Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'websites'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 71 results

  1. You already know that some applications offer portable or “soft” installations, but don’t you wish there was some place on the Internet where you could find any portable application? Although few, the good news is that there are some! Portable applications are incredibly useful. If you’re someone who is constantly carrying around a flash drive, you should always have a few of your favorite portable applications (or even a portable application suite) on it. I’ve found that portable applications are just as useful for a wide variety of uses — like when you’re setting up synchronized folders. I have a folder in my Dropbox dedicated to no-installation-required programs, and syncing it to any new desktop or laptop means that I immediately have several applications available at my fingertips. It’s rather helpful. Here where you can go to find these types of portable programs
  2. ALMOST 200,000 WEBSITES and connected systems remain vulnerable to the Heartbleed OpenSSL bug, more than two-and-a-half years after it was first uncovered. That's according to the Shodan Report 2017, based on scans conducted by the search engine that enables used to scour the internet for specific types of computers. The systems will be wide open to a range of exploits that have been around almost since the bug was first publicised. The US is far out in front with 42,032 systems still vulnerable, according to Shodan, followed by South Korea with 15,380, China with 14,116, Germany with 14,072 and France with 8,702. The UK has some 6,491 systems and servers vulnerable to Heartbleed connected to the internet. And the organisations hosting the most vulnerable systems include South Korea's SK Broadband and Amazon. Approximately 75,000 of the vulnerable connected systems are using expire SSL certificates and running ageing versions of Linux. Heartbleed is a security flaw in the open source OpenSSL cryptography library, widely used in implementations of the Transport Layer Security (TLS) protocol. The flaw was reported to the OpenSSL developers on 1 April 2014, publicly disclosed on 7 April 2014, with a fix released the same day. However, many organisations have been slow to patch their systems accordingly. Many may not even know that the software they're running uses the OpenSSL library. Other TLS implementations are not affected by the flaw. Indeed, just months after the flaw was discovered, Shodan found that 300,000 systems remained vulnerable. That was in June 2014. Shodan is a search engine that enables users to find specific types of devices connected to the internet using a variety of filters. Shodan collects data mostly on web servers (HTTP/HTTPS - port 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), SIP (port 5060),[2] and real-time streaming protocol (RTSP, port 554). The latter can be used to access webcams and their video stream. It was launched in 2009 by computer programmer John Matherly who, in 2003, conceived the idea of a search engine that could search for devices linked to the Internet, as opposed to information. The name Shodan is a reference to a character from the System Shock computer games. Article source
  3. In a massive crackdown, police and law enforcement agencies across Europe have seized more than 4,500 website domains trading in counterfeit goods, often via social networks, officials said on Monday. The operation came as Europol, Europe's police agency, unveiled its newest campaign dubbed "Don't F***(AKE) Up" to stop scam websites selling fake brand names online. "The internet has become an essential channel for e-commerce. Its instant global reach and anonymity make it possible to sell nearly anything to anyone at any time," Europol said. "Counterfeiters know it and are increasingly exploiting the unlimited opportunities" the internet offers. But Europol warned that "despite these products looking like a bargain, they can pose serious risks to the health and safety of buyers." In the crackdown, agencies from 27 countries mostly in Europe but including from the US and Canada, joined forces to shut down over 4,500 websites. They were selling everything from "luxury goods, sportswear, spare parts, electronics, pharmaceuticals, toiletries and other fake products," Europol said in a statement, without saying how long the crackdown took. An annual operation run in collaboration with the US Immigration and Customs Enforcement and Homeland Security, there was "a significant increase in the number of seized domain names compared to last year," said Europol director Rob Wainwright. Spotting the fakes As part of the crackdown, Dutch anti-fraud police arrested 12 people across The Netherlands over the past two weeks as they searched homes and warehouses. Most of the raids were prompted by online sales of counterfeit goods on social networking sites such as Facebook and Instagram. "This is a relatively new phenomenon in the trade in counterfeit brand names," the Dutch Fiscal Information and Investigation Service (FIOD) said in a statement. More than 3,500 items of clothing and fake luxury goods were seized in Holland, including shoes, bags and perfumes purporting to be such brands as Nike, Adidas, and Kenzo, with a market value of tens of thousands euros. Publishing a guide on how to spot fake websites and social media scams, Europol warned consumers had to be on their guard. "When shopping online, you are more likely to fall victim to counterfeiters," it said as "without the physical product to look at and feel, it can be more difficult for you to spot the differences." It also warned that by using illicit websites online shoppers "are exposing your computer or mobile device to cyber-attacks like phishing or malware." Article source
  4. Website spreading Gatak-infected keygens (via Symantec) Websites offering free keygens for various enterprise software applications are helping crooks spread the Gatak malware, which opens backdoors on infected computers and facilitates attacks on a company's internal network, or the theft of sensitive information. Gatak is a backdoor trojan that first appeared in 2012. Another name for this threat is Stegoloader, and its main distinctive feature is its ability to communicate with its C&C servers via steganography. Gatak relies on steganography to stain hidden Steganography is the technique of hiding data in plain sight. In the world of cyber-security, steganography is the practice of hiding malicious code, commands, or malware configuration data inside PNG or JPG images. The malware, in this case Gatak, connects to its online C&C server and requests new commands. Instead of receiving an HTTP network requests, for which all security software knows to be on the lookout, the data is sent as an innocuous image, which looks like regular web traffic. The malware reads the image's hidden data and executes the command, all while the local antivirus thinks the user has downloaded an image off the Internet. Keygens for enterprise software spreading Gatak Security firm Symantec says it uncovered a malware distribution campaign that leverages a website offering free keygens for various applications such as: SketchList3D - woodworking design software Native Instruments Drumlab - sound engineering software BobCAD-CAM - metalworking/manufacturing software BarTender Enterprise Automation - label and barcode creation software HDClone - hard disk cloning utility Siemens SIMATIC STEP 7 - industrial automation software CadSoft Eagle Professional - printed circuit board design software PremiumSoft Navicat Premium - database administration software Originlab Originpro - data analysis and graphing software Manctl Skanect - 3D scanning software Symantec System Recovery - backup and data recovery software All of the above are specialized apps, deployed in enterprise environments. The group behind this campaign is specifically targeting users that use these applications at work, but without valid licenses, in the hopes of infecting valuable targets they could hack, steal data from, and possibly sell it on the underground. Keygens don't work, they just infect users with Gatak The keygens distributed via this website aren't even fully-working tools. They just produce a random string of characters, but their purpose is to trick the user into executing the keygen binary just once, enough to infect the victim. The hackers are picky about the companies they target because the security firm has seen second-stage attacks on only 62% of all infected computers. Attackers use Gatak to gather basic information about targets, on which, if they deem valuable, deploy other malware at later stages. In some cases, the hackers also resort to lateral movement on the victim's network, with the attackers manually logging into the compromised PC. Attacks aren't sophisticated, and the hackers only take advantage of weak passwords inside the local network. Symantec says it didn't detect any zero-days or automated hacking tools employed when hackers have attempted to infect other devices on the local network. Gatak infections per industry vertical (via Symantec) Telemetry data shows that 62% of all Gatak infections have been found on computers on enterprise networks. Most of these attacks have targeted the healthcare sector, but it doesn't appear that hackers specifically targeted this industry vertical, as other companies in other verticals were also hit. Attackers might have opted to focus more on healthcare institutions because these organizations usually store more in-depth user data they can steal, compared to the automotive industry, gambling, education, construction, or others. "In some cases, the attackers have infected computers with other malware, including various ransomware variants and the Shylock financial Trojan," Symantec notes in a report. "They may be used by the group when they believe their attack has been uncovered, in order to throw investigators off the scent." Article source
