Jump to content

Search the Community

Showing results for tags 'Cloud'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 32 results

  1. By Larry Dignan for Between the Lines Microsoft delivered stellar fiscal second quarter results and has cloud momentum, but we know about as much about Azure sales as we did yesterday. In other words, we know nothing. Microsoft delivered a blowout fiscal second quarter as its commercial cloud hit a $50 billion annual run rate, but in the end know just as little about Azure sales as we did before. In other words, we know nothing about Azure sales so let's put aside the breathless BS until Microsoft gives us some real data. Here's what we know following Microsoft's second quarter: Azure sales were up 62% from a year ago. Growth reaccelerated from 58% in the previous quarter. The nagging question: What's the base for that growth? We don't know. But I do know this: If Azure sales were all that and a bag of AWS market share, we'd know about it. Instead, Azure sales are lumped into commercial cloud, which doesn't align with Microsoft's reporting structure, and consists of Azure, Office 365 business services, Dynamics 365 services, Enterprise Mobility + Security and other Microsoft cloud products. Various estimates for Azure quarterly revenue hover around $4 billion a quarter. At this point, Azure could be a $16 billion a year business or $20 billion. Either way, the bulk of commercial cloud is widely assumed to be Office 365. AWS exited its third quarter of 2019 with an annual run rate of $36 billion by itself with no Office 365, Dynamics or other boosters. At this point, the lack of Azure disclosure merely means that we have an apples and oranges cloud comparison between Amazon and Microsoft. We also have a bunch of guesstimates and storylines that Microsoft is gaining in hybrid cloud. Maybe. Maybe not. Either way, the cloud computing buyer deserves more. Wedbush analyst Daniel Ives noted: Microsoft beat our Azure cloud estimate by 1,000 bps (not a misprint) coming in at 62% seeing an acceleration from the prior quarter as the cloud share shift from Bezos and AWS to Nadella and Azure is happening at an accelerating pace in our opinion. That storyline from Ives is becoming commonplace even if it's not necessarily validated. A few weeks ago, a Goldman Sachs survey of 100 respondents was run with as validation that Azure is taking share from AWS. Amy Hood, CFO at Microsoft, provided some Azure color. A little bit about the reacceleration in the Azure growth rate, let me divide that into its components. We did have a very good and healthy, broad-based consumption growth, especially in IaaS and PaaS...The SaaS component or the per user component also tends to be where you'll get some variability as well. We did have a good SaaS component quarter in addition to the healthy base, and that does result in some movement in that number from quarter-to-quarter. And, I think Microsoft 365 suite, and the momentum we've got in security and management and mobility is a big contributor to that. Umm, thanks. Now don't get me wrong. There was nothing to nit-pick about with Microsoft's second quarter. It was a complete blowout. And there's no shame in being a cloud juggernaut led by Office 365 and SaaS. But if we're really going to have a bake-off and comparison between Azure and AWS let's get some damn data. Right now, AWS provides the data and Microsoft is ducking with Azure. Source
  2. Sal

