Jump to content

Search the Community

Showing results for tags 'computer'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 52 results

  1. malakai1911

    Comprehensive Security Guide

    Comprehensive Security Guide NOTE: As of 1/1/2019 this guide is out of date. Until parts are rewritten, consider the below for historical reference only. i. Foreword The primary purpose of this guide is to offer a concise list of best-of-breed software and advice on selected areas of computer security. The secondary purpose of this guide is to offer limited advice on other areas of security. The target audience is an intermediately skilled user of home computers. Computer software listed are the freeware versions when possible or have free versions available. If there are no free versions available for a particular product, it is noted with the "$" symbol. The guide is as well formatted as I could make it, within the confines of a message board post. ii. Table of Contents i. Foreword ii. Table of Contents 1. Physical Security a. Home b. Computer c. Personal 2. Network Security a. Hardware Firewall b. Software Firewall 3. Hardening Windows a. Pre-install Hardening b. Post-install Hardening c. Alternative Software d. Keep Windows Up-To-Date 4. Anti-Malware a. Anti-Virus b. HIPS / Proactive Defense c. Malware Removal 5. Information and Data Security a. Privacy / Anonymity b. Encryption c. Backup, Erasure and Recovery d. Access Control (Passwords, Security Tokens) 6. Conclusion 1. Physical Security I just wanted to touch on a few things in the realm of physical security, and you should investigate physical and personal security in places other than here. a. Home How would you break in to your own home? Take a close look at your perimeter security and work inwards. Make sure fences or gates aren't easy to climb over or bypass. The areas outside your home should be well lit, and motion sensor lights and walkway lights make nice additions to poorly lit areas. If possible, your home should have a security system featuring hardwired door and window sensors, motion detectors, and audible sirens (indoor and outdoor). Consider integrated smoke and carbon monoxide detectors for safety. Don't overlook monitoring services, so the police or fire department can be automatically called during an emergency. Invest in good locks for your home, I recommend Medeco and Schlage Primus locks highly. Both Medeco and Schlage Primus locks are pick-resistant, bump-proof, and have key control (restricted copying systems). Exterior doors should be made of steel or solid-core wood and each should have locking hardware (locking doorknob or handle), an auxiliary lock (mortise deadbolt) with a reinforced strike plate, and a chain. Consider a fireproof (and waterproof) safe for the storage of important documents and valuables. A small safe can be carried away during a robbery, and simply opened at another location later, so be sure and get a safe you can secure to a physical structure (in-wall, in-floor, or secured to something reasonably considered immovable). You may be able to hide or obscure the location of your safe in order to obtain some additional security, but don't make it cumbersome for yourself to access. b. Computer Computers are easy to just pick up and take away, so the only goal you should have is to deter crimes of opportunity. For desktop computers, you may bring your desktop somewhere and an attacker may not be interested in the entire computer, but perhaps just an expensive component (video card) or your data (hard drive), and for that I suggest a well-built case with a locking side and locking front panel. There are a variety of case security screws available (I like the ones from Enermax (UC-SST8) as they use a special tool), or you can use screws with less common bits (such as tamper resistant Torx screws) to secure side panels and computer components. There are also cable lock systems available for desktop computers to secure them to another object. For laptop computers, you are going to be primarily concerned about a grab-and-go type robbery. There are a variety of security cables available from Kensington, which lock into the Kensington lock slot found on nearly all laptops, which you can use to secure it to another object (a desk or table, for example). Remember though, even if it's locked to something with a cable, it doesn't make it theft-proof, so keep an eye on your belongings. c. Personal Always be aware of your surroundings. Use your judgment, if you feel an area or situation is unsafe, avoid it altogether or get away as quickly and safely as possible. Regarding hand to hand combat, consider a self-defense course. Don't screw around with traditional martial arts (Karate, Aikido, Kung-Fu), and stay away from a McDojo. You should consider self-defense techniques like Krav Maga if you are serious about self defense in a real life context. I generally don't advocate carrying a weapon on your person (besides the legal mess that may be involved with use of a weapon, even for self-defense, an attacker could wrestle away a weapon and use it against you). If you choose to carry any type of weapon on your person for self-defense, I advise you to take a training course (if applicable) and to check with and follow the laws within the jurisdiction you decide to possess or carry such weapons. Dealing with the Police Be sure to read Know Your Rights: What to Do If You're Stopped by the Police a guide by the ACLU, and apply it. Its advice is for within the jurisdiction of the US but may apply generally elsewhere, consult with a lawyer for legal advice. You should a;so watch the popular video "Don't talk to the police!" by Prof. James Duane of the Regent University Law School for helpful instructions on what to do and say when questioned by the police: (Mirror: regent.edu) Travelling Abroad Be sure and visit the State Department or Travel Office for your home country before embarking on a trip abroad. Read any travel warnings or advisories, and they are a wealth of information for travelers (offering guides, checklists, and travel advice): (US, UK, CA). 2. Network Security As this is a guide geared towards a home or home office network, the central theme of network security is going to be focused around having a hardware firewall behind your broadband modem, along with a software firewall installed on each client. Since broadband is a 24/7 connection to the internet, you are constantly at risk of attack, making both a hardware and software firewall absolutely essential. a. Hardware Firewall A hardware firewall (router) is very important. Consider the hardware firewall as your first line of defense. Unfortunately, routers (usually) aren't designed to block outbound attempts from trojans and viruses, which is why it is important to use a hardware firewall in conjunction with a software firewall. Be sure that the firewall you choose features SPI (Stateful Packet Inspection). Highly Recommended I recommend Wireless AC (802.11ac) equipment, as it is robust and widely available. Wireless AC is backwards compatible with the earlier Wireless N (802.11n) G (802.11g) and B (802.11b) standards. 