on a tests web site thoroughly and completely before running or performing a test . the post can not be held responsible for any loss of data , loss of system stability , system crashes , BSOD, system failures or for that reason , any thing that may arise while or after performing a test .!! nothing serious , just a random precautionary statement , all tests are safe . go ahead and try them and test your system ...
  22. Some Windows 10 Devices Still Exposed to DMA Attacks That Can Steal BitLocker Keys An upcoming Windows 10 Insiders Build version will include a patch that will improve the protection against DMA attacks that could allow attackers to extract BitLocker encryption keys and other sensitive information from Windows 10 and 8.1 PCs. DMA (Direct Memory Access) is an acronym used to describe hardware ports that allow external components to directly connect and access a computer's memory (RAM). DMA attacks are a combo of software and hardware hacks that allow an intruder to obtain a computer's memory content via one of the computer's DMA ports. Depending on the timing of his attack, the stolen memory data can contain sensitive information such as the BitLocker PIN, encryption keys, passwords, and others. Researcher demoes DMA attack against protected PC DMA attacks aren't new, and have existed since the 90s, and Microsoft introduced protections against such attack vectors with the release of Windows 8.1 and Windows 10. Protection measures included certain group policies that would disable all DMA ports during startup, and would later freeze all DMA ports if the user locked his PC, but keep DMA ports open to data transfers if they were connected before the PC was locked. According to Finish security expert Sami Laiho, the protection measures Microsoft introduced were inneffective and didn't cover all types of DMA ports. This lead to situations where an attacker could extract data from DMA ports even if the computer's owner had enabled DMA port protections. Laiho demoed one such attack via a FireWire port at the Microsoft Ignite conference last year. The attack's description and demo start at 44:55 in the video below: Microsoft's DMA port protections were ineffective Via email, Laiho has detailed some of Microsoft's problems with DMA ports and their protections: "DMA-attacks were for years blocked with instructions from Microsoft," Laiho said. "They have been and are incorrect." "In Windows 8.1 Microsoft said they had a feature that would not allow DMA-attacks if the computer was locked. This ended up being misinformation," Laiho noted. "In Windows 10 Microsoft said this [DMA protection] feature was now in place and ON by default. This was misinformation as well as it is there but not ON by default, and [...] it doesn’t apply to all devices, only some." Laiho also added that "this [DMA protection feature] was configurable only for people who used Microsoft InTune MDM (very few)." For the past few years, the researcher has been pestering the Microsoft security team to expand this protection. Last week, Microsoft finally admitted he was right. "This [current] mitigation only protects PCI-based buses, for example, ExpressCard, Thunderbolt, & some docking stations (PCIe based). Older, non-PCI buses such as 1394 and CardBus are still vulnerable," Microsoft admitted. Updated DMA attack protection coming in a few weeks "They will provide a Group Policy setting in a few weeks to the Windows Insiders [Build] and later publicly," Laiho told Bleeping Computer. "This will still only protect against the more modern busses, so you need to use this and my instructions to make it a safe combo." Visit Laiho's blog for updated instructions on how to properly shut down DMA ports running on old buses. Source
  23. Avast Releases Three New Decryption Tools to Fight Ransomware There are now 14 anti-ransomware tools available from Avast “In the past year more than 200 new strains of ransomware were discovered, it’s growth of in-the-wild samples two-folded, but the good news is that hundreds of millions of Avast and AVG users were protected against this popular threat,” reads a blog post signed by Jakub Kroustek, reverse engineer and malware analyst at Avast. The three new decryption tools address three different ransomware strains – HiddenTear, Jigsaw and Stampado/Philadelphia. Some solutions for these particular strains are already available, coming from other security researchers. Avast decided, however, that it is always best to have multiple options. That’s because these three strains are particularly active and frequently encountered, especially in the past few months. Since the used encryption keys update often, so must the decryption tools. In the end, whether it’s