    NetDrive 3

    NetDrive 3 - The Network Drive for Your PC - New user interface - Mount at boot up without login - Faster than NetDrive 2 and stable as before! - Background uploading and read-only drive option - Direct access to cloud storage from your desktop - Manage FTP, WebDAV and NAS servers as virtual drives - Connect Google Drive, Dropbox and more - Join more than 2 million users worldwide ! Cloud storage as a virtual drive Managing your favorite cloud storage services could not be easier. Simply provide login information, and all your cloud storage will automatically appear as a virtual drive every time you start your PC. Background uploading With background uploading, NetDrive 3 uploads your files to remote storage without overheads and you will not want to live without this feature. Multiple Mount Options You can control when to mount your drive. With NetDrive 3 now you can mount your drive on system boot time without login. With this option you can use your remote storage with system services. NAS storage as a virtual drive You can connect to NAS servers by WebDAV or FTP. Many NAS vendors recommend NetDrive as a standard way to mount their NAS products. Share your NAS easily with anyone as virtual drive. SFTP to securely transfer files NetDrive supports secure file transfer by SFTP (SSH File Transfer protocol) . Unlike standard File Transfer Protocol (FTP), SFTP encrypt both commands and data, preventing passwords and sensitive information from being transmitted in clear text over a network. Changelog since NetDrive3: 3.1.234 (build 234) - released 10/27/2017 IMPROVEMENTS Updated OpenSSL library to latest version FIXED Hubic - File listing bug Google Drive - Rename bug when using Team Drive Swift - you can use https now Dropbox - limited file listing issue Issue when changing cache folder Minor issues with UI 3.1.218 (build 218) - released 09/27/2017 IMPROVEMENTS Google - Team Drive and Shared Files / Folders Option default to ON OneDrive for Business - Shared Files / Folders Option default to ON UI - Minor changes on Add Drive window FIXED Installation - Fixed installation issue of Explorer extension OAuth login - Fixed issue when user quits while OAuth login Hubic - Fixed issues related to pseudo directories Other minor fixes 3.1.205 (build 205) - released 09/18/2017 IMPROVEMENTS Amazon Drive - Improved to handle huge file list UI - Automatic URL handling of secure protocols FIXED Installation - Fixed device authorization issue after fresh install on some computers Proxy - Fixed issue with proxy configuration Hubic - Fixed issue of empty file list on some case Google Drive - Fixed issue related to Shared / TeamDrive option Other minor fixes 3.1.198 (build 198) - released 09/11/2017 IMPROVEMENTS OneDrive / OneDrive for Business - supports Shared With Me files and folders FIXED OneDrive - Fixed issues when refreshing access token WebDAV - Fixed issue with available and total spaces on some servers Minor fixes on User Interface 3.1.196 (build 196) - released 09/06/2017 Welcome to NetDrive3 With NetDrive you can connect remote storages as a local or network drive. When it’s connected as a drive you can use remote storages with all of your applications. You don’t have to download, edit and upload your files. NetDrive3 is fast as before and comes with entirely new User Interface and asynchronous upload. NEW Upload mode Asynchronous upload Synchronous mode aka on-the-fly mode Mount option Auto mount on boot without login Auto mount on login No auto mount Mount as read-only filesystem Uploadings view List of files being uploaded asynchronously List of failed / canceled upload New User Interface Supports Google TeamDrive Windows Explorer extension shows file status IMPROVEMENTS Box now uses Box REST API Improved filesystem stability and bug fixes Amazon Drive - Improved speed on processing GetChanges DOWNLOAD: https://www.netdrive.net/download/ DIRECT DOWNLOAD: http://files.bdrive.com/netdrive/builds/NetDrive3_Setup-3.1.234.exe FILE SIZE: 72,7 MB
  3. Im using OPPO F7 Android Based on Android 9. There are some apps that are pre-installed, running in Back Ground but due to region Specific App is not visible Or Hidden May be. their icons are not shown in any launcher including default. SO i try to install app but it ended by saying App Not Installed. Its not over riding default app so is there any way to show or make visible this hidden app called Oppo App Market. Regards
  4. In addition to Knative, which is for deploying serverless workloads, Google evidently plans to keep the Kubernetes service mesh, Istio, in-house. It appears that at least one major Kubernetes-related open source project, Knative, isn't destined to join its mother project at the Cloud Native Computing Foundation. Indeed, it's not destined to join any foundation. According to an email sent last week to Knative developers by Donna Malayeri, a project manager at Google and a member of Knative's steering committee, Google won't be relinquishing control of the project anytime soon, if ever. Knative is a promising but not yet ready for prime time Kubernetes-based platform for building, deploying, and managing modern serverless workloads. "Since the start of the Knative project, there have been questions about whether Knative would be donated to a foundation, such as CNCF," Malayeri wrote, indicating in the signature line that she was writing "on behalf of Google." "Google leadership has considered this, and has decided not to donate Knative to any foundation for the foreseeable future." This came as a surprise to many Knative developers and supporters, as it's been presumed by many that Google would eventually contribute Knative to Kubernetes' home at the Linux Foundation's CNCF or to the care of another foundation offering open governance, such as the Apache Software Foundation. That's become the expected route for open source projects, as open governance is seen as an important step for building robust developer communities around projects. Many developers (as well as potential users) are suspicious of projects where a handful of vendors control direction. Which seems to be the direction Knative is headed. At least for the time being, community input will be limited. The project is governed by a steering committee of seven members, four of which are Google employees, with one seat each going to Pivotal (now part of VMware), IBM, and Red Hat. Since any action requires a majority vote, this puts Google completely in the driver's seat. Google's lopsided representation on the steering committee might change, however. In the notice, Malayeri said, "Within the next few weeks, we plan to clarify how project members can attain leadership positions in Knative. As always, our goal is to ensure that Knative serves the needs of our users, the community, and everyone who benefits from using Knative." She also noted that the project remains open source, with no indication that that will change. At this stage in the game, this might be much ado about nothing. Knative isn't yet recommended for production or expected to come out of beta until sometime in the spring. Another Google-held Kubernetes-related project, Istio, wasn't mentioned in the email, but The Register reported that Google intends to hold it close to its chest too. One source closely involved in upstream Kubernetes development told Data Center Knowledge that Istio developers were told in a briefing that the project would remain under Google's control and not be contributed to a foundation. In light of the Knative situation, this would make sense. Istio is a service mesh designed primarily to be used with Kubernetes, and it's also a necessary component for running Knative. Unlike Knative, Istio is out of beta and is already seeing production use. Source
  5. Phishers are Angling for Your Cloud Providers Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals. Stamford, Ct.-based United Rentals [NYSE:URI] is the world’s largest equipment rental company, with some 18,000 employees and earnings of approximately $4 billion in 2018. On August 21, multiple United Rental customers reported receiving invoice emails with booby-trapped links that led to a malware download for anyone who clicked. While phony invoices are a common malware lure, this particular campaign sent users to a page on United Rentals’ own Web site (unitedrentals.com). A screen shot of the malicious email that spoofed United Rentals. In a notice to customers, the company said the unauthorized messages were not sent by United Rentals. One source who had at least two employees fall for the scheme forwarded KrebsOnSecurity a response from UR’s privacy division, which blamed the incident on a third-party advertising partner. “Based on current knowledge, we believe that an unauthorized party gained access to a vendor platform United Rentals uses in connection with designing and executing email campaigns,” the response read. “The unauthorized party was able to send a phishing email that appears to be from United Rentals through this platform,” the reply continued. “The phishing email contained links to a purported invoice that, if clicked on, could deliver malware to the recipient’s system. While our investigation is continuing, we currently have no reason to believe that there was unauthorized access to the United Rentals systems used by customers, or to any internal United Rentals systems.” United Rentals told KrebsOnSecurity that its investigation so far reveals no compromise of its internal systems. “At this point, we believe this to be an email phishing incident in which an unauthorized third party used a third-party system to generate an email campaign to deliver what we believe to be a banking trojan,” said Dan Higgins, UR’s chief information officer. United Rentals would not name the third party marketing firm thought to be involved, but passive DNS lookups on the UR subdomain referenced in the phishing email (used by UL for marketing since 2014 and visible in the screenshot above as “wVw.unitedrentals.com”) points to Pardot, an email marketing division of cloud CRM giant Salesforce. Companies that use cloud-based CRMs sometimes will dedicate a domain or subdomain they own specifically for use by their CRM provider, allowing the CRM to send emails that appear to come directly from the client’s own domains. However, in such setups the content that gets promoted through the client’s domain is actually hosted on the cloud CRM provider’s systems. Salesforce did not respond to multiple requests for comment. But it seems likely that someone at Pardot with access to United Rental’s account was phished, hacked, or perhaps guilty of password re-use. This attack comes on the heels of another targeted phishing campaign leveraging Pardot that was documented earlier this month by Netskope, a cloud security firm. Netskope’s Ashwin Vamshi said users of cloud CRM platforms have a high level of trust in the software because they view the data and associated links as internal, even though they are hosted in the cloud. “A large number of enterprises provide their vendors and partners access to their CRM for uploading documents such as invoices, purchase orders, etc. (and often these happen as automated workflows),” Vamshi wrote. “The enterprise has no control over the vendor or partner device and, more importantly, over the files being uploaded from them. In many cases, vendor- or partner-uploaded files carry with them a high level of implicit trust.” Cybercriminals increasingly are targeting cloud CRM providers because compromised accounts on these systems can be leveraged to conduct extremely targeted and convincing phishing attacks. According to the most recent stats (PDF) from the Anti-Phishing Working Group, software-as-a-service providers (including CRM and Webmail providers) were the most-targeted industry sector in the first quarter of 2019, accounting for 36 percent of all phishing attacks. Image: APWG Source: Phishers are Angling for Your Cloud Providers (KrebsOnSecurity - Brian Krebs)