802.11ac supports higher speeds and longer distances than the previous standards, making it highly attractive. I generally recommend wireless networking equipment from Ubiquiti or Asus. Use WPA2/WPA with AES if possible, and a passphrase with a minimum of 12 characters. If you are really paranoid, use a strong random password and remember to change it every so often. Alternatives A spare PC running SmoothWall or IPCop, with a pair of NIC's and a switch can be used to turn a PC into a fully functional firewall. b. Software Firewall A software firewall nicely compliments a hardware firewall such as those listed above. In addition to protecting you from inbound intrusion attempts, it also gives you a level of outbound security by acting as a gateway for applications looking to access the internet. Programs you want can access the internet, while ones you don't are blocked. Do not use multiple software firewalls simultaneously. You can actually make yourself less secure by running two or more software firewall products at once, as they can conflict with one another. Check out Matousec Firewall Challenge for a comparison of leak tests among top firewall vendors. Leaktests are an important way of testing outbound filtering effectiveness. Highly Recommended Comodo Internet Security Comodo is an easy to use, free firewall that provides top-notch security. I highly recommend this as a first choice firewall. While it includes Antivirus protection, I advise to install it as firewall-only and use an alternate Antivirus. Alternatives Agnitum Outpost Firewall Free A free personal firewall that is very secure. Be sure to check out the Outpost Firewall Forums, to search, and ask questions if you have any problems. Online Armor Personal Firewall Free Online Armor Personal Firewall makes another great choice for those who refuse to run Comodo or Outpost. Online Armor 3. Hardening Windows Windows can be made much more secure by updating its components, and changing security and privacy related settings. a. Pre-install Hardening Pre-install hardening has its primary focus on integrating the latest available service packs and security patches. Its secondary focus is applying whatever security setting tweaks you can integrate. By integrating patches and tweaks, you will be safer from the first boot. Step 1 - Take an original Windows disc (Windows 7 or later) and copy it to a folder on your hard drive so you can work with the install files. Step 2 - Slipstream the latest available service pack. Slipstreaming is a term for integrating the latest service pack into your copy of windows. Step 3 - Integrate the latest available post-service pack updates. This can be done with a utility such as nLite or vLite, and post-service pack updates may be available in an unofficial collection (such as the RyanVM Update Pack for XP). Step 4 - Use nLite (Windows 2000/XP) or vLite (Windows Vista/7) to customize your install. Remove unwanted components and services, and use the tweaks section of nLite/vLite to apply some security and cosmetic tweaks. Step 5 - Burn your newly customized CD, and install Windows. Do not connect the computer to a network until you install a software firewall and anti-virus. b. Post-Install Hardening If you have followed the pre-install hardening section, then your aim will be to tweak settings to further lock down windows. If you hadn't installed from a custom CD, you will need to first update to the latest service pack, then install incremental security patches to become current. After updating, you'll then disable unneeded Windows services, perform some security tweaks, and use software such as xpy to tweak privacy options. Disable Services Start by disabling unneeded or unnecessary services. By disabling services you will minimize potential security risks, and use fewer resources (which may make your system slightly faster). Some good guides on disabling unnecessary services are available at Smallvoid: Windows 2000 / Windows XP / Windows Vista. Some commonly disabled services: Alerter, Indexing, Messenger, Remote Registry, TCP/IP NetBIOS Helper, and Telnet. Security Tweaks I highly recommend using a strong Local Security Policy template as an easy way to tweak windows security options, followed by the registry. Use my template (security.inf) to easily tweak your install for enhanced security (Windows 2000/XP/Vista/7): 1. Save the following attachment: (Download Link Soon!) 2. Extract the files. 3. Apply the Security Policy automatically by running the included "install.bat" file. 4. (Optional) Apply your policy manually using the following command: [ secedit /configure /db secedit.sdb /cfg "C:\<Path To Security.inf>\<template>.inf" ] then refresh your policy using the following the command:[ secedit /refreshpolicy machine_policy ] (Windows 2000), [ gpupdate ] (Windows XP/Vista/7) This template will disable automatic ("administrative") windows shares, prevent anonymous log on access to system resources, disable (weak) LM Password Hashes and enable NTLMv2, disable DCOM, harden the Windows TCP/IP Stack, and much more. Unfortunately my template can't do everything, you will still need to disable NetBIOS over TCP (NetBT), enable Data Execution Prevention (AlwaysOn), and perform other manual tweaks that you may use. Privacy Tweaks xpy (Windows 2000/XP) and vispa (Windows Vista/7) These utilities are great for modifying privacy settings. They supersede XP AntiSpy because they include all of XP Anti-Spy's features and more. You should use them in conjunction with the security tweaks I've listed above. c. Alternative Software Another simple way of mitigating possible attack vectors is to use software that is engineered with better or open security processes. These products are generally more secure and offer more features then their Microsoft counterparts. Highly Recommended Google Chrome (Web Browser) Mozilla Thunderbird (Email Client) OpenOffice.org (Office Suite) Alternatives Mozilla Firefox (Web Browser) Google Docs (Online) (Office Suite) Firefox Additions Mozilla has a Privacy & Security add-on section. There are a variety of add-ons that may appeal to you (such as NoScript). And although these aren't strictly privacy related, I highly recommend the AdBlock Plus add-on, with the EasyList and EasyPrivacy filtersets. d. Keep Windows Up-To-Date Speaking of keeping up-to-date, do yourself a favor and upgrade to at least Windows XP (for older PC's) and Windows 7 (or later) for newer PC's. Be sure to keep up-to-date on your service packs, they're a comprehensive collection of security patches and updates, and some may add minor features. Microsoft Windows Service Packs Windows 2000 Service Pack 4 with Unofficial Security Rollup Package Windows XP Service Pack 3 with Unofficial Security Rollup Package Windows XP x64 Service Pack 2 with Unofficial Security Rollup Package Windows Vista Service Pack 2 Windows 7 Service Pack 1 Microsoft Office Service Packs Office 2000 Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office XP (2002) Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office 2003 Service Pack 3 with the Office 2007 Compatibility Pack (SP3) and Office File Validation add-in. Office 2007 Service Pack 3 with the Office File Validation add-in. Office 2010 Service Pack 1 After the service pack, you still need to keep up-to-date on incremental security patches. Windows supports Automatic Updates to automatically update itself. However, if you don't like Automatic Updates: You can use WindowsUpdate to update windows periodically (Must use IE5 or greater, must have BITS service enabled), or you can use MS Technet Security to search for and download patches individually, or you can use Autopatcher, an unofficial updating utility. In addition to security patches, remember to keep virus definitions up-to-date (modern virus scanners support automatic updates so this should not be a problem), and stay current with latest program versions and updates, including your replacement internet browser and mail clients. 4. Anti-Malware There are many dangers lurking on the internet. Trojans, viruses, spyware. If you are a veteran user of the internet, you've probably developed a sixth-sense when it comes to avoiding malware, but I advocate backing up common sense with reliable anti-malware software. a. Anti-Virus Picking a virus scanner is important, I highly recommend Nod32, but there are good alternatives these days. Check out AV Comparatives for a comparison of scanning effectiveness and speed among top AV vendors. Highly Recommended Nod32 Antivirus $ I recommend Nod32 as a non-free Antivirus. Features excellent detection rates and fast scanning speed. Nod32 has a great heuristic engine that is good at spotting unknown threats. Very resource-friendly and historically known for using less memory than other AV's. There is a 30 day free trial available. Alternatives Avira AntiVir Personal I recommend Avira as a free Antivirus. Avira is a free AV with excellent detection rates and fast scanning speed. (Kaspersky no longer recommended, due to espionage concerns.) Online-Scanners Single File Scanning Jotti Online Malware Scan or VirusTotal These scanners can run a single file through a large number of different Antivirus/Antimalware suites in order to improve detection rates. Highly recommended. Whole PC Scanning ESET Online Scanner Nod32 Online Antivirus is pretty good, ActiveX though, so IE only. There is a beta version available that works with Firefox and Opera. b. HIPS / Proactive Defense Host-based intrusion prevention systems (HIPS) work by disallowing malware from modifying critical parts of the Operating System without