Avast’s tools or those made by other security researchers that work against the ransomware, it’s all for the same purpose. “Last but not least, we were able to significantly speed-up the decryption time, more precisely the password brute-force process, so e.g. some of the HiddenTear variants will be decrypted within minutes instead of days. The best results are achieved when decrypting files directly from the infected machine,” Kroustek writes. Decrypting HiddenTear HiddenTear has been around for a while and the code is actually hosted on GitHub. Given the fact that it is so present, many hackers have gone and tweaked the code and starting using it. Encrypted files have a wide range of extensions: .locked, .34xxx, .bloccato, .BUGSECCCC, .Hollycrypt, .lock, .saeid, .unlockit, .razy, .mecpt, .monstro, .lok, .암호화됨, .8lock8, .fucked, .flyper, .kratos, .krypted, .CAZZO, .doomed. and more. After all the files are encrypted, a text file will appear on the user’s desktop. Decrypting Jigsaw Jigsaw was first spotted in the wild in March 2016, and many of its strains use the picture of the Jigsaw Killer from the same-name movie in the ransom screen. Files encrypted after the computer was infected with Jigsaw have Encrypted files will have one of the following extensions: .kkk, .btc, .gws, .J, .encrypted, .porno, .payransom, .pornoransom, .epic, .xyz, .versiegelt, .encrypted, .payb, .pays, .payms, .paymds, .paymts, .paymst, .payrms, .payrmts, .paymrts, .paybtcs, .fun, .hush. Keeping up with the movie script, the malware will delete a file per hour if you don’t pay up. Decrypting Stampado This particular ransomware has been around since August 2016, and it’s being sold on the dark web. Multiple versions have been circulating on the Internet, one of them is called Philadelphia. Most often than not, Stampado adds the .locked extension to the encrypted files. Stampado will delete a new file every 6 hours unless you pay the ransom. Check out Avast’s list of anti-ransomware tools and see if you can find one to help you out. Source
  24. Megaupload 2.0 News Delayed By ‘Expected’ Roadblock A few hours ago Kim Dotcom was gearing up to make an important announcement about a new version of the defunct Megaupload service. However, with minutes left to go, the Megaupload 2.0 plans hit an "expected" roadblock, which means that the wait continues. January 2012, New Zealand Police carried out the largest action ever against individuals accused of copyright infringement. The raid on Kim Dotcom’s Coatesville mansion was carried out on behalf of United States authorities, who are still trying to extradite him and several of his former colleagues. Meanwhile, Dotcom hasn’t been sitting still. Today, exactly five years after the raid on his house and the destruction of the original Megaupload, the entrepreneur planned to announce fresh details on a new and improved version, Megaupload 2.0. Dotcom, who is not officially part of the venture but acts as its chief “evangelist,” informed us a few months ago that the launch was delayed but that more information would come out today. “It is unlikely that we can make a full January 20th launch happen. The fund-raising was delayed and the legal team needed more time for the new setup. But we will reveal more details about Megaupload 2 and Bitcache on that special day,” Dotcom said at the time. Those who followed Dotcom’s Twitter updates were indeed promised some “big news,” but at the end of the day things turned out quite differently. The announcement had to be delayed due to an “expected” roadblock. “Sorry but there has been an expected hiccup. Will tell you all about it later today. Let this play out and give me some time to update you,” Dotcom noted. No further details on the exact reason for the delay were provided, but the Megaupload 2.0 team is actively working on a solution. This may take a few days, according to a message posted by Dotcom a few hours ago. Operation Destroy roadblock This appears to be the first bump in the road after Megaupload 2.0 was first mentioned last summer. Prospective users who are eager for more details have to be patient for a little longer. From what has been revealed thus far, Megaupload 2.0 and the associated Bitcache platform will allow people to share and store files, linking every file-transfer to a bitcoin transaction. The bitcoin element is not the only part that’s new. Unlike the original Megaupload, the new incarnation isn’t going to store all files itself. Instead, it plans to use third-party providers such as Maidsafe and Storj. This means that the new Megaupload will mostly act as a middleman between other file-storage platforms, adding a separate layer of encryption through Bitcache. More information and perhaps some technical details are expected to follow in the near future. Source