  6. With cloud companies open-sourcing their innovations, and enterprises increasing participation, open source sustainability is at an all-time high There has perhaps never been so much angst over whether open source software development is sustainable, and yet there has never been clearer evidence that we’re in the golden age of open source. Or on the cusp. Here and there an open source company might struggle to make a buck, but as a community of communities, open source has never been healthier. There are a few good indicators for this. The clouds have parted The first is that the clouds—yes, all of them—are open sourcing essential building blocks that expose their operations. Google rightly gets credit for moving first on this with projects like Kubernetes and TensorFlow, but the others have followed suit. For example, Microsoft Azure released Azure Functions, which “extends the existing Azure application platform with capabilities to implement code triggered by events occurring in virtually any Azure or third-party service as well as on-premises systems.” Azure Functions is a significant open source release, so much so that CNCF executive director Dan Kohn initially assumed that the Azure Functions “SDK is open source, but I don’t think the underlying functions are.” In other words, Kohn assumed the on-ramp to Azure was open source, but not the code that could enable a developer to run serverless setup on bare metal. That assumption, however, was wrong, and Kohn corrected himself: “This is open source and can be run on any environment (including bare metal).” Boom. More recently, AWS released Firecracker, a lightweight, open source virtualization technology for running multi-tenant container workloads that emerged from AWS’ serverless products (Lambda and Fargate). In a textbook example of how open source is supposed to work, Firecracker was derived from the Google-spawned crosvm but then spawned its own upgrade in the form of Weave Ignite, which made Firecracker much easier to manage. These are just a few examples of the interesting open source projects emerging from the public clouds. (Across the ocean, Alibaba has been open sourcing its chip architecture, among other things.) More remains to be done, but these offer hope that the public clouds come not to bury open source, but rather to raise it. Enterprises are making waves Perhaps even more tellingly, mainstream enterprises are also getting religion on open source. Over a decade ago, Red Hat CEO Jim Whitehurst declared an open source emergency of sorts: The vast majority of software written today is written in enterprise and not for resale. And the vast majority of that is never actually used. The waste in IT software development is extraordinary.... Ultimately, for open source to provide value to all of our customers worldwide, we need to get our customers not only as users of open source products but truly engaged in open source and taking part in the development community. Since that declaration, things have gotten better. While it remains true that most enterprises aren’t deeply engaged in the open source development community, that’s changing. In 2017, just 32.7% of developers responding to Stack Overflow’s developer survey said they contribute to open source projects. By 2019, that number had jumped to 65%: The data is somewhat problematic, as the questions asked in the two years were different; in 2017 they didn’t ask how often developers contribute, as Lawrence Hecht has highlighted. Most developers who contribute to open source do so episodically, and less than once per month. Even so, it’s not hard to believe that the more companies get serious about becoming software companies, the more they’re going to encourage their developers to get involved in the open source communities upon which they depend. At the corporate level, such involvement might seem easier for new-school enterprises like Lyft, which are roiling old industries by open sourcing code and data to help foster their disruption. “But of course the new kids are doing that,” you say. Well, it’s not just the upstarts. Old-school enterprises like Home Depot host code on GitHub, while financial services companies like Capital One go even further, sponsoring open source events to help foster community around their proliferating projects. Or for an even more dramatic example of old-school embracing new lessons, consider that the Los Angeles Department of Transportation spawned the Open Mobility Foundation, with open source software designed to help manage the scooters, bikes, drones, rideshare, and autonomous vehicles zipping around cities. So, again, not everybody is doing it. Not yet. But far more organizations are involved in open source today than were back in 2008, when Whitehurst made his plea for greater enterprise involvement. Such involvement is happening both at the elite level (public clouds) and in more mainstream ways, ushering in a golden era of open source. Source:Matt Asay / InfoWorld
  7. Managed services and software optimized for Red Hat OpenShift and Linux aimed at helping enterprises move to the cloud. Image: IBM CEO Ginni Rometty with Red Hat CEO Jim Whitehurst It's only been three weeks since IBM closed its $34 billion takeover of Red Hat, and that was as long as the company was willing to wait until it announced its first joint products with the new subsidiary. According to IBM, it has already "transformed its software portfolio to be cloud-native and optimized it to run on Red Hat OpenShift." The new Cloud Paks are containerized software, specialized by workload and optimized to run on Red Hat's implementation of the open source container application platform OpenShift. They are meant to help enterprises move to the cloud. IBM also announced Red Hat OpenShift on IBM Cloud as a fully managed service and Red Hat OpenShift on IBM Z and LinuxONE for its mainframe customers. In addition, it's offering consulting and technology services for Red Hat, utilizing what it says is "one of the world's largest teams of Red Hat-certified consultants and more than 80,000 cloud application services practitioners" to help its customers move to cloud environments and maintain their cloud infrastructures once the move is made. "Red Hat is unlocking innovation with Linux-based technologies, including containers and Kubernetes, which have become the fundamental building blocks of hybrid cloud environments," Red Hat CEO Jim Whitehurst said in a statement. "This open hybrid cloud foundation is what enables the vision of any app, anywhere, anytime. Combined with IBM's strong industry expertise and supported by a vast ecosystem of passionate developers and partners, customers can create modern apps with the technologies of their choice and the flexibility to deploy in the best environment for the app -- whether that is on-premises or across multiple public clouds." The first five Cloud Paks out of the gate are: Cloud Pak for Data, which the company says will simplify and automate deriving insights from data while providing an open and extensible architecture to virtualize data for AI faster. Cloud Pak for Applications to help businesses modernize, build, deploy, and run applications. Cloud Pak for Integration of apps, data, cloud services, and APIs. Cloud Pak for Automation to help transform business processes, decisions, and content. Cloud Pak for Multicloud Management to provide multicloud visibility, governance, and automation. According to IBM, the Cloud Paks provide a common operating model and common set of services with a unified and intuitive dashboard. "IBM is unleashing its software from the data center to fuel the enterprise workload race to the cloud," Arvind Krishna, IBM's senior VP of cloud and cognitive software, said in a statement. "This will further position IBM the industry leader in the more than one-trillion-dollar hybrid cloud opportunity. We are providing the essential tools enterprises need to make their multi-year journey to cloud on common, open standards that can reach across clouds, across applications and across vendors with Red Hat." All in all, the company says the new software and services draw on more than 100 products from IBM's software portfolio that are optimized for Red Hat OpenShift and Red Hat Enterprise Linux. Source