  5. SHA-1 is a hashing algorithm that has been used extensively since it was published in 1995, however, it is no longer considered secure. It was deemed vulnerable to attacks from well-funded adversaries back in 2005 and was replaced by SHA-2 and SHA-3 which are considerably more secure hashing functions. Many companies including Google, Mozilla, and Microsoft have already announced that they'll stop accepting SHA-1 TLS certificates by 2017. Now, Microsoft has detailed how numerous websites, users, and third-party applications will be affected once the company deprecates SHA-1 signed certificates starting February 4, 2017. Microsoft states that in an effort to further enhance security features on Edge and Internet Explorer 11, the two browsers will prevent sites using SHA-1 signed certificates from loading and will display an "invalid certificate" warning. While it isn't recommended, users will have the option to bypass the warning and access the potentially vulnerable website. The company has clarified that this will only impact websites with SHA-1 signed certificates that link to a Microsoft Trusted Root CA, while manually installed enterprise or self-signed SHA-1 certificates will remain unaffected. The Redmond giant states that developers who have installed the latest 2016 November Windows updates can test if their websites will be affected by the change. The detailed procedure can be viewed in the company's blog post here. Microsoft has clarified that third-party Windows applications utilizing the Windows cryptographic API set or older versions of Internet Explorer will not be affected by the changes. Similarly, the update will not prevent clients from using the SHA-1 certificate in client authentication. Regarding cross-signed certificates, Microsoft has explicitly confirmed that Windows will only check the thumbprint of the root certificate is in the Microsoft Trusted Root Certified Program. The company has clarified that certificates "cross-signed with a Microsoft Trusted Root that chains to an enterprise/self-signed root" will not be affected by the changes next year. Source: Microsoft Article source
  6. Over a third (35%) of the world’s websites are still using insecure SHA-1 certificates despite the major browser vendors saying they’ll no longer trust such sites from early next year, according to Venafi. The cybersecurity company analyzed data on over 11 million publicly visible IPv4 websites to find that many have failed to switch over to the more secure SHA-2 algorithm, despite the January deadline. With Microsoft, Mozilla and Google all claiming they won’t support SHA-1 sites, those still using the insecure certificates from the start of 2017 will find customers presented with browser warnings that the site is not to be trusted, which will force many elsewhere. In addition, browsers will not display the tell-tale green padlock on the address line for HTTPS transactions, while some might experience performance issues. There’s also a chance some sites will be completely blocked, said Venafi. SHA-2 was created in response to weaknesses in the first iteration – specifically collision attacks which allow cyber-criminals to forge certificates and perform man-in-the-middle attacks on TLS connections. However, migration to the new algorithm isn’t as simple as applying a patch, and with thousands of SHA-1 certificates in use across websites, servers, applications and databases, visibility is a challenge, warned Venafi vice-president of security strategy and threat intelligence, Kevin Bocek. “The deadline is long overdue: National Institute of Standards and Technology (NIST) has called for eliminating the use of SHA-1 because of known vulnerabilities since 2006,” he told Infosecurity. “Most organizations do not know exactly how many certificates they have or where they are being used, and even if they do, it is a time-consuming and disruptive process to update them all manually.” Bocek recommended organizations first work out where their SHA-1 certificates are and how they’re being used, before building a migration plan. “Here, you will need to work out where your priorities are, so that you can protect your crown jewels first – i.e. the sites and servers that hold sensitive data or process payments. This way the team can focus on migrating critical systems first to ensure they are better protected,” he explained. “The best way to do this is through automation. By automating discovery of digital certificates into a central repository companies can upgrade all certificates to SHA-2 at the click of a button, where possible. And importantly you can track and report on progress to your board, executive leadership, and auditors. This allows businesses to migrate without interrupting business services or upsetting customers.” Article source
  7. Fake Flash Player update sites have long been a favorite distribution method for adware and other unwanted programs. Today, a fake Flash update site was discovered by ExecuteMalware that is pushing the Locky ransomware. When someone visits the site they will be presented with a page that states that Flash Player is out of date and then automatically downloads an executable. If you look carefully at the URL in the browser's address you can see that the domain of fleshupdate.com does not seem to be spelled right. Fake Flash Update Web Page The executable automatically downloaded by this site is named FlashPlayer.exe and includes a flash player icon as seen below. Flash Icon in Downloaded File If you look at the properties of this file, though, things start to look strange. Locky Installer Properties Ultimately, if a user runs this program thinking that Flash will be updated they will be in for a big surprise. Instead of a flash player update, they will ultimately be shown a Locky ransom note when the ransomware has finished encrypting the victim's files. Locky Ransom Note The LockyDump information for the variant I tested is below. MalwareHunterTeam also saw a sample using an affiliate ID of 19, which as far as we know has not been previously seen. Verbose: 0 The file is a PE EXE affilID: 13 Seed: 9841 Delay: 30 Persist Svchost: 0 Persist Registry: 0 Ignore Russian Machines: 1 CallbackPath: /message.php C2Servers: 85.143.212.23,185.82.217.29,107.181.174.34 RsaKeyID: 85D RsaKeySizeBytes: 114 Key Alg: A400 Key: RSA1 Key Bits: 2048 Key Exponent: 10001 As you can see, it is not only attachments and exploit kits pushing ransomware. Everyone needs to be vigilant and careful when browsing the web. Furthermore, program updates should only be downloaded from their main product sites rather than 3rd party sites where you have no idea what you are installing. Article source
  8. Web giant tries to fill the protection gap created when malicious sites clean up their act just long enough to ditch the Safe Browsing warning. Google has added a new classification to its Safe Browsing initiative to better protect users from malicious websites trying to game the system. Google's Safe Browsing warns users when they are about to visit a website known to violate the web giant's policies on malware, unwanted software, phishing or social engineering. The warning appears until Google verifies that the site in question no longer poses a threat to users. But some sites are only cleaning up their act just long enough to shake the warning, and then returning to their harmful behavior. That gap in user protection led Google to create a new label to warn users of sites that engage in this pattern. "Starting today, Safe Browsing will begin to classify these types of sites as "Repeat Offenders," Google explained in a company blog post Tuesday. "Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy." Once classified as a "repeat offender," sites will not be allowed to request a review for 30 days. During that time, users will continue to see messages warning them of the risk involved in visiting the site. Article source