permission. Classic (behavioral) HIPS software will prompt the user for interaction before allowing certain system modifications, allowing you stop malware in its tracks, whereas Virtualization-based HIPS works primarily by sandboxing executables. Although HIPS is very effective, the additional setup and prompts are not worth the headache for novice users (which may take to just clicking 'allow' to everything and defeating the purpose altogether). I only recommend HIPS for intermediate or advanced users that require a high level of security. Highly Recommended I highly recommend firewall-integrated HIPS solutions. Comodo Defense+ is a classic HIPS built into Comodo Internet Security, and provides a very good level of protection. Outpost and Online Armor provide their own HIPS solutions, and the component control features of the firewalls are powerful enough to keep unwanted applications from bypassing or terminating the firewall. If you want to use a different HIPS, you can disable the firewall HIPS module and use an alternative below. Alternatives Stand-alone HIPS solutions are good for users who either don't like the firewall built-in HIPS (and disable the firewall HIPS), or use a firewall without HIPS features. HIPS based on Behavior (Classic) ThreatFire ThreatFire provides a strong, free behavioral HIPS that works well in conjunction with Antivirus and Firewall suites to provide additional protection. HIPS based on Virtualization DefenseWall HIPS $ DefenseWall is a strong and easy-to-use HIPS solution that uses sandboxing for applications that access the internet. GeSWall Freeware GeSWall makes a nice free addition to the HIPS category, like DefenseWall it also uses sandboxing for applications that access the internet. Dealing with Suspicious Executables You can run suspicious executables in a full featured Virtual Machine (such as VMware) or using a standalone sandbox utility (such as Sandboxie) if you are in doubt of what it may do (though, you may argue that you shouldn't be running executables you don't trust anyway). A more advanced approach to examining a suspicious executable is to run it through Anubis, a tool for analyzing the behavior of Windows executables. It displays a useful report with things the executable does (files read, registry modifications performed, etc.), which will give you insight as to how it works. c. Malware Removal I recommend running all malware removal utilities on-demand (not resident). With a firewall, virus scanner, HIPS, and some common sense, you won't usually get to the point of needing to remove malware... but sometimes things happen, perhaps unavoidably, and you'll need to remove some pretty nasty stuff from a computer. Highly Recommended Anti-Spyware Spybot Search & Destroy Spybot S&D has been around a long time, and is very effective in removing spyware and adware. I personally install and use both Spybot & Ad-Aware, but I believe that Spybot S&D has the current edge in overall detection and usability. Anti-Trojan Malwarebytes' Anti-Malware Malwarebytes has a good trojan detector here, and scans fast. Anti-Rootkit Rootkit Unhooker RKU is a very advanced rootkit detection utility. Alternatives Anti-Spyware Ad-Aware Free Edition Ad-Aware is a fine alternative to Spybot S&D, its scanning engine is slower but it is both effective and popular. Anti-Trojan a-squared (a2) Free a-squared is a highly reputable (and free) trojan scanner. Anti-Rootkit IceSword (Mirror) IceSword is one of the most capable and advanced rootkit detectors available. 5. Information and Data Security Data can be reasonably protected using encryption and a strong password, but you will never have complete and absolute anonymity on the internet as long as you have an IP address. a. Privacy / Anonymity Anonymity is elusive. Some of the following software can help you achieve a more anonymous internet experience, but you also must be vigilant in protecting your own personal information. If you use social networking sites, use privacy settings to restrict public access to your profile, and only 'friend' people you know in real life. Don't use (or make any references to) any of your aliases or anonymous handles on any websites that have any of your personal information (Facebook, Amazon, etc..). You should opt-out from information sharing individually for all banks and financial institutions you do business with using their privacy policy choices. You should opt-out of preapproved credit offers (US), unsolicited commercial mail and email (US, UK, CA), and put your phone numbers on the "Do Not Call" list (US, UK, CA). Highly Recommended Simply install and use Tor with Vidalia to surf the internet anonymously. It's free, only downside is it's not terribly fast, but has fairly good anonymity, so it's a tradeoff. Keep in mind its for anonymity not for security, so make sure sites you put passwords in are SSL encrypted (and have valid SSL certificates), and remember that all end point traffic can be sniffed. You can use the Torbutton extension for Firefox to easily toggle on/off anonymous browsing. POP3/IMAP and P2P software won't work through Tor, so keep that in mind. Portable Anonymous Browsing The Tor Project now has a "Zero-Install Bundle" which includes Portable Firefox and Tor with Vidalia to surf anonymously from a USB memory stick pretty much anywhere with the internet. It also includes Pidgin with OTR for encrypted IM communications. Note: These won't protect you from Trojans/Keyloggers/Viruses on insecure public terminals. Never type important passwords or login to important accounts on a public computer unless it is absolutely necessary! Alternatives I2P functions similar to Tor, allowing you to surf the general internet with anonymity. IPREDator $ is a VPN that can be used to anonymize P2P/BitTorrent downloads. Freenet is notable, but not for surfing the general internet, it's its own network with its own content. b. Encryption For most people, encryption may be unnecessary. But if you have a laptop, or any sort of sensitive data (whether it be trade secrets, corporate documents, legal or medical documents) then you can't beat the kind of protection that encryption will offer. There are a variety of options available today, including a lot of software not listed here. A word to the wise, please, please don't fall for snake oil, use well established applications that use time tested (and unbroken) ciphers. Regardless of what software you use, the following "what to pick" charts will apply universally. If you have to pick an encryption cipher: Best: AES (Rijndael) (128-bit block size) Better: Twofish (128-bit block size), Serpent (128-bit block size) Good: RC6 (128-bit block size) Depreciated: Blowfish (64-bit block size), CAST5 (CAST-128) (64-bit block size), Triple-DES (64-bit block size) When encrypting large volumes of data, it is important to pick a cipher that has a block size of at least 128-bytes. This affords you protection for up to 2^64x16 bytes (264 exabytes) . 64-bit block ciphers only afford protection of up to 2^32x8 bytes (32 gigabytes) so using it as a full disk or whole disk encryption cipher is not recommended. The depreciated list is only because some of you might be stuck using software that only supports older encryption methods, so I've ordered it from what I feel is best to worst (though all three that are on there are pretty time tested and if properly implemented, quite secure). If you have to pick a hash to use: Best: Whirlpool (512-bit) Better: SHA-512 (512-bit), SHA-256 (256-bit) Good: Tiger2/Tiger (192-bit), RIPEMD-160 (160-bit) Depreciated: RIPEMD-128, SHA-1, MD-5. With all the recent advances in cryptanalysis (specifically with work on hash collisions) These days I wouldn't trust any hash that is less than 160-bits on principle. To be on the safe side, use a 192-bit, 256-bit, or 512-bit hash where available. There will be cases where your only options are insecure hashes, in which case I've ordered the "depreciated" list from best to worst (they are all varying levels of insecure). Many older hashes (MD4, MD2, RIPEMD(original), and others) are totally broken, and are not to be used. A quick software rundown, these applications are popular and trusted: Highly Recommended Freeware Whole Disk Encryption TrueCrypt Based upon E4M, TrueCrypt is a full featured disk encryption suite, and can even be run off a USB memory stick. TrueCrypt supports the whole