  8. Israeli spyware from shadowy NSO has made plenty of headlines this year, most recently back in May when it was exposed as the culprit in a high-profile WhatsApp hack that had enabled nation-states to target specific phones, installing spyware through voice calls on both iPhone and Android devices whether or not a user answered an infected call. That hack was first exposed by the Financial Times, and the same newspaper has continued to investigate, publishing a report today (July 19) that exposes sales claims being made by NSO that "its [Pegasus] technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft." NSO has continually denied that it promotes mass-surveillance or unethical hacking, but, according to the FT, "it did not specifically deny that it had developed the capability," described in documents seen by the newspaper. Put simply, the latest revelation suggests that an infected phone will provide NSO's software with the authentication keys for the cloud services—including Google Drive, Facebook Messenger and iCloud—that can be accessed by that device. And given that smartphones have now become the individual entry points into our cloud-based world, the implications of this will raise serious concerns. The FT cites a claim in one of the sales documents that this all happens without "prompting 2-step verification or warning email on a target device." NSO's Pegasus software has been described as the most sophisticated spyware smartphone of its kind and has become a highly-prized export for the Israeli government to help the company market to foreign states. The fact that Israel has been accused of allowing sales of the technology to countries like Saudi Arabia and the UAE carries geopolitical interest given the context and the developing situation in the Middle East. Now, this latest report suggests that compromising data on a phone or using the phone as an eavesdropping endpoint, is not enough. The phone can be hacked to such an extent that it provides the keys to the entire digital kingdom—the cloud-based ecosystem within which it operates. According to the FT, Amazon claimed there was no evidence of such a hack having access to its systems, but assured—as did Facebook—that it would review the claims. Microsoft and Apple responded with assurances around the continually developing security features on their platforms. Google didn't comment. Meanwhile, NSO itself told the newspaper that "we do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure." But the FT cites an NSO sales pitch, seen by the newspaper and prepared for the Ugandan government, which claimed that "having access to a 'cloud endpoint' means eavesdroppers can reach 'far and above smartphone content', allowing information about a target to 'roll in' from multiple apps and services." Smartphone compromises have been a continual theme this year, with malicious apps lurking in the Google Play Store, the NSO WhatsApp vulnerability, an Android media jacking hack hitting both WhatsApp (again) and Telegram and even the current FaceApp "something from nothing" controversy. State-level hacking, though, is on an entirely different level. The sophistication applied by the governments of China, Russia, Iran and North Korea goes way beyond what is seen in the mass-market and which targets financial information and login credentials and user carelessness in the main. With NSO, there is a productized state-level hack and that is why is causes so much concern. The targets of such hacks are significantly better protected than casual smartphone users. In May, Amnesty International (along with other human rights groups) filed a lawsuit in Israel to revoke NSO's export license. The groups cited allegations that NSO software had been used by oppressive regimes to target human rights activists and journalists—including its use by Saudi Arabia on murdered journalist Jamal Khashoggi. NSO denies that its software played any part in tracking Khashoggi—the company’s CEO Shalev Hulio claimed that "Khashoggi was not targeted by any NSO product or technology, including listening, monitoring, location tracking and intelligence collection." There has always been a risk associated with the integration of cloud platforms and multiple endpoints. And this is it. If I trust a device to access an entire online world, if the device is compromised then so is the security associated with that entire world. The cloud platforms have played down the exposure here. But you can bet that behind the scenes there will be some serious meetings and planning sessions in California and Seattle later today. Source
  9. pCloud.com The popular service pCloud.com is a promising Swiss project that was successfully launched in 2013 and currently (by 2019) has more than 8 million active users. The service was conceived as a safe and reliable storage for both individuals and enterprises. For most people who are looking for cloud storage, the choice comes down to Dropbox, Google Drive or OneDrive. Although these services have their strengths, when it comes to privacy, none of them are trustworthy. On the contrary, pCloud has Swiss roots, does not analyze the data you upload and does not sell information about you to third parties. In addition, this service has an additional tool, pCloud Crypto, which allows you to set up private end-to-end encrypted folders and receive protection that none of the three kings of cloud storage provides. Save the folder in the cryptographic folder, and no one except you will have access to the decryption keys. Another important advantage of pCloud.com is that it works as a virtual hard disk and does not store files locally! Even at a free rate it is very convenient, especially for those who have a computer or little internal memory. And at a paid price you can get a virtual disk of 2 terabytes at an attractive price! This is incredible! In addition, there is the possibility of a monthly payment (in small quantities) and the purchase of a perpetual license. Would you like to get 2 terabytes for life? Under the terms of the service he is at least 99 years old, so, most likely, this will be enough for you Here you can win licenses. Prizes to win: 1st prize: a Premium Plus 2TB account for life (value of 350 EUR) 2nd prize: a Premium Plus account of 500 GB for life (value of 175 EUR) 3rd prize: a Premium Plus 2TB subscription account for one year (value of 95.88 EUR) You can participate with the email address of your free pCloud account or with a social network account. Watch the rules of the game! DURATION OF THE GAME: Start of the contest: 06.06.2019 - 10AM CET End of the contest: 16.06.2019 - 0AM CET Announcement of the winners: 17.06.2019 Enter here
  10. Yes, there are security ramifications to serverless computing With three in five enterprises now going or planning to go serverless, the attack surface widens. At least one in five organizations, 21%, have implemented serverless computing as part of their cloud-based infrastructure. That's the finding of a recent survey of 108 IT managers conducted by Datamation. Another 39% are planning or considering serverless resources. Photo: Joe McKendrick The question is, will serverless computing soon gain critical mass, used by a majority of enterprises? Along with this, what are the ramifications for security? Existing on-premises systems and applications -- you can call some of them "legacy" -- still require more traditional care and feeding. Even existing cloud-based applications are still structured around the more serverful mode of development and delivery. That's what many enterprises are dealing with now -- loads of traditional applications to manage even while they begin a transition to serverless mode. Again, even if applications or systems are in the cloud, that still is closer to traditional IT than serverless on the continuum, says Marc Feghali, founder and VP product management for Attivo Networks. "Traditional IT architectures use a server infrastructure, that requires managing the systems and services required for an application to function," he says. It doesn't matter if the servers happen to be on-premises or cloud-based. "The application must always be running, and the organization must spin up other instances of the application to handle more load which tends to be resource-intensive." Serverless architecture goes much deeper than traditional cloud arrangements, which are still modeled on the serverful model. Serverless, Feghali says, is more granular, "focusing instead on having the infrastructure provided by a third party, with the organization only providing the code for the applications broken down into functions that are hosted by the third party. This allows the application to scale based on function usage. It's more cost-effective since the third-party charges for how often the application uses the function, instead of having the application running all the time." How should the existing or legacy architecture be phased out? Is it an instant cut over, or should it be a more gradual migration? Feghali urges a gradual migration, paying close attention to security requirements. "There are specific use cases that will still require existing legacy architecture," and serverless computing "is constrained by performance requirements, resource limits, and security concerns," Feghali points out. The advantage serverless offers is that it "excels at reducing costs for compute. That being said, where feasible, one should gradually migrate over to serverless infrastructure to make sure it can handle the application requirements before phasing out the legacy infrastructure." Importantly, a serverless architecture calls for looking at security in new ways, says Feghali, "With the new service or solution, security frameworks need to be evaluated to see what new gaps and risks will present themselves. They will then need to reassess their controls and processes to refine them to address these new risk models." Security protocols and processes differ in a serverless environment. Namely, with the use of serverless computing, an enterprise's attack surface widens. "The attack surface is much larger as attackers can leverage every component of the application as an entry point," Feghali says, which includes "the application layer, code, dependencies, configurations and any cloud resources their application requires to run properly. There is no OS to worry about securing, but there is no way to install endpoint or network-level detection solutions such as antivirus or [intrusion protection or prevention systems[. This lack of visibility allows attackers to remain undetected as they leverage vulnerable functions for their attacks, whether to steal data or compromise certificates, keys, and credentials to access the organization." At this point, introducing the security measures needed to better protect serverless environments may add more cost and overhead, according to a study out of the University of California at Berkeley, led by Eric Jonas. "Serverless computing reshuffles security responsibilities, shifting many of them from the cloud user to the cloud provider without fundamentally changing them," their report states. "However, serverless computing must also grapple with the risks inherent in both application disaggregation multi-tenant resource sharing." One approach to securing serverless is "oblivious algorithms," the UC Berkeley team continues. "The tendency to decompose serverless applications into many small functions exacerbates this security exposure. While the primary security concern is from external attackers, the network patterns can be protected from employees by adopting oblivious algorithms. Unfortunately, these tend to have high overhead." Physical isolation of serverless resources and functions is another approach -- but this, of course, comes with premium pricing from cloud providers. Jonas and his team also see possibilities with generating very rapid instances of serverless functions. "The challenge in providing function-level sandboxing is to maintain a short startup time without caching the execution environments in a way that shares state between repeated function invocations. One possibility would be to locally snapshot the instances so that each function can start from clean state." Feghali's firm, Attivio Networks, focuses on adoption of "deception technologies" intended to provide greater visibility across the various components in a serverless stack, "as a way to understand when security controls are not working as they should, detect attacks that have by-passed them, and for notification of policy violations by insiders, suppliers, or external threat actors." The bottom line is handing over the keys of the server stack to a third-party cloud provider doesn't mean outsourcing security as well. Security needs to remain the enterprise customer's responsibility, because it is they who will need to answer in the event of a breach. Source