  9. Chrome is starting to flag more pages as insecure. Here are five things every webmaster should know about HTTPS. Google wants the connection between Chrome and your website to be more secure. And, if you're a webmaster, your upcoming deadline to increase security is January 2017. By that time, your site needs to serve pages with password or payment fields over an HTTPS connection. If you still serve those pages on an unencrypted connection—HTTP only, not HTTPs—Chrome will warn that the page is "Not secure." A quick visit to pages on your site will show you whether or not the site supports HTTPS. Open a page with Chrome and look at the URL bar. Click (or tap) on the lock (or info icon) to the left of the URL to view the connection security status. Then select "Details" for more info. A green lock and the "Your connection to this site is private" message indicates an HTTPS connection between Chrome and the page. The icon to the left of the web address of your website indicates whether or not the site supports a secure connection (HTTPS on left) or not (HTTP on right). In the long term, Google wants every page of your site to support HTTPS—not just the ones with payments or passwords. Google search already prefers to return results from pages with HTTPS over pages that lack a secure connection. To enable an HTTPS connection between your site and visitor browsers, you need to setup an SSL certificate for your website. Here are five things things to know that may make the process easier. 1. Your web hosting provider might already serve your sites over a secured connection. For example, Automattic, which runs Wordpress.com, turned on SSL for their hosted customers in April of 2016. Customers didn't have to do anything at all—other than use Wordpress.com to host a site. 2. A few web hosting vendors make certificate setup free and easy Other web hosting providers offer a secure connection as an option, for free. Squarespace and Dreamhost, for example, both let customers choose to enable secure sites. Configuration of certificates used to be much more difficult, but these vendors streamline the process to a few steps. Some web hosting vendors make SSL certificate setup both free and easy. Let's Encrypt, a project of the nonprofit Internet Security Research Group, provides the certificates for all three of the vendors just mentioned (Dreamhost, Squarespace, and Wordpress). Many other vendors offer easy setup, too. Look at the community-maintained list of web hosting providers that support Let's Encrypt. More notably, Let's Encrypt certificate services are free. Yet, some web hosting vendors still charge significant fees for certificates. If you receive some additional authentication or security services, the fees may provide value. (For most non-technical organizations, I suggest you choose—or switch to—a web hosting vendor that supports Let's Encrypt.) 3. If you're on shared hosting, you may need an upgrade The certificates won't necessarily work in every hosting setup. In some cases, for example, a web hosting provider will only offer SSL with a dedicated server. That may mean a potential increase in hosting costs. In other cases, the certificate will work, but won't work with certain older browsers. For example, in the case of Dreamhost, you may choose to add a unique IP address to your hosting plan along with your Let's Encrypt certificate. Doing this allows the secure connection to work with certain versions of Internet Explorer on Windows XP, as well as some browsers on older Android devices (e.g., Android 2.4 and earlier). If you're on a shared hosting plan, you may need an upgrade to enable SSL or to support a secure the connection to older browsers or devices. 4. Check your login and checkout processes Many sites rely on third-party vendors for registration, e-commerce, mailing list sign-up, and/or event registration. While most trustworthy vendors already deliver these pages over HTTPS connections, verify that is the case. Make sure your vendors offer your visitors the same secure connection your site does. 5. After the switch, check your links Verify that your site links work. Follow your web hosting provider's instructions to make sure that every request for an insecure page (HTTP), redirects automatically to one delivered over a secure connection (HTTPS). You may need to make some additional changes to your content management system. For example, at Dreamhost, you will need to make additional adjustments to Wordpress settings. Gone HTTPS yet? At the time of this writing, we're just two months away from when Chrome begins to deliver more aggressive alerts to warn of insecure pages. Hopefully, you've already secured the necessary pages on your site. But, that's just the first step. For most websites, there's little downside to moving to HTTPS as soon as possible. Article source
  10. Malicious websites promoting scams, distributing malware and collecting phished credentials pervade the web. As quickly as we block or blacklist them, criminals set up new domain names to support their activities. Now a research team including Princeton University computer science professor Nick Feamster and recently graduated Ph.D. student Shuang Hao has developed a technique to make it more difficult to register new domains for nefarious purposes. In a paper presented at the 2016 ACM Conference on Computer and Communications Security on Oct. 27, the researchers describe a system called PREDATOR that distinguishes between legitimate and malicious purchasers of new websites. In doing so, the system yields important insights into how those two groups behave differently online even before the malicious users have done anything obviously bad or harmful. These early signs of likely evil-doers help security professionals take preemptive measures, instead of waiting for a security threat to surface. "The intuition has always been that the way that malicious actors use online resources somehow differs fundamentally from the way legitimate actors use them," Feamster explained. "We were looking for those signals: what is it about a domain name that makes it automatically identifiable as a bad domain name?" Feamster, the acting director of Princeton's Center for Information Technology Policy, will be participating in the upcoming fourth Princeton-Fung Global Forum, which is focused on cybersecurity. The event will be held March 20-21, 2017, in Berlin. Once a website begins to be used for malicious purposes — when it's linked to in spam email campaigns, for instance, or when it installs malicious code on visitors' machines — then defenders can flag it as bad and start blocking it. But by then, the site has already been used for the very kinds of behavior that we want to prevent. PREDATOR, which stands for Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration, gets ahead of the curve. The researchers' techniques rely on the assumption that malicious users will exhibit registration behavior that differs from those of normal users, such as buying and registering lots of domains at once to take advantage of bulk discounts, so that they can quickly and cheaply adapt when their sites are noticed and blacklisted. Additionally, criminals will often register multiple sites using slight variations on names: changing words like "home" and "homes" or switching word orders in phrases. By identifying such patterns, Feamster and his collaborators were able to start sifting through the more than 80,000 new domains registered every day to preemptively identify which ones were most likely to be used for harm. Testing their results against known blacklisted websites, they found that PREDATOR detected 70 percent of malicious websites based solely on information known at the time those domains were first registered. The false positive rate of the PREDATOR system, or rate of legitimate sites that were incorrectly identified as malicious by the tool, was only 0.35 percent. Being able to detect malicious sites at the moment of registration, before they're being used, can have multiple security benefits, Feamster said. Those sites can be blocked sooner, making it difficult to use them to cause as much harm — or, indeed, any harm at all if the operators are not permitted to purchase them. "PREDATOR can achieve early detection, often days or weeks before existing blacklists, which generally cannot detect domain abuse until an attack is already underway," the authors write in their paper. "The key advantage is to respond promptly for defense and limit the window during which miscreants might profitably use a domain." Additionally, existing blocking tools, which rely on detecting malicious activity from websites and then blocking them, allow criminals to continue purchasing new websites. Cutting off the operators of malicious websites at the moment of registration prevents this perpetual cat-and-mouse dynamic. This more permanent form of protection against online threats is a rarity in the field of computer security, where adversaries often evade new lines of defense easily, the researchers said. For the PREDATOR system to help everyday internet users, it will have to be used by existing domain blacklist services, like Spamhaus, that maintain lists of blocked websites, or by registrars, like GoDaddy.com, that sell new domain names. "Part of what we envision is if a registrar is trying to make a decision about whether to register a domain name, then if PREDATOR suggests that domain name might be used for malicious ends, the registrar can at least wait and do more due diligence before it moves forward," Feamster said. Although the registrars still must manually review domain registration attempts, PREDATOR offers them an effective tool to predict potential abuse. "Prior to work like this, I don't think a registrar would have very easy go-to method for even figuring out if the domains they registered would turn out to be malicious," Feamster said. In addition to Feamster, the authors include: Shuang Hao, now at the University of California-Santa Barbara; Alex Kantchelian and Vern Paxson, University of California-Berkeley; and Brad Miller, Google. The work was supported in part by the National Science Foundation and Google. Article source