disk encryption of Windows, with pre-boot authentication. Very nice. If you can't use whole-disk encryption (WDE), you can use the TCTEMP add-on to encrypt your swapfile, temp files and print spooler, and you can use the TCGINA add-on to encrypt your windows home directory. (Note: TCTEMP/TCGINA is less secure than WDE, and only preferable if WDE is not an option. WDE is highly recommended.) Freeware PKI Encryption GnuPG (GPG) GnuPG provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, and encryption and decryption of documents and email messages. Freeware Email Encryption Enigmail Enigmail is truly a work of art, it integrates with GnuPG and provides seamless support for encryption and decryption of email messages, and can automatically check PGP signed documents for validity. (Enigmail requires both Mozilla Thunderbird and GnuPG) Alternatives Encryption Suite (with Whole Disk and Email Encryption) PGP Full Disk Encryption $ PGP provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, encryption and decryption of documents and email messages, volume disk encryption, whole disk encryption, outlook integration, and instant messenger encryption support. c. Backup, Erasure and Recovery // This section is under construction. Backups Your data might be safe from prying eyes, but what if you are affected by hardware failure, theft, flood or fire? Regular backups of your important data can help you recover from a disaster. You should consider encryption of your backups for enhanced security. Local Backup Cobian Backup Cobian Backup is a fully-featured freeware backup utility. SyncBack Freeware, Macrium Reflect Free SyncBack Freeware and Macrium Reflect Free are feature-limited freeware backup utilities. Off-site Backup SkyDrive (25GB, filesize limited to 100MB), box.net (5GB) SkyDrive and box.net offer free online storage, useful for easy offsite backups. Be sure to utilize encrypted containers for any sensitive documents. Data Destruction It would be better to have your data residing in an encrypted partition, but sometimes that may not be possible. When sanitizing a hard drive, I recommend using a quality Block Erase tool like DBAN followed by a run-through with ATA Secure Erase if you really want a drive squeaky clean. Block erasing is good for data you can normally reach, but ATA secure erase can hit areas of the drive block erasers can't. As for multiple overwrite passes, there is no proof that data overwritten even one time can be recovered by professional data recovery corporations. For moderate security, a single pseudorandom block-erase pass (random-write) followed by an ATA Secure Erase pass (zero-write) is sufficient to thwart any attempts at data recovery. For a high level of security, a "DoD Short (3 pass)" block-erase pass followed by an ATA Enhanced Secure Erase will ensure no recovery is possible. Single-File/Free Space Erase If you are interested in just erasing single files or wiping free space, you can use the Eraser utility. Block Erase For hard drive block-erasure, use DBAN. ATA Secure Erase For ATA Secure Erasing, use the CMRR Secure Erase Utility. CMRR Secure Erase Protocols (.pdf) http://cmrr.ucsd.edu...seProtocols.pdf NIST Guidelines for Media Sanitation (.pdf) - http://csrc.nist.gov...800-88_rev1.pdf File Recovery Software This is kind of the opposite of data destruction. Keep in mind no software utility can recover properly overwritten data, so if it's overwritten there is no recovery. Highly Recommended Recuva Recuva is an easy to use GUI-based recovery utility. Alternatives TestDisk and PhotoRec These tools are powerful command-line recovery utilities. TestDisk can recover partitions, and PhotoRec is for general file recovery. Ontrack EasyRecovery Professional $ EasyRecovery is one of the best paid utilites for file recovery. d. Access Control (Passwords, Security Tokens) // This section is under construction. Secure Passwords //Section under construction. Your security is only as strong as its weakest password. There are a few basic rules to follow when creating a strong password. Length - Passwords should be at least 12 characters long. When possible, use a password of 12 or more characters, or a "passphrase". If you are limited to using less than 12 characters, you should try and make your password as long as allowable. Complexity - Passwords should have an element of complexity, a combination of upper and lowercase characters, numbers, and symbols will make your passwords much harder to guess, and harder to bruteforce. Uniqueness - Passwords should avoid containing common dictionary words, names, birthdays, or any identification related to you (social security, drivers license, or phone numbers for example). Secret - If you have a password of the utmost importance, do not write it down. Do not type them in plain view of another person or share them with anyone. Avoid use of the same password in multiple places. Security Tokens Security Tokens are cryptographic devices that allow for two-factor authentication. Google Titan Yubikey 5 Series 6. Conclusion And here we are at the end! I would like to thank all of you for taking the time to read my guide, it's a few (slow) years in the making and I've kept it up to date. This guide is always changing, so check back from time to time. Revision 1.10.020 Copyright © 2004-2012 Malakai1911, All Rights Reserved The information contained within this guide is intended solely for the general information of the reader and is provided "as is" with absolutely no warranty expressed or implied. Any use of this material is at your own risk, its authors are not liable for any direct, special, indirect, consequential, or incidental damages or any damages of any kind. This guide is subject to change without notice. Windows_Security_Template__1.10.015_.zip
  2. Black Friday & Cyber Monday Giveaway! Digiarty is launching a grand giveaway to offer MacX DVD Ripper Pro for free ($29.95 valued) till December 10, 2018. Everyone is welcome to get a fully licensed copy for free with no strings attached! There are 500 licensed copies each day. First come first served! Backup and rip any DVDs to MP4, H.264, MPEG, etc for playback on iPhone, iPad, and Android devices. Only 5 minutes to digitize the DVD. 1:1 backup your disc to Mac computer. How to get: Head over to the page, enter a valid email address and then you can get the license code and setup of the program instantly by email. https://www.macxdvd.com/giveaway/giveaway.htm Please note that the license should be activated before December 10 and the giveaway version doesn't support a free upgrade. What's more: here they're holding a Black Friday Special offer, Save 70% to buy 3-in-1 MacX Media Management Suite. Backup any DVD in 5 minutes. Transcode 4K, HD videos for iOS, Android device. Download, record & edit video. Backup, transfer iPhone iPad data. All in 49.95$. https://www.macxdvd.com/special-offer/
  3. Japan's new cyber-security minister has dumbfounded his country by saying he has never used a computer. Yoshitaka Sakurada made the admission to a committee of lawmakers. "Since I was 25 years old and independent I have instructed my staff and secretaries. I have never used a computer in my life," he said, according to a translation by the Kyodo news agency. The 68-year-old was appointed to his post last month. His duties include overseeing cyber-defence preparations for the 2020 Olympic Games in Tokyo. A politician from the opposition Democratic Party, Masato Imai, whose question had prompted the admission, expressed surprise. "I find it unbelievable that someone who is responsible for cyber-security measures has never used a computer," he said. But Mr Sakurada responded that other officials had the necessary experience and he was confident there would not be a problem. However, his struggle to answer a follow-up question about whether USB drives were in use at the country's nuclear power stations caused further concern. The disclosure has been much discussed on social media where the reaction has been a mix of astonishment and hilarity, with some noting that at least it should mean Mr Sakurada would be hard to hack. Source