  11. Computer-maker's WebStorage software tied to malware attack from the BlackTech Group. Enlarge Jeremy Brooks / Flickr ASUS' update mechanism has once again been abused to install malware that backdoors PCs, researchers from Eset reported earlier this week. The researchers, who continue to investigate the incident, said they believe the attacks are the result of router-level man-in-the-middle attacks that exploit insecure HTTP connections between end users and ASUS servers, along with incomplete code-signing to validate the authenticity of received files before they're executed. Plead, as the malware is known, is the work of espionage hackers Trend Micro calls the BlackTech Group, which targets government agencies and private organizations in Asia. Last year, the group used legitimate code-signing certificates stolen from router-maker D-Link to cryptographically authenticate itself as trustworthy. Before that, the BlackTech Group used spear-phishing emails and vulnerable routers to serve as command-and-control servers for its malware. Late last month, Eset researchers noticed the BlackTech Group was using a new and unusual method to sneak Plead onto targets’ computers. The backdoor arrived in a file named ASUS Webstorage Upate.exe included in an update from ASUS. An analysis showed infections were being created and executed by AsusWSPanel.exe, which is a legitimate Windows process belonging to, and digitally signed by, ASUS WebStorage. As the name suggests, ASUS WebStorage is a cloud service the computer-maker offers for storing files. Eset published its findings on Tuesday. The abuse of legitimate AsusWSPanel.exe raised the possibility the computer-maker had fallen to yet another supply-chain attack that was hijacking its update process to install backdoors on end-user computers. Eventually, Eset researchers discounted that theory for three reasons: The same suspected update mechanism was also delivering legitimate ASUS WebStorage binaries There was no evidence ASUS WebStorage servers were being used as control servers or served malicious binaries, and The attackers used standalone malware files instead of incorporating their malicious wares inside ASUS’s legitimate software As the researchers considered alternative scenarios, they noted that ASUS WebStorage software is susceptible to man-in-the-middle attacks, in which hackers controlling a connection tamper with the data passing through it. The researchers made this determination because updates are requested and transferred using unencrypted HTTP connections, rather than HTTPS connections that are immune to such exploits. The researchers further noticed that the ASUS software didn’t validate its authenticity before executing. That left open the possibility the BlackTech Group was intercepting ASUS’ update process and using it to push the Plead instead of the legitimate ASUS file. The researchers also observed that most of the organizations that received the Plead file from ASUS WebStorage were using routers made by the same manufacturer. The routers, which Eset declined to identify while it’s still investigating the case, have administrator panels that are Internet accessible. That left open the possibility a MitM attack was being caused by malicious domain name systems settings being made to the routers or something more complex, such as tampering with iptables. Eset’s working theory then shifted from the BlackTech Group breaching ASUS’ network and performing a supply-chain attack to the attackers performing a MitM attack on ASUS’ insecure update mechanism. Indeed, as documented below in a screenshot of a captured communication during a malicious ASUS WebStorage software update, attackers replaced the legitimate ASUS URL with one from a compromised Taiwanese government website. Enlarge / A captured communication during a malicious update of the ASUS WebStorage software. In an email, Eset Senior Malware Researcher Anton Cherepanov said the captured communication isn't proof of a MitM. “It’s possible that attackers gained access to ASUS WebStorage servers and pushed XML with malicious link only to small number of computers," he wrote. That’s why we say it’s still possible. We can’t discount this theory.” But for the reasons listed above, he believes the MitM scenario is more likely. In all, Eset has counted about 20 computers receiving the malicious ASUS update, but that number includes only company customers. “The real number is probably higher if we consider targets that are not our users,” Anton Cherepanov, a senior malware researcher at Eset, told Ars. Once the file is executed, it downloads an image from a different server that contains an encrypted executable file hidden inside. Once decrypted, the malicious executable gets dropped into the Windows Start Menu folder, where it’s loaded each time the user logs in. It’s surprising that even after the serious supply-chain attack estimated to have infected as many as 1 million users, the company was still using unencrypted HTTP connections to deliver updates. Ars sent ASUS media representatives two messages seeking comment for this post. So far they have yet to respond. In a blog post sent over an unencrypted HTTP connection, ASUS reported a "WebStorage security incident" that reads: ASUS Cloud first learned of an incident in late April 2019, when we were contacted by a customer with a security concern. Upon learning of the incident, ASUS Cloud took immediate action to mitigate the attack by shutting down the ASUS WebStorage update server and halting the issuance of all ASUS WebStorage update notifications, thereby effectively stopping the attack. In response to this attack, ASUS Cloud has revamped the host architecture of the update server and has implemented security measures aimed at strengthening data protection. This will prevent similar attacks in the future. Nevertheless, ASUS Cloud strongly recommends that users of ASUS WebStorage services immediately run a complete virus scan to ensure the integrity of your personal data. The post doesn't say what those security measures are. It also makes no mention of Eset's finding that the service was abused to install malware. Until independent security experts say the site is safe to use, people would do well to avoid it. Source: Hackers abuse ASUS cloud service to install backdoor on users’ PCs (Ars Technica)
  12. Nvidia unwraps RTX and T4-based hardware and cloud instances GPU giant unveils new CUDA-X label for its software stack. Nvidia has taken the wraps off its next iteration of workstations for data scientists and users interested in machine learning, with a reference design featuring a pair of Quadro RTX GPUs. Announced at Nvidia GTC on Monday, the dual Quadro RTX 8000 or 6000 GPU design is slated to provide 260 teraflops, and have 96GB of memory available thanks to the use of NVLink. Signed up to provide the new, beefier workstations are Dell, HP, and Lenovo. On the server side, the company unveiled its RTX blade server, which can pack 40 GPUs into an 8U space, and is labelled as a RTX Server Pod when combined with 31 other RTX blade servers. All up, the RTX Server has 1,280 GPUs. The storage and networking backbone of the blade servers are provided by Mellanox -- which Nvidia purchased just shy of $7 billion last week. Speaking during his keynote, CEO Jensen Huang said Pods would be used to support the company's GeForce Now service, to which SoftBank and LG Uplus were announced as members of the GeForce Now Alliance, and its upcoming Omniverse collaboration product that Huang described as Google Docs for movie studios. For Tesla GPUs, T4 GPUs are being offered by Cisco, Dell EMC, Fujitsu, HPE, and Lenovo in machines that have been certified as Nvidia GPU Cloud-ready -- an award Nvidia launched in November that shows "demonstrated ability to excel in a full range of accelerated workloads", and are able to run containers put together by Nvidia for certain workloads. "The rapid adoption of T4 on the world's most popular business servers signals the start of a new modern era in enterprise computing -- one in which GPU acceleration has become standard," Nvidia vice president and general manager of Accelerated Computing Ian Buck said. In the cloud, users of Amazon Web Services (AWS) will soon be able to make use of Nvidia Tesla T4 GPUs with EC2 G4 instances, with general availability slated for the coming weeks, and a preview now open. AWS users will also be able to make use of T4s with Amazon Elastic Container Service for Kubernetes. The cloud giant already has support for Nvidia Tesla V100 on its P3 instances that can support up to 8 GPUs and 64 Intel Xeon CPUs. At the same time, Nvidia is repackaging its software stack and libraries to fall under the CUDA-X moniker, including RAPIDS, cuDNN, cuML, and TensorRT. Finally, Google Cloud ML and Microsoft Azure Machine Learning have integrated RAPIDS, which has been touted as being able to reduce network training times by a factor of 20. Source
  13. WebDrive Enterprise 12.22 Build 4228 (x86/x64) The File Transfer Client You Already Know How to Use. WebDrive makes accessing and editing files on corporate SFTP, WebDAV and SharePoint Servers as easy as editing any file on your computer. Easily update files on Amazon S3 or other cloud servers. Open, edit, save. It’s that simple. Features: WebDrive connects to many types of web servers, as well as servers in the cloud. You can use WebDrive to access your files on all of the following server types and protocols: FTP, Amazon S3, FTP over SSL, Google Drive, WebDAV, DropBox, WebDAV over SSL, OneDrive, SFTP, OneDrive for Business, SharePoint Homepage: http://www.southrivertech.com/ Download: x32: http://southrivertech.com/software/regsoft/webdrive/v12/webdrive32_12_22_4228_en.exe?utm_campaign=Web Drive Free Trial&utm_medium=Windows32bit&utm_source=Website x64: http://southrivertech.com/software/regsoft/webdrive/v12/webdrive64_12_22_4228_en.exe?utm_campaign=Web Drive Free Trial&utm_medium=Windows64bit&utm_source=website Medicine: Site: http://pastebin.com Sharecode[?]: /y9qeLTsz
  14. TheBig