  11. Modern browsers can run some powerful websites which are better alternatives to most of our traditional desktop softwares. Here are the 15 powerful websites that can do some pretty awesome things. Suppose you are working on your friend’s computer and you want to edit your photo or say, want to convert a file, but you realized he didn’t install that particular software. Then what will you do…..? Ofcourse, most of us download and install that software. But what if I say you don’t have to do that anymore…..yes….World Wide Web or internet now became more powerful than before. Earlier we used it just for browsing and sending mails. But with development in web technologies like HTML5,PHP…….etc,modern browsers can do some amazing things. Now there are a lot of web apps or powerful websites available in internet that can do almost every work without installing a software. Today we are going to list some powerful websites that can replace traditional desktop softwares. Powerful Websites that can Replace Desktop Softwares 1. OnlineConverter OnlineConverter is a free online file converter lets you convert media easy and fast from one format to another. It is capable of converting audio,video,image,documents..etc and supports almost every file format. 2. PowToon PowToon will is most minimalist, user friendly and intuitive presentation software that allows someone with no technical or design skills to create engaging professional “look and feel” animated presentations that can be combined with narration, music or embedded videos. Powtoon is most suited for people less experienced with PowerPoint who are looking for a simple interface to create quick marketing presentations. 3. VirusTotal VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners. 5. WeVideo WeVideo is a powerful, yet easy-to-use, cloud-based collaborative video creation platform.Whether you are a beginner or a seasoned professional you can create an impactful video with ease in WeVideo. 6. Tinkercad Tinkercad is a free web-based online 3D printing design tool. Tinkercad’s 3D design tools are accessible to beginners and experienced designers alike. Shapes that you place on a design field are stretched, contorted and combined to make your 3D model. It performs best with Chrome and Firefox browsers. The platform also provides 3D printing services, so your models can be printed and shipped straight to your door. 7. LastPass LastPass is a powerful web based software that manage your various logins and can even create strong, randomized passwords for the sites you frequent. LastPass stands out because it’s web-based—unlike KeePass—and built around browser extensions. Your passwords are stored in the cloud, encrypted by a master password only you know. When a password is needed, LastPass automatically springs into action. 8. Silex Silex is a free and open source website builder in the cloud. Create websites directly in the browser without writing code. It is suitable for professional designers to produce great websites without constraints. 9. Pixlr Editor Pixlr Editor is a powerful website that will help you to edit your images. This graphics editing tool isn’t quite Photoshop, but it’s far more powerful than the Paint program that comes pre-installed on PCs will ever be, with a wide array of tools, filters, adjustment options, and yes, even layers. You can start from scratch with a blank canvas or tinker with images stored either on your local hard drive or on a website. 10. Janvas Janvas help you to create Vector Graphics for the web in HTML, SVG and PHP. With Janvas you can also create websites and interactive books without writing code. 11. MindMup MindMup is a powerful website that delivers mind-mapping tools. MindMup combines editing and productivity user interface aspects typical for desktop applications, such as keyboard shortcuts, edit history, right-click menus and toolbars, with online application capabilities such as cloud storage, easy sharing, enabling users to embed maps in their web sites and publishing maps publicly with read-only access. The vast majority of the site’s tools are completely free, but some features — such as exporting particularly large maps or embedding your MindMup map in a website — requires a small fee. 12. Google Sheets Google Sheets is the new Google Spreadsheets software. Google Sheets is available on all your devices and has all the features you come to expect from spreadsheet software. Sheets also allows you to collaborate with others in real time. 13. Google Slides With Google Slides you can create, edit, and collaborate with others on presentations. Access, create, and edit your presentations wherever you go — from your phone, tablet, or computer. 14. Prezi Prezi is a cloud-based presentation software that can be used as an alternative to traditional slide making programs such as PowerPoint. Instead of slides, Prezi makes use of one large canvas that allows you to pan and zoom to various parts of the canvas and emphasize the ideas presented there. 15. OnlyOffice OnlyOffice is a cloud business service that enables you to manage projects, customer relations and documents in one place. Actually it has an online office application suite working within a browser. It combines text, spreadsheet and presentation editors that include features similar to Microsoft desktop editors (Word, Excel and PowerPoint), but then allow to co-edit,comment and chat in real time. Article source
  12. Running a fully functional website in a regular browser without any central servers being involved sounds complicated, but with Web2Web it isn't. The project, powered by WebTorrent and bitcoin, allows anyone to create updatable websites that are as resilient as it gets. While most people still associate torrents with desktop clients, the browser-based WebTorrent equivalent is quickly gaining popularity. Simply put, WebTorrent is a torrent client for the web. Instead of using standalone applications it allows people to share files directly from their browser, without having to configure or install anything. This allows people to stream videos directly from regular browsers such as Chrome and Firefox, similar to what they would do on YouTube. The technology, created by Stanford University graduate Feross Aboukhadijeh, already piqued the interest of Netflix and also resulted in various innovative implementations. Most recently, Czech developer Michal Spicka created a the Web2Web project, which allows people to share entire websites using WebTorrent technology. This makes these sites virtually impossible to take down. Michal tells TorrentFreak that he is fascinated by modern technology and wanted to develop a resilient, serverless and anonymous platform for people to share something online. “In the past we’ve seen powerful interest groups shut down legitimate websites. I wondered if I could come up with something that can’t be taken down that easily and also protects the site operator’s identity,” Michal says. For most websites the servers and domain names are the most vulnerable aspects. Both can be easily seized and are far from anonymous. With Web2Web, however, people can run a website without any of the above. “To run a Web2Web website neither the server nor the domain is required. All you need is a bootstrap page that loads your website from the torrent network and displays it in the browser,” Michal tells us. While there are similar alternatives available, such as Zeronet, the beauty of Web2Web is that it works in any modern browser. This means that there’s no need to install separate software. The bootstrap page that serves all content is a simple HTML file that can be mirrored anywhere online or downloaded to a local computer. With help from Bitcoin the ‘operator’ can update the file, after which people will see the new version. “If the website operator wants to publish new content on his previously created website, he creates a torrent of the new content first and then inserts the torrent infohash into a bitcoin transaction sent from his bitcoin address,” Michal says. “The website is constantly watching that address for new transactions, extracts the infohash, downloads the new content from the torrent swarm, and updates itself accordingly,” he adds. For Michal the project is mostly just an interesting experiment. The main goal was to show that it’s possible to make working websites without any central server involved, using WebTorrent and bitcoin. He has no clear vision on how people will use it, but stresses and he’s not promoting or encouraging illegal uses in any way. “I’m strongly against using it for anything illegal. On the other hand, I can’t prevent people from doing that. The moment will come when this project gets abused and only then we will see if it’s really that resilient,” he notes. In the meantime, this perfectly legal demo gives people and idea of what’s possible. More info on how to create distributed pages is available here. TorrentFreak
  13. Users will receive an error when trying to access web servers that use weak Diffie-Hellman key exchange with weak keys To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys. Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be used with TLS's ephemeral modes, which provide forward secrecy -- a property that prevents the decryption of previously captured traffic if the key is cracked at a later time. However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman key exchange imposed on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the key size to 512 bits. In May 2015 around 7 percent of websites on the internet were vulnerable to the attack, which was dubbed LogJam. "In response to recent developments attacking Diffie-Hellman key exchange and to protect the privacy of Firefox users, we have increased the minimum key size for TLS handshakes using Diffie-Hellman key exchange to 1023 bits," David Keeler, a Mozilla security engineer, said in a blog post Friday. A small number of servers are still not configured to use strong enough keys and Firefox users trying to access them will receive an error called “ssl_error_weak_server_ephemeral_dh_key," Keeler said. According to a recent survey of the top 140,000 HTTPS websites on the internet by traffic, around 5 percent of them used keys smaller than 1024 bits. The currently recommended size is 2048 bits and over 67 percent of these sites conform to that. Article source