  4. Security researchers have discovered an interesting piece of malware that infects systems with either a cryptocurrency miner or ransomware, depending upon their configurations to decide which of the two schemes could be more profitable. While ransomware is a type of malware that locks your computer and prevents you from accessing the encrypted data until you pay a ransom to get the decryption key required to decrypt your files, cryptocurrency miners utilize infected system's CPU power to mine digital currencies. Both ransomware and cryptocurrency mining-based attacks have been the top threats so far this year and share many similarities such as both are non-sophisticated attacks, carried out for money against non-targeted users, and involve digital currency. However, since locking a computer for ransom doesn't always guarantee a payback in case victims have nothing essential to losing, in past months cybercriminals have shifted more towards fraudulent cryptocurrency mining as a method of extracting money using victims' computers. Researchers at Russian security firm Kaspersky Labs have discovered a new variant of Rakhni ransomware family, which has now been upgraded to include cryptocurrency mining capability as well. Written in Delphi programming language, the Rakhni malware is being spread using spear-phishing emails with an MS word file in the attachment, which if opened, prompts the victim to save the document and enable editing. The document includes a PDF icon, which if clicked, launches a malicious executable on the victim's computer and immediately displays a fake error message box upon execution, tricking victims into thinking that a system file required to open the document is missing. How Malware Decides What To Do However, in the background, the malware then performs many anti-VM and anti-sandbox checks to decide if it could infect the system without being caught. If all conditions are met, the malware then performs more checks to decide the final infection payload, i.e., ransomware or miner. 1.) Installs Ransomware—if the target system has a 'Bitcoin' folder in the AppData section. Before encrypting files with the RSA-1024 encryption algorithm, the malware terminates all processes that match a predefined list of popular applications and then displays a ransom note via a text file. 2.) Installs cryptocurrency miner—if 'Bitcoin' folder doesn't exist and the machine has more than two logical processors. If the system gets infected with a cryptocurrency miner, it uses MinerGate utility to mine Monero (XMR), Monero Original (XMO) and Dashcoin (DSH) cryptocurrencies in the background. Besides this, the malware uses CertMgr.exe utility to install fake root certificates that claim to have been issued by Microsoft Corporation and Adobe Systems Incorporated in an attempt to disguise the miner as a trusted process. 3.) Activates worm component—if there's no 'Bitcoin' folder and just one logical processor. This component helps the malware to copy itself to all the computers located in the local network using shared resources. Regardless of which infection is chosen, the malware performs a check if one of the listed antivirus processes is launched. If no AV process is found in the system, the malware will run several cmd commands in an attempt to disable Windows Defender. What's more? There's A Spyware Feature As Well This malware variant is targeting users primarily in Russia (95.5%), while a small number of infection has been noticed in Kazakhstan (1.36%), Ukraine (0.57%), Germany (0.49%), and India (0.41%) as well. The best way to prevent yourself from being a victim of such attacks in the first place is never to open suspicious files and links provided in an email. Also, always keep a good backup routine and updated anti-virus software in place. Source
  5. straycat19

    Sick Computer

  6. AMD recently unveiled something truly remarkable today – a server rack that has a total processing power of 1 PetaFLOPs. That’s 10 to the power of 15 floating point operations per second or 20 to the power of 15 half precision FLOPs. Here’s the kicker though: a decade ago in 2007, a computer of the same power would have required roughly 6000 square feet of area and thousands of processors to power. A decade ago, this would have been one of the most powerful supercomputers on Earth, and today, its a server rack. AMD’s Project 47 unveiled: 1 PetaFLOPs of single precision compute at 30 GFLOPs per watt and only single rack footprint The server rack, ahem supercomputer, named Project 47 is powered by 20x EPYC 7601 32 Core processors and around 80x Radeon Instinct GPUs. It supports around 10 TB of Samsung Memory and 20x Mellanox 100G cards as well as 1 switch. All of this is fitted into a server rack that is roughly the height of 1.25 Lisa Su’s with an energy efficiency of 30 GFLOPs per watt. That means the project 47 super computer consumes around 33,333 watts of electricity. Project 47 will be available from Inventec and their principal distributor AMAX sometime in Q4 of this year. Today at Capsaicin SIGGRAPH, AMD showcased what can be achieved when the world’s greatest server CPU is combined with the world’s greatest GPU, based on AMD’s revolutionary “Vega” architecture. Developed by AMD in collaboration with Inventec, Project 47 is based on Inventec’s P-series massively parallel computing platform, and is a rack designed to excel in a range of tasks, from graphics virtualization to machine intelligence. Back in 2007, you would have found the same power in a supercomputer called the IBM Roadrunner. This was a super computer project that was once the most powerful, well, super computer of its time and built by AMD and IBM for the Los Alamos National Laboratory. The cluster had 696 racks spanning an area of 6000 square feet and consumer 2,350,000 watts of electricity. The cluster consisted primarily of around 64,000 dual core Opteron CPUs and some accelerators. So basically in a little over 10 years, AMD has managed to make a system that consumes 98% less power and takes up 99.93% less space. We are not yet sure how much Project 47 will cost, but we are pretty sure it will be less than the US $100 Million cost of the original Roadrunner. If that isn’t the epitome of modern computational advances, I don’t know what is. So how exactly did AMD manage this feat? Well, usually when talking abut a decade, there are several node shrinks involved as well as architectural gains however, it is clear from the specifications that the rockstar of Project 47 isn’t the CPU, its the GPU. While AMD has progressed from the architecture of old of 2007, and the occasional node shrink excepted, the progress on the CPU front hasn’t been anywhere near as large to justify the simply ridiculous gains seen here. In fact, with 20 EPYC 7601 CPUs you are looking at a core count of just 640 cores which simply pales in comparison to the 128,000 cores in the original roadrunner. Since we certainly did not see IPC increase of 20000% it is clear that the star of the Project 47 is the Radeon Instinct GPU. With 80 Radeon Instincts inside the server rack, you can already account for roughly 960 TFLOPs (depending on the clock speed) already out of the 1000 TFLOPs that the P47 is rated at. With 128 PCIe lanes per CPU, the EPYC processors will act as the drivers of the Radeon Instinct and won’t actually handle the brunt of the load. So basically form an all-CPU based Roadrunner, we have come to P47, which is practically an all-GPU based show. It really speaks volumes for the bonkers growth in power we seen in the GPU department. The rapid scaling of core count, architectural gains and node shrinks have really ushered in a new era of computational power. Article source