    Air Explorer Pro v.2.3.0

    Air Explorer supports the best cloud servers: OneDrive, Google Drive, 4shared, Box, Dropbox, Mega, Copy, Mediafire, Yandex, Baidu y WebDAV. There are a lot of people who like to backup their most valuable documents on cloud servers, protected by a custom username and password.However, when you want to move or copy a file from one account to the other, you need to first login to the first account, download the file to your PC, then login to the second one and upload it. You can simplify this task by using Air Explorer, an app that allows you to browse through the data you store on several cloud servers with ease. Straightforward looks and neatly organized tabs -Air Explorer comes with a user-friendly GUI (graphical user interface) that makes it easy even for beginners to enter their credentials and connect their online account to this app. -In addition to exploring the files you store on your cloud servers, you can also search for a certain file throughout all your connected accounts within a dedicated tab, while another one allows you to synchronize two accounts. Browse data stored on Dropbox, Mega, OneDrive, Google Drive and others -In order to enjoy the functions of Air Explorer, you first need to connect the servers you regularly use to the app. More precisely, you can specify the username and password for one or several accounts, then download or upload files without any hassle. -Air Explorer supports a wide range of services, such as Dropbox, Box, Google Drive, OneDrive, Mega, Mediafire, WebDav and Yandex, and the login process is as straightforward as possible: enter the username and password, and you are done. Move files between accounts or encrypt all uploads -Due to Air Explorer, you can easily copy or move documents from one account to the one, with only a few mouse clicks - you can browse data in a two-panel mode, so you can easily select one or more files that you want to transfer. -Moroever, Air Explorer can also help you protect the security of your data by encrypting all the files you upload to the cloud - it goes without saying that you need to remember the password you use, otherwise you will not be able to access the files afterwards. -All in all, the application is a nifty app that can help you save a lot of time when it comes to browsing files you store in cloud accounts, as well as transfer them or sync local folders to online ones. Features Direct management of your files in the cloud Optionally Air Explorer can encrypt your files when you upload them to the cloud Sets up multiple accounts from the same server You can synchronize folders between any cloud or your computer Multiply your storage space by joining all your clouds Copy/Paste between cloud servers Pause and continue uploads and downloads Air Exlorer can share files Centralize search of your files across all the clouds Cloud file explorer easy to use Application available for Windows Thumbnail view of your pictures Drag'n drop files between your computer and the clouds Plugins system to add cloud servers Independent development of plugins Contact us if you want to develop or suggest a cloud plugin What's New! April 27, 2018-Added Naver Cloud (네이버 클라우드).-Updated HiDrive.-Updated OneDrive for Business.-Reduced memory usage in synchronizations.-New command line command to run a synchronization without saving it first, example:startsync local "C:\MyLocalFolder" MyBoxAccount "Folder1\SubFolder" Mirror /enablehashRun AirExplorerCmd.exe startsync for more help.-New command line parameter to send the output to a file: /logfile=It can include the macro {DATE} to include the current date in the log file name, for example: /logfile="C:\MyLogFolder\MyLogFile-{DATE}.txt"-Scheduled tasks can now have the macro {DATE} in the log file name, in this way one log file per day with the date in YYYYMMDD format will be created.-New option to start the synchronization automatically when the comparison finishes.-Scheduled tasks and command line commands only output the log to their log files, never to the default Air Explorer log file.-Fixed close synchronization window while comparing did not stop the comparison if done using the the X button.-To save memory only the latest 10000 log lines are kept in memory and shown in the log Window. To have the full log check the log file. HomepageOS: Windows XP / Vista / 7 / 8 / 8.1 / 10 (x86-x64)Language: MLMedicine: Patch (Pawel97).Size: 4,59 MB Download Offline Installer: http://www.airexplorer.net/downloads/AirExplorer-OnlineInstaller.exe Patch: Site: https://mega.nzSharecode[?]: /#!4Q9A1aQI!GYOEXSiS37WIodH0GNBa4HkS80BStgIPcumYtMiPjFA Cracked files: Site: https://mega.nzSharecode[?]: /#!JRFSWDqI!_ubGmMJXp_p8_PelrOsBGlv6bH8lL3XuheHsSzzIVkQ Air Explorer Pro 2.3.0 + Portable (Repack) (3.7MB) Site: https://mega.nzSharecode[?]: /#!NAsDyRDS!BwGD9Z6wRW5tUnoh7-z-C4KWwAabFAC__QWZ3zE5mDY
  15. https://go.microsoft.com/fwlink/p/?LinkId=248256 - Not updated regualrly - Old version v18.044.0301.0006 https://oneclient.sfx.ms/Win/Prod/18.044.0301.0006/OneDriveSetup.exe Changelog: v18.044.0301.0006 (Released March 26, 2018) Bug fixes to improve reliability and performance of the client. New features gradually rolling out to users: Added icon overlays to indicate folders that have been shared. Whenever the device connects to a metered network, OneDrive sync client now automatically pauses sync giving the user the ability to overwrite that behavior, if desired. Improvements to sync client user experience when users are attempting to sync file(s) that are locked by an application and cannot be synced. Now this state is more apparent and includes clear action around how to “unblock” the sync of those files. Right-clicking the OneDrive cloud now opens the context menu within the activity center.
  16. https://go.microsoft.com/fwlink/p/?LinkId=248256 - Not updated regualrly - Old version v18.025.0204.0009 - latest rolling out...... https://oneclient.sfx.ms/Win/Prod/18.025.0204.0009/OneDriveSetup.exe v18.025.0204.0007 - replaced with above build https://oneclient.sfx.ms/Win/Prod/18.025.0204.0007/OneDriveSetup.exe v17.005.0107.0008 - latest stable https://oneclient.sfx.ms/Win/Prod/17.005.0107.0008/OneDriveSetup.exe Changelog: v18.025.0204.0009 (Released March 2, 2018) Bug fix to internal logging needed by engineering team to investigate customer issues. v18.025.0204.0007 (Released February 27, 2018): New features and updates: Bug fixes to improve reliability and performance of the client. Users are notified when a large volume of files are deleted on their personal OneDrive. v17.005.0107.0008 (Released February 5, 2018): New features and updates: Bug fixes to improve reliability and performance of the client. Updated build version format to reflect changes to our engineering system. v17.3.7294.0108 (Released January 12, 2018): New features and updates: Bug fixes to improve reliability and performance of the client. Users can now sync SharePoint libraries with Information Rights Management (IRM) enabled. Learn more Users receive notifications in activity center when a file update cannot finish downloading while that file is locked by a local application. Bug fix to avoid prompting for elevation if user is not an admin. Bug fix to avoid issue preventing overlays from loading correctly in certain cases.
  17. Harry DS Alsyundawy