  14. 10 Amazing Websites Every Linux Gamer Must Follow Gaming on Linux is getting traction. We listed the best Linux games of 2016 in our last Linux gaming article. One reader asked about how can he be updated about latest happenings in the world of Linux games. Now, I am going to regularly update you about Linux games but our coverage at It’s FOSS is not going to be very intense. So, in this article, we share with you the best Linux gaming websites we could dig up, in the world of Linux gaming: BEST LINUX GAMING WEBSITES #1 Gaming On Linux This site easily makes it to the top of our list because of its sheer amount of regular updates and efforts to support the Linux gaming world. Run by Liam Dawe, Gaming on Linux is a very active portal which will keep you updated about the latest news of upcoming games, reviews and more. #2 Boiling Steam “PC Gaming With Linux Is So Tomorrow” is their notable caption, which reveals their immense enthusiasm in the Linux Gaming Community! This site is a clear competitor to Gaming On Linux. Though not affiliated in any way with Valve Software’s Steam platform, Boiling Steam focuses on covering the world of PC Linux Gaming and the related Steam Machines launched since November 2015. Ekianjo is the owner of BoilingSteam who is a long time Linux user both on the desktop or mobile devices. It is worth to note that the owner focuses gaming mostly on Linux, and tries to avoid Windows as much as possible. Psppwner300 is another editor who is a great hobbyist Linux fan and writes reviews on various Linux games on Steam, with a serious focus on performance. He covers what Gaming On Linux does not. #3 Linux Game Consortium Linux Game Consortium aims to maintain the foundation of the Linux community and Linux gamers by keeping you up to date with the latest content available. They encourage providing various news and information posts, Twitter comments/postings, social media content and more. It is good to know that they boldly focus on disproving the statement: “Linux gaming is not widely supported outside of the community” without hesitation. Linux Game Consortium looks toward encouraging not only existing Linux gamers but also new ones who have just ventured into the world of Linux gaming. #4 LinuxGameCast This website though focused on Linux gaming, particularly belongs to the game webcasting genre which is pretty much exciting to see for every Linux gaming fan! LinuxGameCast aims to provide quality Linux game capture, news, reviews and more. They are very welcoming towards viewers, Linux game developers and knowing about fresh Linux game news from fans! BTW, they sure have a hilarious way of announcing gaming news! Here’s one from 11th September: They play their Linux games on Ubuntu, Fedora and Kubuntu. By the way, if you like gaming webcasts, you should know that you can use Twitch on Linux without flash now. #5 Linux Game Database Linux Game Database or LGDB primarily focuses on Linux games that are beyond the planning stage and have released more than tech demos, either as source code or binary files. They get information about a game usually from its website. After carefully categorising the games, they are showcased with various screenshots and videos. You can browse their database by applying different filters to fetch out the games you want. Ranking of games is done by considering user votes and popularity. The popularity of a Linux game is decided by calculating the sum of visits to the game’s page for the past three days. #6 GamersOnLinux GamersOnLinux is another amazing website on Linux gaming particularly because of their efforts to contribute to the world of Linux gaming. Their forum, in particular, consists of a wealth of information, be it guides, news and more!! #7 RootGamer The word “root” clearly shows the focus on the Linux platform and how serious they are about Linux as a gaming platform! RootGamer is a Linux-gaming website that aims to create awareness of the fast growing community of Linux gamers. Created by Linux users, RootGamer.com was launched in 2012 because of their strong belief in the potential of Linux as a gaming platform. #8 Play Deb 2 PlayDeb is particularly targeted to Ubuntu gamers (though it doesn’t necessarily mean that the games are unplayable on other Linux flavours), which is an unofficial project with the goal of providing the latest open source and freeware games for the current Ubuntu Linux release, in a user-friendly way. They have a repository that extends the official repositories by providing latest versions and new games. It is interesting to note that gamers don’t need to wait for official releases as new game versions can be downloaded immediately as soon as they become available from their authors. The site is administered, managed, developed and maintained by a volunteer group and the users themselves. #9 PenguSpy The creator of PenguSpy, Kostas Mavropalias takes Linux gaming very seriously after abandoning the Windows Operating System. Kostas loves Linux as much as Linux games. Being a professional designer & developer, the owner decided to create Penguspy as a contribution to the Linux world. The goal of this project is to raise awareness in Linux as a gaming platform. #10 SteamDB – Linux Though not an actual Linux gaming website, in particular, this regularly updated page can definitely not be ignored if you want to stay updated about news on Steam supported games. It is an absolute delight to see that steadfast increase of Steam games in that graph, isn’t it? They also have a section called “Products that have hints of Linux support” where users can confirm a game to be reportedly working via GitHub or Freenode IRC(channel #steamdb or #steamlug). On the page, if at least five people press the “It works” button on a game, a pull request will be created automatically. Add your favorites to the list of best Linux gaming websites? Dear readers, if you know about more such amazing sites on Linux gaming, feel free to enlist them via comments. We will be happy to know your favorite Linux gaming websites. Source
  15. TV and Sport events http://www.rojadirecta.me/ http://88.80.11.29/ http://www.streamhunter.eu http://zonytvcom.info/ http://www.livestation.com/ (News Channels) https://www.youtube.com/live/all http://www.justin.tv/ http://www.ustream.tv http://aflam4you.tv/index.html (Arabic Channels + beIN Sports channels) http://www.kakibara.com/ http://www.stream2watch.me/ http://www.hahasport.com/ http://www.firstrow1.eu/ http://tvtoss.com/ Movies http://www.movie4k.to/ Movies Subtitles http://subscene.com/ Football highlights http://footyroom.com/ Updated: Download Music: http://beemp3.com http://mp3lx.com/ http://mp3skull.com/ http://www.mp3toss.com Updated 2: Watch TV on Android 1- Download IPTV App from Playstore 2- Download TV playlists and add them to the App, Here a good website for the playlists NB: You can try another app called Kodi, it's available for Windows too but did not tried it yet Updated 3: http://www.streamgaroo.com/
  16. When it comes to entertainment nothing can beat the environment and fun provided by movies. There are millions of movies in different categories that you can choose as per your interest. From sci-fi to comedy, from action to suspense, from horror to romantic, everything is out there. You just need to find the right path to watch these movies. If your life is so busy and hectic that you don’t get enough time to go out for movies halls and theater to watch movies, still you can have latest movies in your device so that you can watch it whenever you want you. Today, I am sharing best free Hollywood movie downloading websites where you can download latest and old movies in high-definition. 1. My Download Tube My Download Tube is free movie downloading website that provides the latest Hollywood and Bollywood movies and lets you download for free. If you don’t want to download any movie but want to watch to online, My Download Tube completes your wish and lets you watch them without any registration or sign-up. My Download Tube also provides a section for games where you can check games and download them for free. Or you can simply write your query as movie or game name in the search box to watch what exactly you intend to. 2. YouTube Movies YouTube Movies is one of the sites where you can find out any video, any episode of favorite TV series, movies, songs and lot more. You can use its search box tool to find the link to download full movie. All the movies provided here are good in quality and has full length. You can download YouTube movies by installing Internet Download manager that will automatically prompt you to download movies. 3. Gingle Gingle is another amazing online portal to download the latest movies, not just movie but you can also search for music, listen to streaming online radio stations, play online games, wallpapers and much more. If you are looking for anything specific, just request it on Ginger and the online portal will be delighted to add that. Ginger doesn’t ask you for any registration or to create any account. You can find your favorite stuff that you want to watch easily. 15 Best Free Movie Downloading Websites Of 2016