  7. New Hampshire, Colorado and Virginia Top the List of States with Highest Malware Rates So Far in 2017 Computer users in New Hampshire were three times as likely to get a malware infection on their computers compared to the rest of the country. That's according to data released today by Enigma Software Group (ESG), makers of the SpyHunter anti-malware program. The ESG research team compiled their latest data based on more than 1.5 million infections detected on SpyHunter in all 50 states in the first six months of 2017. Surprisingly to some, it turns out that the infection rate in New Hampshire was 201% higher than the average infection rate for all 50 states. Colorado, Virginia, New Jersey, and Oregon were the next highest states. "It's hard to tell exactly why some states have higher infection rates than others," said ESG spokesperson Ryan Gerding. "In the top five alone, you've got east coast and west coast states, highly populated states and sparsely populated ones. Regardless of where you live, it's always important to stay vigilant for infections all the time." Infections can come in many forms. Some may be adware, which forces massive amounts of popup advertising to appear on your computer. Some may be rogue anti-spyware programs, which look like legitimate programs that promise to remove infections, but in reality are just taking your money without doing anything. Many people have seen headlines about ransomware, which can lock important files and hold them hostage unless a ransom is paid. However, the vast majority of files detected can be considered nuisance-ware. Those are potentially unwanted programs that change browser settings, switch your default search engine, install unwanted toolbars, and slow down performance. Other key findings from the ESG's mid-year infection analysis include: Overall infections have actually dropped on a monthly basis since January 2017. In June 2017, infections in the US were down 31% over infections in January. The experts at ESG believe that's due in part to users updating to more secure versions of their Windows operating system. On a city by city basis, Orlando, Denver, and St. Louis had the highest infection rates compared to other major cities in the U.S. Tennessee, Alabama, and Mississippi had the lowest infection rates in the first half of 2017. ESG offers the following tips to keep computers protected from all kinds of malware. Regularly backup your data. Ideally, you would use a physical back up (external hard drive connected to your computer) and a cloud backup. By backing up your hard drive, what whatever happens to your computer, you know your data is safe. Install a trusted malware removal software like SpyHunter, and set it to perform scans and updates automatically. Set your operating system to update automatically and regularly. It's tempting to click the button to 'update later' when a notification pops up. Still, it's always better to update your software as soon as possible. Think about that link. Be very wary of links sent to you in emails and social media messages. Crooks are getting much better at creating bogus messages that look like something legitimate (messages from friends, emails from retailers), but, actually, have malicious intent. Below is the full ranking of all 50 states and how much their infection rate differed from the national average in the first six months of 2017. New Hampshire 201% higher than the national average Colorado 143% higher than the national average Virginia 80% higher than the national average New Jersey 64% higher Oregon 25% higher New York 24% higher Montana 24% higher Missouri 23% higher Arizona 18% higher Maine 17% higher Wyoming 17% higher Arkansas 17% higher Wisconsin 14% higher Massachusetts 11% higher Georgia 10% higher North Dakota 8% higher Nevada 6% higher Nebraska 5% higher Rhode Island 5% higher Florida 3% higher South Dakota 3% higher Vermont 2% higher Washington 1% lower than the national average Iowa 1% lower than the national average Kansas 2% lower Ohio 3% lower Idaho 3% lower Pennsylvania 5% lower South Carolina 5% lower Illinois 6% lower Maryland 6% lower New Mexico 7% lower Texas 9% lower North Carolina 10% lower Alaska 10% lower Utah 16% lower Michigan 18% lower Kentucky 20% lower Louisiana 20% lower Oklahoma 21% lower West Virginia 24% lower Minnesota 27% lower Hawaii 30% lower California 30% lower Connecticut 31% lower Delaware 32% lower Indiana 35% lower Tennessee 47% lower Alabama 50% lower Mississippi 53% lower Article source
  8. People who have to work with computers in their daily lives and that covers most of us, have started to become aware of the injuries caused to the carpel tunnel by strenuous work on the keyboard. This injury is commonly known as the carpel tunnel syndrome and there is a simple way to avoid it – by taking some rest and stretching your arms every few hours. Just like your shoulders, back, neck and the arms, you should also take care of the eyes. Similar to the light exercises for preventing back bone problems or carpel tunnel syndrome, you can do give some rest to your eyes every now and then. And if you forget to do so, then CareUEyes can remind you without failure. CareUEyes is a special software designed to remind you of giving a periodic rest to your eyes. Moreover, this software is also capable of filtering the blue light emitted by the LED screens. By default, CareUEyes forces you to take 3 minutes rest every 45 minutes by locking your PC for 3 minutes. You can customize this timer, and change the duration of rest and the frequency at which it appears. It gives you a form of snooze function so that you can delay the rest for a few minutes. The blue light coming from your screen can disrupt your sleeping pattern. CareUEyes can automatically filter he blue light and make the screen look warmer and comfortable to the eyes, so that your eyes do not feel tired. You can choose many presets and customize them for the blue light setting such as normal, smart, office, game and night. There is another software similar to CareUEyes called f.lux which does an awesome job of changing the colors, gamma and the brightness, but the latter does not show you any reminders to take a break from your daily work and to give some rest to your eyes. Download CareUEyes from https://care-eyes.com/. Article source
  9. Taking PC security to a whole new level. Spy movies often depict captured agents biting into a cyanide pill for a quick and painless death, which is preferable to being tortured to extract top secret information. Likewise, what could be considered the most secure PC in the world comes with a self-destruct feature that eradicates all data from the storage device if someone tampers with it. That is just one of many security features baked into the Orwl PC. The Orwl is a compact, disc-shaped system that fits in the palm of your hand. It is loaded to the hilt with security features to keep your data safe. In fact, Orwl requires two-factor authentication, a physical key, and a password to power up. And that is just the beginning—the level of protection on this thing runs much deeper. Each Orwl PC comes with a unique key fob that uses near-field communication (NFC) to communicate with the system. Assuming you keep the key fob on your person, when you move more than 10 meters away from the PC it goes into lock mode. The processor is put to sleep, while access to the USB ports and HDMI output are all cut off. It becomes a useless system to intruders at that point—there is no way to side-load malicious software or extract data. Of course, the next step a bad guy would take is to dismantle the system and physically remove the storage drive. This is where the self-destruct feature comes into play. A series of sensors can detect when someone is physically tampering with the Orwl, even if the PC is unplugged. When that happens, it permanently erases the encryption key for its self-encrypting Intel SSD that sits inside. It is the equivalent of a cyanide pill, and it is only used as a last resort. Though small in size, Orwl is not cheap. Models range between $1,699 and $4,299 with your choice between Windows, Ubuntu, or Qubes OS. These systems ship with an Intel Core m7 processor (up to 1.2GHz) based on Skylake and featuring Intel HD Graphics 515, up to 8GB of LPDDR3-1600 RAM, and an encrypted SSD up to 480GB in capacity. Other features include 802.11ac Wi-Fi, Bluetooth LE 4.2, two USB 3.0 Type-C ports, and an HDMI port supporting 4K output. None of these are gaming-grade setups by any stretch, and most gamers probably do not need this level of security. Even so, it's nice to see that something like this exists. And who knows, maybe in time motherboard makers and OEMs will implement similar security options as standard features. In the meantime, Orwl systems can be preordered now and will be available at the end of August. Article source