    ExpanDrive 6.1.10

    ExpanDrive - Network Drive for the Cloud Map or Mount Amazon Drive, Google Drive, Dropbox, Box, OneDrive, SFTP, WebDAV, S3 and more as a Network Drive. Seamless access to files without sync. ExpanDrive – Network Drive for SFTP, Dropbox, Google Drive, S3, OneDrive, Box, Amazon, Backblaze and more A network drive for the cloud Super fast instant uploads Cloud storage in every app Main Site : https://www.expandrive.com/ No Medicine Download : ExpanDrive for Windows ExpanDrive for Mac
  18. TheBig

    Air Explorer Pro 2.1.1

    Air Explorer Pro 2.1.1 Air Explorer supports the best cloud servers: OneDrive, Google Drive, 4shared, Box, Dropbox, Mega, Copy, Mediafire, Yandex, Baidu y WebDAV. Features Direct management of your files in the cloud Optionally Air Explorer can encrypt your files when you upload them to the cloud Sets up multiple accounts from the same server You can synchronize folders between any cloud or your computer Multiply your storage space by joining all your clouds Copy/Paste between cloud servers Pause and continue uploads and downloads Air Exlorer can share files Centralize search of your files across all the clouds Cloud file explorer easy to use Application available for Windows Thumbnail view of your pictures Drag'n drop files between your computer and the clouds Plugins system to add cloud servers Independent development of plugins Contact us if you want to develop or suggest a cloud plugin Chanlog for v2.1.1 -Two factor auth support for Mail.ru-Added hash synchronization support for Dropbox.-Fixed max 500 items in Mail.ru folders.-Hash synchronization option was not displayed correctly for saved tasks.-Filter and custom synchronization options were not displayed correctly for saved tasks.-Show the Air Explorer version in the logs.-Reduced the chances of getting max requests limit on Box.-Fixed uploading files to Mediafire.-Fixed saving synchronizations with accounts with the same name for the same cloud but different alias. Homepage: http://www.airexplorer.net/ Released Date: 2018-01-04 OS: Windows Language: Multilingual DOWNLOAD: ============= Installer (4.5 MB): http://www.airexplorer.net/downloads/AirExplorer-OnlineInstaller.exe ============= Fix (2.7 MB): Site: https://mega.nz Sharecode[?]: /#!pccgwaaT!vfcMSHBWdAbE-qGxr5yyu9_2bA2ChT2YXfaY7yeptJE =============== Air Explorer Pro 2.1.1 + Portable Repack By Thebig (3.6 MB) Site: https://mega.nz Sharecode[?]: /#!RcEUhRRT!aPxaQDhhp0pZaPDwt5ANlXLaXG4ST0J7JBy1UBgPtUg Repack Features: - Preactivated - Portable Included - All Languagues Included
  19. Microsoft OneDrive 17.3.7074.1023 https://go.microsoft.com/fwlink/p/?LinkId=248256 - Not updated yet https://oneclient.sfx.ms/Win/Prod/17.3.7074.1023/OneDriveSetup.exe Changelog: v17.3.7074.1023: New features and updates: Bug fixes to improve reliability and performance of the client. v17.3.7073.1013: New features and updates: Bug fixes to improve reliability and performance of the client. OneDrive Files On-Demand support for Windows Fall Creators Update (version 16299.15). Users are notified when a syncing library becomes read-only or when it becomes editable. New Group Policy to control which organizations are allowed to sign in to OneDrive. New Group Policy to control which organizations are blocked from signing in to OneDrive. New Group Policy for controlling maximum upload and download throughput. Preview: New Group Policy for silent account configuration.
  20. Maxthon Cloud Browser is a powerful web browser which has a highly customizable interface. The browser has multiple tools that make your web experience more enjoyable, such as resource sniffer, screen capture tool, night mode and cloud functionality. Key Features Include Unobtrusive UI: You can fully customize Maxthon Cloud Browser by adding, moving, swapping and changing the browser's tool bars, icons, menus, colours, skins, and layouts. Built-in Ad Hunter: This tool will block harmful ads, images and pages. The Filter packs will screen out offensive Web pages too. Plug-ins: More than 1,400 plug-ins are currently available for Maxthon Cloud Browser. Cloud Syncing and Cloud Push: Maxthon Cloud Browser has the ability to synchronize your bookmarks, tabs, options and your address bar and new-tab links, throughout all of your computers and mobile devices running the app. DOWNLOAD LINKS : http://www.maxthon.com/mx5/beta/
  21. Microsoft purchased the domain name Sway.com, which appears to be a cloud service -- CDN as per the report. The information was first discovered by Jamie Zoch of DotWeekly, who mentioned that Microsoft may launch a content delivery network service soon. There are several variations mentioned which points on what the domain name could be used for, including sway-CDN.com, sway-CDN.net, sway-INT.com and sway-INT.net. Surprisingly, the domain name currently redirects to Bing, with search results for the terms. Microsoft has a habit of doing this with every domain they register or acquire. "I think Microsoft is getting ready to launch the software pretty soon, or it isn’t likely that they would have revealed they were behind the purchase of the domain name yet. They have also set domain name servers," Zoch wrote. Along with the domain registration, the software giant also registered a trademark for Sway with a wide focus: computer software, computer application software, online computer software, and software as a service. It's a little hard to guess what sway.com will be used for, but cloud apps are a possibility since the company has been focusing on cloud apps since Nadella took the charge of the company. Source
  22. Cloud computing services are commonly used in cyberattacks, often to host a malicious payload which a victim is duped into clicking and downlading malware. But two researchers have shown that the cloud can harbour something even more alarming for cloud security – “legal zombies”, ready to rob the internet of gold. Using free cloud application hosting can allow an attacker to create a “free supercomputer” according to The Register‘s report – used to mine cryptocurrency, researcher Oscar Salazar warns – and he predicts cybercriminals will soon use this method, according to Tech Week Europe. Salazar’s attack relies on application-hosting services – many of which have highly lax sign-up procedures, Wired reported. Armed with a self-made list of fake email addresses, he was able to create a host of followers in the cloud, despite cloud security measures. With days the two researchers had legally created an army of 1,000 non-existent “customers” on sites offering cloud application services – and used this horde to mine cryptocurrency. At full power, the botnet earned $1,750 a week “on someone else’s electricity bill”, Ragan said. Cloud security – undead allowed in, no questions asked “We essentially built a supercomputer for free,” Ragan said. He, along with Salazar works as a researcher for the security consultancy Bishop Fox. “We’re definitely going to see more malicious activity coming out of these services.” Salazar and Ragar declined to reveal which of the 150 companies they tested allowed them entry – to prevent hackers following in their footsteps – but said that in some cases, the mining process was allowed to continue for weeks. “What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service.” No CAPTCHAS, no questions – is this cloud security? “A lot of these companies are startups trying to get as many users as quickly as possible,” says Salazar. “They’re not really thinking about defending against these kinds of attacks.” Worryingly, some of these companies use cloud services resold from Amazon – which may make mitigating certain forms of cyberattack more difficult. “Imagine a distributed denial-of-service attack where the incoming IP addresses are all from Google and Amazon,” Ragan said. “That becomes a challenge. You can’t blacklist that whole IP range.” The Register reports that the researchers admit that the technique ‘violates’ a lot of terms-of-service – and hence, the bots were cullled mercilessly after the experiment. Source
  23. Ponting