  17. If you don't know why your site has been classed a security risk by Google, more help is now available in Google's Search Console. Google's Search Console now provides more help to recover from site hijacking attacks. Google is providing more helpful information for site owners to understand why their site has been labeled in browsers and search results with malware warnings. The new help resources have rolled out in an update to Search Console, the tool that site operators can use to understand how Google search sees their site, including when Google's Safe Browsing anti-malware platform detects that a site has been hijacked to spread malware. If Google Safe Browsing does detect a security issue, such as a script that redirects visitors to a malicious web page, Chrome, Firefox and Safari may display a security warning advising users against visiting the site. The warnings, which also appear in Search results, will persist until the site owner fixes the problem. Once the problem is resolved, site owners can use Search Console to request a review to have the Safe Browsing warning removed. Now site owners will have more specific information in Search Console's Security Issues report, explaining what the security problem is and how to resolve it. The more detailed accounts are available for instances involving malware, deceptive pages, harmful downloads, and uncommon downloads. The updated security issues section also offers "tailored recommendations for each type of issue, including sample URLs that webmasters can check to identify the source of the issue, as well as specific remediation actions that they can take to resolve the issue." Google is encouraging site owners to register their site in Search Console, which the company uses to send notifications about security issues it detects. Since April, Google's Safe Browsing has issued just under 60,000 browser warnings per week and between 30,000 to 40,000 malware warnings in search, according to Google's Transparency Report. It also issues warnings over phishing sites and unwanted software. The more detailed explanations may address some of the findings uncovered in a study last year by Google and the University of California, Berkeley, which looked at nearly 800,000 sites flagged for malware by Safe Browsing. The study explored the best way to communicate issues with site operators, and found significantly higher recovery rates among sites registered with Search Console because they receive notifications from Google, compared with sites alerted via browser and search warnings alone. However, the study also found 12 percent of sites were hijacked against within 30 days, suggesting some site owners weren't addressing the root cause of the hijacking. The risk for site owners is that persistent malware warnings can drive away traffic. About half the hijacked sites in the study were running on popular content-management systems, such as WordPress, Joomla, Drupal, and VBullletin. Outdated instances of these platforms have been behind several large breaches over the past decade. Article source
  18. Chrome 55 (latest beta build available via Chrome Canary) is introducing the ability to specifically flag a HTTP website as non secure. HTTP Website in Chrome 55 This is a pretty big step change in making encryption much more important for every site owner. There has been talk that Chrome will also introduce a warning for sites containing password fields but no HTTPS. At this time there is no difference with the standard HTTP website “Not Secure” warning. HTTP Website in Chrome 55 with password field It looks as though Chrome are slowly encouraging owners to go HTTPS even if they don’t think it is needed. More prominence is also given to sites deploying correctly configured HTTPS certificates. HTTPS Website in Chrome 55 Finally EV Certificates continue to highlight the organisation details providing additional validation and trust. EV Certificate in Chrome 55 Article source
  19. Dangerous vulnerabilities are present in a large number of today's websites, and the percentage is only going to keep on growing, according to a new report by Acunetix. The automated web application security software company released its annual Web Application Vulnerability Report 2016, based on 45,000 website and network scans, done on 5,700 websites over the past year. The results are worrying. More than half (55 percent) of websites have at least one high-severity vulnerability, representing a nine percent growth compared to last year's report. More than four fifths (84 percent) have medium-severity vulnerabilities. There has been a small, "encouraging" reduction in SQL injection and cross-site scripting, but the company says these are "just two of the top three". There’s also Vulnerable JavaScript Libraries, which have seen a significant increase -- more than 100 percent. Among the perimeter network vulnerabilities, Secure Shell (SSH) related ones are considered "most prominent", it was said. "Our research clearly shows high-severity web app flaws are on the rise and older vulnerabilities are still hanging around", says Chris Martin, General Manager at Acunetix. "Having a plan in place to prioritize these problems -- and actually start tackling them -- is critical. Using an automated vulnerability scanner such as Acunetix is the first step to protect your brand’s online real estate". The full report can be found on this link. Article source
  20. We talked to Steven Burn (aka MysteryFCM), the lead of our Web Protection team and owner of hpHosts, and asked him about the strengths and possible improvements of the Malicious Website Protection module that comes with Malwarebytes Premium. To start off, let us explain what the module does and how you can use it. What does the Malicious Website Protection do? The Malicious Website Protection module allows for the identification and subsequent blocking of both malicious domains and IPs by intercepting DNS queries made by everything from your browser and security/conference software to those lovely little “we’ll clean up your system, honest” pieces of up-to-no-good-software. Put simply, pretty much every application that pulls in data from the internet or something as simple as checking for updates to itself (e.g. the operating system itself). Ordinarily, these would go from the application to your router and on to the ISP (or third party provider such as OpenDNS), depending of course, on your setup. In this case however, like a firewall, intercept these queries to identify malicious traffic that could harm your system or steal your data. In layman terms, it blocks traffic to and from domains and IP addresses that we consider dangerous or extremely annoying. Reasons could be: hosting malware or PUPs Tech Support Scammers sites phishing scams other kinds of scams compromised sites fraud illegal pharma How to use In the highlighted area shown below, you can enable/disable Malicious Website Protection with the radio buttons. Even if you are a careful surfer, when you are using the Malicious Website Protection, you may see this type of notification from time to time: What do the items in such a notification mean? Domain: if available, this shows the domain that was requested. If there is no domain mentioned, this usually means that the IP address was provided directly by the Process. IP: This is the IP address that the domain resolved to, and that is being blocked. Port: This is the port on the system that was used for the contact. Type: This shows the direction of the traffic. Process: This is the executable (program) that tried to make the contact. If this is not a browser or another program that displays advertisements, e.g. Skype, this is potentially worrying, especially if you do not recognize the filename. You could be dealing with a Trojan or adware. If it is a browser, it is important to note whether the Domain is the site you wanted to visit or not. There could be a redirect or malicious element on the site you wanted to reach. Manage Web Exclusions If you are sure that the contacted domain is safe or you want to visit a site despite the warning, the exclusion option allows you to do that without having to disable the protection entirely. In the notification you will see a link labeled Manage Web Exclusions. Clicking that link will take you to this screen— —which you can also reach by clicking Settings > Web Exclusions in the program. The screen offers you 3 types of exclusions: by IP by Domain by Process If you really feel you need to utilize this option we advise you to be as restrictive as possible. So, if that works, use the “Add Domain” before you use the “Add IP” and try to avoid giving a Process free play at all times, because some malware is capable of injecting malicious code into trusted processes. Reasons why your browser could be causing alarms If the Process is your browser, this does not necessarily mean that there is an infection. There could be something wrong with the site you are visiting or one of the advertisements it’s displaying. This happens to the most reputable sites sometimes. Only if you don’t have a browser window active and you still see blocks that tell you the browser process is responsible, there is reason for concern. Questions for Steven Burn Q: If someone notices that his site is blocked and he feels this is unjust, what is the best way to proceed? Contact us, either via support, the forums or indeed, email – though checking their site/server first would be advised. Author’s note: It is surprising how often people don’t realize that their site has been compromised or otherwise abused by threat actors. Q: Is it true that some sites are impossible to block with the software as it now is? And are there any plans to change that? This is indeed true. Some sites can’t easily be blocked without resulting in serious disruption of our customers visiting related, but not malicious, sites. In these cases (which are few) we work directly with both the offending site’s host and even law enforcement to get it taken down as quickly as possible. Q: If I find them annoying, is there a way to turn off the notifications without disabling the protection? Not without turning off all notifications, that I am aware of. Author’s note: Disabling notifications can be done under “General Settings”, but it’s not recommended. Q: Is there a place online where I can find out why a certain Domain/IP is blocked? hpHosts, VirusTotal, Scumware, abuse.ch, amongst a plethora of others. We don’t currently provide specifics via those we’ve got public (e.g. hpHosts) as these are held on internal only systems. Article source