  10. The people who grew up in the late 90’s and early 2000’s often miss the unique generation of PC games that dominated those times like the Diablo 1, Quake 1, Blood 1, Unreal Tournament 1, Need for Speed 2 and more. The problem is that even though they will really love to play these games once again just to have that nostalgia of their school days, their new computers do not permit them to run these very old games. These older games often use the very old versions of Microsoft DirectX (mostly the version 6.0 or 7.0) and since the modern version of DirectX has been completely remodeled, they just won’t run on newer computers. This is where a really very useful program DxWnd can help you out. This clever program can manipulate how the games connect with the DirectX installed on our modern PC making the games think they are still running on a relatively older Windows PC with older version of DirectX. You can start by launching DxWnd followed by adding the games to its window. To add the games, you can simply drag-n-drop the games EXE files on to the DxWnd window. For example, “Blood 2 : The Chosen” game has the EXE file Blood2.exe and you can drag-n-drop this on to the DxWnd window. As soon as you do this, a new window will open up where you can configure how DxWnd will handle playing this newly added game. In the configuration window, you can change the video settings, game resolution, input settings, DirectX settings, manipulating the DirectX version, DirectX & Direct3D tweaks, and customize which libraries (GDI or GDI+) to be loaded for a game. Most people will leave these settings at their default values. After this, you can launch the added games by double-clicking on their icons in the DxWnd window. The games will launch properly and will run as specified by the configurations you have set for them. Conclusion: DxWnd helps run older games on newer Windows computers by manipulating some of the DirectX related settings. For example, it can make the games think that your Windows 10 PC has DirectX 6.0 installed. You can download DxWnd from http://sourceforge.net/projects/dxwnd/ Article source
  11. Acronyms are the tech world’s favourite way to make interesting technology sound incredibly confusing. When hunting out a new PC or Laptop, the specifications will mention the type of CPU you can expect to find in the shiny new device. Frustratingly, they almost always fail to tell you why that’s so important. When faced with decisions between AMD and Intel, dual or quad-core, or i3 vs. i7, it can be hard to tell what the difference is and why it matters. Knowing which is best for you can be difficult, but we’re here to help you out. What Is A CPU? The Core Processing Unit (CPU) is often referred to as the brains of the computer. While the CPU only makes up one of many processing units, it is one of the most important. It is the part of a computer that performs calculations, actions, and runs programs. The CPU takes instructional inputs from the computer’s RAM, decodes and processes the action, before delivering an output. CPUs are in all sorts of devices ranging from computers and laptops, to smartphones, tablets, and smart TVs. The small and usually square chip is placed onto the device’s motherboard and interacts with the other hardware to operate your computer. If you want to dig a little deeper into computer mechanics, then a great place to start is J. Clark Scott’s book But How Do It Know? (UK). How Do They Work? There have been a lot of improvements over the years since the first CPUs came on the scene. Despite that, the basic function of the CPU has remained the same consisting of three steps; fetch, decode, and execute. Fetch Just as you may expect, fetching involves receiving an instruction. The instruction is represented as a series of numbers and is passed to the CPU from the RAM. Each instruction is only one small part of any operation, so the CPU needs to know which instruction comes next. The current instruction address is held by a program counter (PC). The PC and instructions are then placed into an Instruction Register (IR). The PC length is then increased to reference the next instruction’s address. Decode Once an instruction is fetched and stored in the IR, the CPU passes the instruction to a circuit called the instruction decoder. This converts the instruction into signals to be passed through to other parts of the CPU for action. Execute In the final step, the decoded instructions are sent to the relevant parts of the CPU to be completed. The results are usually written to a CPU register, where they can be referenced by later instructions. Think of it like the memory function on your calculator. How Many Cores? In the early days of computing a CPU would only have a single core. This meant that the CPU was limited to just a single set of tasks. This is one of the reasons that computing was often a relatively slow and time consuming, but world changing affair. After pushing the single-core CPU to its limits, manufacturers started looking for new ways to improve performance. This drive for performance improvements led to the creation of multi-core processors. These days it’s likely that you will hear terms thrown around like dual, quad, or even octo-core. A dual-core processor for example is really just two separate CPUs on a single chip. By increasing the amount of cores, CPUs were able to handle multiple processes simultaneously. This had the desired effect of increasing performance and reducing processing time. Dual-core soon gave way to quad-core processors with four CPUs, and even octo-core processors with eight. Add in hyper-threading and your computer can perform tasks as if they had up to 16 cores. Understanding The Specs Having a knowledge of the operation of a CPU alongside the differing brands and core numbers is helpful. However, there are a lot of options out there even with the same high-level specifications. There are some other specs that can help you decide between CPUs when it comes to time to buy. Mobile vs. Desktop Traditionally computers were large static electronic devices powered by a constant supply of electricity. However, the shift to mobile and the rise of the smartphone has meant that we essentially carry a computer with us everywhere we go. Mobile processors are optimized for efficiency and power consumption so the device’s battery lasts as long as possible. In their wisdom, manufacturers have taken to naming both their mobile and desktop processors the same thing but with a range of prefixes. This is despite them being different products. Mobile processor prefixes have “U” for ultra-low power, “HQ” for high performance graphics, and “HK” for high performance graphics with the ability to overclock. Desktop prefixes include “K” for ability to overclock,and “T” for optimized power. 32 or 64-bit A processor doesn’t receive a constant flow of data. Instead it receives the data in smaller chunks known as a “word.” The processor is limited by the amount of bits in a word. When 32-bit processors were first designed, it seemed like an incredibly large word size. Moore’s Law continued to hold, however, and suddenly computers could handle more than 4GB of RAM — leaving the door open for a new 64-bit processor. Thermal Power Design The Thermal Power Design is a measure of maximum power in Watts your CPU will consume. While a lower power consumption is clearly good for your electricity bills it can have another surprising benefit — less heat. CPU Socket Type In order to make up a fully-functioning computer, the CPU needs to be attached to the other components through the motherboard. When choosing a CPU you need to ensure that the CPU and motherboard socket types match. L2/L3 Cache The L2 and L3 cache is a speedy, on-board memory for the CPU to use during processing. The more you have of it, the faster your CPU will perform. Frequency The frequency refers to the operating speed of the processor. Before multi-core processors, frequency was the most important performance metric between different CPUs. Despite the addition of features, it is still an important specification to take into account. It is possible for a very fast dual-core CPU to outperform a slower quad-core CPU for example. The Brains of the Operation The CPU really is the brain of the computer. It performs all the tasks that we would typically associate with computing. Most of the other computer components are really there to support the operation of the CPU. The improvements made in processor technology including hyper-threading and multiple cores played a key part in the Technical Revolution. Being able to differentiate between an Intel i7 dual-core and an AMD X4 860K quad-core will make decision time that much easier. That’s not to mention potentially saving you money on overpowered hardware. However, despite their importance, there are many other ways to upgrade your PC too. Article source