    Crystal Security v3.2.0.86

    Crystal Security is a cloud-based system that detects and removes malicious programs (malware) from your computer. Its technology provides fast detection against malware and lets you know about the changes on your computer in real time. Anti-Malware Crystal Security is an easy to use application that was created in order to help you quickly detect and remove malware that might affect your computer. Cloud Based The cloud based Crystal Security gathers data from millions of participating users systems around the world to help defend you from the very latest viruses and malware attacks. Freeware Cloud based malware detection, easy to use, user-friendly interface, automatic/manual updates, no installations, supports multiple languages and many other features. Screenshots Supported OS: Microsoft Windows XP, Vista,7, 8, 8.1, Server 2003, Server 2008 32/64-bit *Requires .NET Framework 3.5 Homepage: http://www.crystalsecurity.eu/ Download Link: http://www.crystalsecurity.eu/downloads/Crystal%20Security% Discussion thread: http://www.wilderssecurity.com/threads/crystal-security-discussion.317258/
  24. RealPlayer Cloud Final RealPlayer is the first product that integrates Real’s revolutionary new Harmony technology. RealPlayer enables consumers to buy and download music that plays on more than 100 portable devices, including the Apple iPod. RealPlayer is the only digital-media player you need for finding and downloading new music, playing and managing audio and video clips, and taking your digital entertainment with you. RealPlayer offers a streamlined interface that allows you to keep your media library close at hand. Keep all your digital-media clips organized in one place; save CD tracks with one click; pause and rewind live streams; transfer music to CDs and portable devices effortlessly; and enjoy clear, smooth video playback and multichannel, surround-sound support. Helix Powered RealPlayer is the all-in-one digital media player that lets you find anything and play everything. This popular streaming-media player offers improved video controls and access to 3200 radio stations. RealPlayer also includes an option during setup to install the Real Toolbar for Internet Explorer. With RealPlayer you get an improved graphic equalizer and media services, including a radio tuner and an artist and music guide. Meanwhile, the Take 5 news service can offer you daily sports updates. A contextual video search helps you find interviews with your favorite artists. The RealPlayer music store lets you buy music files. Finally, you can use the software to transfer files to CDs and portable devices Download Online Videos from Thousands of Web Sites RealPlayer® SP lets you download online video from thousands of Websites – free! Plus, one–click video downloading means more time spent watching and less time feeling technologically challenged. Convert Video RealPlayer SP has a built–in free video and media converter, so now you can copy and transfer your favorite online and personal videos to your iTunes library, cell phone, iPod, BlackBerry, Xbox or PS3 with ease. Share Videos on Facebook, Twitter and Email for Free RealPlayer SP helps build your social network and your video library. Free video sharing has never been this easy or versatile. With RealPlayer you simply download your video – then you’ve got the option of emailing it, posting it to your Facebook Profile, or adding the download to your Tweet on Twitter. Customize your message and you’re good to go. Burn Videos to DVD RealPlayer makes DVD burning easy. When it comes to DVD burning software, you want something that’s fast, easy to use and can burn audio and video DVDs. RealPlayer does all that – and more. Features Website: http://www.real.com/ OS: Windows XP / Vista / 7 / 8 Language: ML Medicine: Activator - Not Tested Size: 49,32 Mb.
  25. selesn777

    MEGAsync 1.0.19 Portable

    MEGAsync 1.0.19 Portable When we launched MEGA early 2013, global mass surveillance by rogue governments under the pretext of fighting terrorism was still a wild conjecture and its proponents were often touted as conspiracy theorists. Edward Snowden's revelations 137 days later fundamentally changed public attitudes and it became excruciatingly clear that security by policy^ we have access to your data, but we promise to keep it confidential and not misuse it") had not been good enough. Anything short of security by design ("we cannot gain access to your data without you being able to find out"), for which strong end-to-end encryption is an essential prerequisite, now seems grossly insufficient. MEGA was architected around the simple fact that cryptography, for it to be accepted and used, must not interfere with usability. MEGA is fully accessible without prior software installs and remains the only cloud storage provider with browser-based high-performance end-to-end encryption. The only visible signs of the crypto layer operating under MEGA's hood are the entropy collection during signup, the lack of a password reset feature and the novel (and browser-specific) ways file transfers are conducted. Today, millions of business and personal users rely on MEGA to securely and reliably store and serve petabytes of data and we believe that this success is the result of MEGA's low barrier to entry to a more secure cloud. Website: https://mega.co.nz/‎ OS: Windows XP / Vista / 7 / 8 / 8.1 Language: ML Size: 28,64 Mb.
  • Create New...