  21. The internet is an amazing place where you can find more than 1 billion websites. Along with some fantastic sites there are some weird ones too. It’s impossible for a person to visit every website. Therefore we have gathered some strange websites on the internet. Some of them are funny, some are really boring and a few are like you can’t answer why they exist. We haven’t included adult site here, so you can click on all link without any hesitation. Enjoy the list! 1. Iloveyoulikeafatladylovesapples: Feel the hunger of the fat lady until you let her eat enough apples. The website is completely useless still you can enjoy the graphics and background music. 2. Thenicestplaceontheinter.net: The really sweet website that offers free hugs. Go get it. 3. SciencevsMagic.net/Tes: You can mix the words amazing and weird to describe this one. Also, the website gave AIDS to my eyes. 4. Michaeljfoxnews: Feel the earthquake on your computer. 5. Pointerpointer: I don’t know where did they find these pictures but this is how you get to the specific point. 6. Heeeeeeeey: Just click on link and get the heeey hooo party feel. 7. wwwdotcom: A serious tip for you. 8. Rainymood: Rain makes everything better. So just sit back and enjoy the sound effect to enlighten your mood. 9. Isitchristmas: The name suggests all. May be the website has been designed for people suffering from short term memory loss. 10. Cat-bounce: And that’s how humans play with emotions of cats. 11. 111111111111111111111111111111111111111111111111111111111111: Believe me; I have no idea what the exact purpose of website. But it seems like website owner is not really a fan of Arnold Schwarzenegger. 12. Heyyeyaaeyaaaeyaeyaa: A catchy music with special cartoon characters for our special readers. 13. Thisman: This is the height of weirdness! The website says that hundreds of people dream about this face. No, I don’t. 14. Breakglasstosoundalarm: The thing you wanted to do once in your life is here. 15. Internetlivestats: I don’t think this is a live data, however you will get an idea of few internet stats. 16. Simonpanrucker: No words to explain this useless thing. Kindly decide yourself how weird it is. 17. Ilooklikebarackobama: You might wanna reply this website, “No you don’t, not even a bit”. 18. Corgiorgy: The cute dog army. 19. Haneke: If you like complicated things and pay too much attention into details, you won’t regret after visiting this website. 20. Fearthegaychicken: The question is what makes you think that this chicken is gay. Is it background color or the sound? 21. Koalastothemax: An amazing creativity and fun with pixels. 22. Procatinator: Cats popularity is increasing day by day and somehow this website is the reason behind it. 23. Youfellasleepwatchingadvd: If your mom doesn’t allow you to watch TV, you could spend some time here. 24. Essaytyper: This is the place where you become a professional typist in no time. 25. Feedthehead: My advice is, don’t just feed the head, play with the whole face. 26. Nooooooooooooooo: If your boss gives you extra workload, you can reply him this link. 27. Zoomquilt: The weirdness tends to infinity. Even a telescope can’t look so far. 28. Staggeringbeauty: Just shake the mouse and see the snake’s reaction. 29. Anasomnia: This is how dreams become nightmare. 30. Eelslap: Slap tight as many times as you want. He won’t mind. Source
  22. The long and painful transition is getting there Accessing websites via IPv6 is not only comparable in speed to IPv4, but is actually faster when visiting one in five of the world's most popular sites, according to German researchers. In a new paper, Vaibhav Bajpai and Jürgen Schönwälder from the University of Bremen looked at the response times for the internet's top 10,000 most-visited websites (according to Alexa) over both IPv4 and IPv6, and concluded that not only have earlier delays been removed in the newer internet protocol, but that a connection is sometimes faster. Although IPv4 connections remained faster the vast majority of the time, the researchers noted that in those cases they were rarely more than 1ms slower; ie, the difference was negligible. The paper's abstract reads: That is a significant improvement from just a few years ago when IPv6 connections were often so slow that browsers actually timed out, which itself added yet one more reason for people not to transition their networks and systems to the incompatible protocol. As the paper notes, much of the problem was attributed to two technologies that were intended to assist in shifting traffic from IPv4 to IPv6: the Teredo automatic tunneling technology and 6to4 relays. In both cases, the technologies added "noticeable latency" to connections. In 2013, Microsoft announced it would stop using Teredo on Windows and would kill off its Teredo servers the following year. In 2015, the 6to4 prefix was phased out. The researchers noted – using data from 2013 to 2016 – that the result was a significant increase in speed over IPv6, with Teredo/6to4 now only being used for 0.01 per cent of traffic. Fail whale Other research has shown a huge drop in IPv6 failure rates, from 40 per cent in 2011 to 3.5 per cent in 2015. Still a significant amount, but no longer a barrier to adoption. What is interesting to note is that some browsers actually favor the use of IPv6 over IPv4 and include a timer to decide whether to shift over to IPv4. Firefox and Opera used parallel TCP connections over both IPv4 and IPv6, but Apple uses a 25ms timer in favor of IPv6 and Google used a 300ms timer in its Chrome browser. The researcher used the "Happy Eyeballs" (also known as Fast Fallback) algorithm developed by the Internet Engineering Task Force in 2012 (see RFC 6555) to gather their data. The algorithm gets applications to request both IPv4 and IPv6 connections and then connects using whichever comes back first. The timer can be used to give one a small handicap; by default Happy Eyeballs gives IPv6 a 300ms advantage. As to which websites were actually faster over IPv6: out of the most well known, Netflix leads the way, followed by Yahoo, with YouTube and Google behind them. Facebook, Wikipedia and Microsoft basically run at the same speed regardless of protocol. Despite the good news that the internet's future protocol is increasingly keeping up with its current ubiquitous one, there are still pockets of trouble: the researchers note than in one per cent of the 10,000 top websites on the internet, the IPv6 delay was still over 100ms. A presentation of the paper recorded at a recent conference is available online. Article source
  23. This week The Pirate Bay quietly celebrated its 13th anniversary. Where other giants have fallen in the past, the notorious Pirate ship has stayed afloat. Today we chat with the TPB-team to discuss their remarkable achievement. Hollywood hoped that it would never happen, but this week The Pirate Bay quietly turned thirteen years old. The site was founded in 2003 by Swedish pro-culture organization Piratbyrån (Piracy Bureau). The idea was to create the first public file-sharing network in Sweden, but the site soon turned into the global file-sharing icon it is today. Over the years there have been numerous attempts to shut the site down. Following pressure from the United States, Swedish authorities raided the site in 2006, only to see it come back stronger. The criminal convictions of the site’s founders didn’t kill the site either, nor did any of the subsequent attempts to take it offline. The Pirate Bay is still very much ‘alive’ today. That’s quite an achievement by itself, looking at all the other sites that have fallen over the years. Just last month KickassTorrents shut down, followed by Torrentz a few days ago. Many KickassTorrents and Torrentz users are now turning to TPB to get their daily dose of torrents. As a result, The Pirate Bay is now the most visited torrent site, once again. TorrentFreak spoke to several members of the TPB-crew. While they are not happy with the circumstances, they do say that the site has an important role to fulfil in the torrent community. “TPB is as important today as it was yesterday, and its role in being the galaxy’s most resilient torrent site will continue for the foreseeable future,” Spud17 says. “Sure, TPB has its flaws and glitches but it’s still the go-to site for all our media needs, and I can see TPB still being around in 20 or 30 years time, even if the technology changes,” she adds. Veteran TPB-crew member Xe agrees that TPB isn’t perfect but points to the site’s resilience as a crucial factor that’s particularly important today. “TPB ain’t perfect. There are plenty of things wrong with it, but it is simple, steadfast and true,” Xe tells TorrentFreak. “So it’s no real surprise that it is once more the destination of choice or that it has survived for so long in spite of the inevitable turnover of crew.” And resilient it is. Thirteen years after the site came online, The Pirate Bay is the “King of Torrents” once again. Finally, we close with a yearly overview of the top five torrent sites of the last decade. Notably, the Pirate Bay is the only site that appears in the list every year, which is perhaps the best illustration of the impact it had, and still has today. 