  25. BitChute is a BitTorrent-Powered YouTube Alternative YouTube is without doubt one of the Internet's best platforms, but it does have its weaknesses, particularly when it comes to monetizing controversial content. Using BitTorrent under the hood to avoid expensive bandwidth bills, could the recently launched BitChute become a viable alternative? YouTube attracts over a billion visitors every month, with many flocking to the platform to view original content uploaded by thousands of contributors. However, those contributors aren’t completely free to upload and make money from whatever they like. Since it needs to please its advertisers, YouTube has rules in place over what kind of content can be monetized, something which caused a huge backlash last year alongside claims of censorship. But what if there was an alternative to YouTube, one that doesn’t impose the same kinds of restrictions on uploaders? Enter BitChute, a BitTorrent-powered video platform that seeks to hand freedom back to its users. “The idea comes from seeing the increased levels of censorship by the large social media platforms in the last couple of years. Bannings, demonetization, and tweaking algorithms to send certain content into obscurity and, wanting to do something about it,” BitChute founder Ray Vahey informs TorrentFreak. “I knew building a clone wasn’t the answer, many have tried and failed. And it would inevitably grow into an organization with the same problems anyway.” As seen in the image below, the site has a familiar layout for anyone used to YouTube-like video platforms. It has similar video controls, view counts, and the ability to vote on content. It also has a fully-functioning comment section. Of course, one of the main obstacles for video content hosting platforms is the obscene amounts of bandwidth they consume. Any level of success is usually accompanied by big hosting bills. But along with its people-powered philosophy, BitChute does things a little differently. Instead of utilizing central servers, BitChute uses WebTorrent, a system which allows people to share videos directly from their browser, without having to configure or install anything. Essentially this means that the site’s users become hosts of the videos they’re watching, which slams BitChute’s hosting costs into the ground. “Distributed systems and WebTorrent invert the scalability advantage the Googles and Facebooks have. The bigger our user base grows, the more efficiently it can serve while retaining the simplicity of the web browser,” Vahey says. “Also by the nature of all torrent technology, we are not locking users into a single site, and they have the choice to retain and continue sharing the files they download. That puts more power back in the hands of the consumer where it should be.” The only hints that BitChute is using peer-to-peer technology are the peer counts under each video and a short delay before a selected video begins to play. This is necessary for the system to find peers but thankfully it isn’t too intrusive. As far as we know, BitChute is the first attempt at a YouTube-like platform that leverages peer-to-peer technology. It’s only been in operation for a short time but according to its founder, things are going well. “As far as I could tell, no one had yet run with this idea as a service, so that’s what myself and few like-minded people decided. To put it out there and see what people think. So far it’s been an amazingly positive response from people who understand and agree with what we’re doing,” Vahey explains. “Just over three weeks ago we launched with limited upload access on a first come first served basis. We are flat out busy working on the next version of the site; I have two other co-founders based out of the UK who are supporting me, watch this space,” he concludes. Certainly, people will be cheering the team on. Last September, popular YouTuber Bluedrake experimented with WebTorrent to distribute his videos after becoming frustrated with YouTube’s policies. “All I want is a site where people can say what they want,” he said at the time. “I want a site where people can operate their business without having somebody else step in and take away their content when they say something they don’t like.” For now, BitChute is still under development, but so far it has impressed Feross Aboukhadijeh, the Stanford University graduate who invented WebTorrent. “BitChute is an exciting new product,” he told TF this week. “This is exactly the kind of ‘people-powered’ website that WebTorrent technology was designed to enable. I’m eager to see where the team takes it.” BitChute can be found here. Source