2007 1. TorrentSpy 2. Mininova 3. The Pirate Bay 4. isoHunt 5. Demonoid 2008 1. Mininova 2. isoHunt 3. The Pirate Bay 4. Torrentz 5. BTJunkie 2009 1. The Pirate Bay 2. Mininova 3. isoHunt 4. Torrentz 5. Torrentreactor 2010 1. The Pirate Bay 2. Torrentz 3. isoHunt 4. Mininova 5. BTJunkie 2011 1. The Pirate Bay 2. Torrentz 3. isoHunt 4. KickassTorrents 5. BTJunkie 2012 1. The Pirate Bay 2. Torrentz.com 3. KickassTorrents 4. isoHunt 5. BTJunkie 2013 1. The Pirate Bay 2. KickassTorrents 3. Torrentz 4. ExtraTorrent 5. 1337X 2014 1. The Pirate Bay 2. KickassTorrents 3. Torrentz 4. ExtraTorrent 5. YIFY-Torrents 2015 1. KickassTorrents 2. Torrentz.com 3. ExtraTorrent 4. The Pirate Bay 5. YTS 2016 1. KickassTorrents 2. The Pirate Bay 3. ExtraTorrent 4. Torrentz 4. RARBG Today 1. The Pirate Bay 2. ExtraTorrent 3. RARBG 4. YTS.AG 5. 1337X TorrentFreak
  24. Is it illegal to block ads? No. According to multiple court cases, the choice to filter your own http requests is legal and ultimately up to you. It’s your computer (or your mobile device). You have the right to decide which content and scripts enter your system. The best way to understand this right is that adblockers are basically “selective downloaders“. They decide which content to download and view, and which content to ‘not download’ and ignore. That simple choice has been protected multiple times in multiple court decisions. But while that means ‘not downloading ads’ is inherently legal. It may not mean all adblockers are operating legally. The problem is that “selective downloading” isn’t all adblockers are doing. The rabbit hole goes far deeper than just ‘not downloading advertising‘… Adblockers and Anti-Circumvention laws Adblockers aren’t just blocking ads. Adblockers also employ sophisticated circumvention technologies that evade the defensive measures employed by publishers. This crucial feature marks an important legal line in the sand. “Anti-adblock” or “access control” technologies (like BlockAdblock) restrict access to the copyrighted content of websites so that readers can access content only in a manner which the publisher approves of. Specifically, access control technologies like BlockAdblock restrict browsers equipped with adblock plugins from accessing a website’s content. Users who attempt to selectively download only the copyrighted content, without the accompanying advertising may be barred from access. And here’s the rub: While blocking ads has been deemed legal in court, circumvention of access controls is expressly against the law in Europe, the United States and in all signatory-nations of the World Intellectual Property Organization’s Copyright Treaty. In other words: You’re free to block ads but as soon as an access-control technology enters the picture, you may not be within your rights to attempt to circumvent it by technological measures. And that’s exactly what so many adblockers attempt to do — with varying levels of success, depending on the adblocker and the anti-adblock technology being deployed in any given case. What laws are being broken? Anti-circumvention laws in the US, EU and countries who have signed the WIPO treaty are quite similar. Europe European national laws must reference Article 6 of the EU Directive 2001/29/EC Member States shall provide adequate legal protection against the circumvention of any effective technological measures, which the person concerned carries out in the knowledge, or with reasonable grounds to know, that he or she is pursuing that objective. Member States shall provide adequate legal protection against the manufacture, import, distribution, sale, rental, advertisement for sale or rental, or possession for commercial purposes of devices, products or components or the provision of services which: (a) are promoted, advertised or marketed for the purpose of circumvention of, or (b) have only a limited commercially significant purpose or use other than to circumvent, or (c) are primarily designed, produced, adapted or performed for the purpose of enabling or facilitating the circumvention of, any effective technological measures. For the purposes of this Directive, the expression ‘technological measures’ means any technology, device or component that, in the normal course of its operation, is designed to prevent or restrict acts, in respect of works or other subjectmatter, which are not authorised by the rightsholder… In other words, it’s not okay to circumvent technological measures which restrict access to a work. It’s also not okay to manufacture or distribute products whose purpose is to circumvent access controls. And it’s up to the publisher / rights-holder to decide what the terms of said access are. United States Likewise, across the pond in the USA, the Digital Millennium Copyright Act (DMCA) includes several sections relevant to the circumvention of website access controls: Section 103 of the DMCA includes this very clear language: No person shall circumvent a technological measure that effectively controls access to a work protected under this title. And “technological measure” is defined as follows: (3)(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work. Clearly, any anti-adblock defense used to protect website content falls under the description of a “technological measure” requiring a process or treatment to gain access to the work. (That “process or treatment” being the detection of no adblocker, in this particular case). For more information on how adblockers violate the DMCA see the previous post: Is Adblock Plus violating the DMCA It’s not adblocking that’s illegal. It’s the circumvention of ‘technological measures’ that is. Certainly, this doesn’t mean that blocking ads is illegal. But it does strongly suggest that the additional layer of technology employed by current-generation adblockers to circumvent the technological defenses of adblock-detection scripts is illegal. Anti-circumvention law was enacted for a purpose. That purpose is to protect “remuneration schemes” and to”foster substantial investment in creativity and innovation”, to use the opening language of the EC Directive. A harmonised legal framework on copyright and related rights … will foster substantial investment in creativity and innovation, including network infrastructure, and lead in turn to growth and increased competitiveness of European industry, both in the area of content provision and information technology and more generally across a wide range of industrial and cultural sectors. This will safeguard employment and encourage new job creation. Somewhere along the line that primary purpose appears to have been replaced with something less sustainable, and a whole lot less legal. Article source
  25. Mozilla plans to launch an update for the built-in password manager in Firefox that will make HTTP passwords work on HTTPS sites as well. If you use the built-in functionality to save passwords in Firefox currently, you may know that the manager distinguishes between HTTP and HTTPS protocols. When you save a password for http://www.example.com/, it won't work on https://www.example.com/. When you visit the site using HTTPS later on, Firefox won't suggest the username and password saved previously when connected via HTTP. One option was to save passwords for HTTP and HTTPS sites separately, another to open the password manager and copy username and password manually whenever needed on the HTTPS version of a site. With more and more sites migrating to HTTPS, or at least providing users with a HTTPS option to connect to it, it was time to evaluate the Firefox password manager behavior in this regard. Firefox 49: HTTP passwords on HTTPS sites Mozilla made the decision to change the behavior in the following way starting with the release of Firefox 49. Passwords for the HTTP protocol will work automatically when connected via HTTPS to the same site. In other words, if a HTTP password is stored in Firefox, it will be used for HTTP and HTTPS sites when Firefox 49 is released. The other way around does not however. Passwords saved explicitly for HTTPS, won't be used when a user connects to the HTTP version of the site. The main reason for this is security. More precisely, because HTTP does not use encryption, and that password and username may be recorded easily by third-parties. Check out the bug listing on Bugzilla if you are interested in the discussion that led to the change in Firefox 49. Closing Words Firefox users who use the password manager of the web browser may notice the change once their version of the browser is updated to version 49. It should make things a bit more comfortable for those users, especially if a lot of HTTP passwords are saved already. With more and more sites migrating over to HTTPS, it is likely that this will be beneficial to users of the browser. (via Sören) Article source