  12. FIREBALL – The Chinese Malware of 250 Million Computers Infected See details here > FIREBALL – The Chinese Malware of 250 Million Computers Infected An invasive form of malware believed to be attached to a Chinese firm could spell "global catastrophe," according to the cybersecurity firm that discovered it. The software has the power to gain near-complete control of targets, including spying on files. Dubbed Fireball, the malware was found by researchers at Check Point Security. The team said its purpose is to hijack web traffic to generate fraudulent ad revenue. It also includes remote control features for downloading more malware in the future. Fireball has already infected over 250 million computers worldwide. When it embeds itself into a machine, it takes control of the web browsers and "turns them into zombies." The browsers end up acting on Fireball's behalf. While it's currently relatively innocuous, focusing on installing plugins to increase ad distribution, Check Point warned it could easily be modified to be more sinister. Because Fireball is so powerful, it can be expected it will soon be used as the basis of more serious attacks. It can execute any code it desires on the user's machine, allowing it to steal files, spy on login activity and download additional malware. Although it's currently seeing use only as a browser hijacker for money-making purposes, Check Point explained that the potential is there to do much more. "How severe is it? Try to imagine a pesticide armed with a nuclear bomb," the company said. "Yes, it can do the job, but it can also do much more." Fireball is created by a Chinese firm called Rafotech. It is believed it has managed to infect so many machines worldwide because it frequently comes bundled with other applications. Users inadvertently install the software by blindly clicking through prompts from other apps. Check Point said that Rafotech "carefully walks along the edge of legitimacy." The company purports to offer search and marketing services but many of its products appear to be fake or hijacking tools. In a curious coincidence, Rafotech's website proudly advertises that it reaches "300 million users," a similar feature to Fireball's global reach. According to Check Point, Rafotech has the capability to "initiate a global catastrophe." If the company chose to use all of its software's capabilities, it could extract data from over 250 million PCs worldwide. Around 20% of the total Fireball installations are on corporate networks. It would be able to steal and sell sensitive documents, banking details and medical files. If it wanted, it could instruct Fireball to download ransomware utilities, allowing it to extort money from businesses around the globe. Even if Rafotech itself remains content to settle in the grey area of shady bundled software, there are already many similar browser hijackers in existence. Check Point found that Beijing-based ELEX Technology produces a series of products that may be related to Fireball. It is suspected that ELEX Technology and Rafotech are in some way related. Even if they're not directly under the same leadership, they appear to be aiding each other's distribution of browser hijacking utilities. This suggests there are at least two collaborators with potentially unhindered access to a quarter of a billion computers worldwide. Check Point said Fireball represents a "great threat" to global cybersecurity and could be the largest infection campaign in history. While its current intentions don't appear to be strongly malicious, there's nothing stopping its creators from embarking on a very different campaign. The distribution also presents other risks – if external hackers obtained the software, they could republish it themselves and unlock all its capabilities. Article source
  13. However high-end a PC might be, it’s pretty common for Windows users to start complaining at some point about the sluggishness of the system. In some cases, the problem might be due to low specced hardware, but in many cases it turns out to be something else. Like most things in this world, Windows needs to be taken good care of and serviced regularly. No matter if you’re are a newbie or a veteran, your Windows system will eventually run into issues that are not usually easy thing to diagnose. When this happens, you have the option of hiring someone to troubleshoot the problem for you, but this should be your last resort. You always have a better alternative, so why pay someone to fix the trouble when you can easily figure out the issue on your own using tools you can download for free? We strongly recommend giving these following diagnostics tools and software for monitoring system performance a chance first. You might be surprised by how much you will be able to resolve using them! The best PC performance monitoring tools CPU-Z CPU-Z is a cool program that scans your system for internal hardware configurations. It’s a must have if you ever plan on upgrading your PC and want to avoid incompatibility issues. This tool is also useful when you forget which components you have installed, which can be the case when you build your own PC. It will also help verify the components when you’re buying a used PC from someone you may not trust completely. Performance Monitor As in older versions of Windows, Windows 10 has a Performance Monitor,but this time it’s in the form of an application. Once you launch it, you just have to look at the sidebar and under Monitoring Tools, you should find the Performance Monitor. By default, it will only show “%Processor Time” which will display how much of your system is used at any given time. You’re able to add more Counters including energy used, disk usage, paging file size, search index size and more. Speccy This is one of the best tools available for letting know about CPU and GPU temperature, for free. If you choose to buy it, you’ll be able to enjoy more features. It supports all the sensors integrated on your PC and it detects data accurately by using them. Open Hardware Monitor This one is free open source software that will help you monitor the temperature of your CPU and GPU. If you hate the issues that might come up when using this sort of tool, then this is your best bet. In addition, its interface is very simple and plain. CrystalDiskInfo If you ever wondered if your hard drive or solid state drive is in the best possible condition, you probably know by now how difficult this information is to find considering how new SSDs can die before you get a chance to figure out what’s wrong. CrystalDiskInfo can become your best friend in such cases. This tool will give you a complete overview of the state of all your data drives like HDDs, SSDs, and USB drives. Details will include temperature, uptime, start-up time, error states, and more. It will also calculate the overall Health Status. Windows Resource Monitor Windows has a feature called the Resource Monitor implemented back in Vista. You’d have to launch it through the Task Manager, but now it’s a separate app in Windows 10 and you can launch it via the Start menu. Resource Monitor is an advanced way to view real-time data about your entire system and is usually used together with Performance Monitor. However, it’s mostly used for viewing process details and memory usage. LeeLu Monitors AIO If you are not satisfied with the built-in Windows perform tool, that this one is your best pick. This monitoring tool can help you track folders, registry files and memory files on your system. The package contains more utilities to help you check folders and it issues warnings when the faulty activities exceed a certain number of times. Wise System Monitor This is one of the best system monitoring tools out now, offering you a simple and quick way of monitoring the memory usage, CPU usage and all the related processes running with the hardware components installed in your PC. It lets you know what is consuming the system’s resources and which part of the PC is overheating. HW Monitor Most of the programs that we have listed above will work perfectly if you are a regular user. But in case you’re a gamer and you really need to know the stats of your gaming rig, this will turn out to be the best tool for your needs. It monitors PC systems primary health sensors, displaying CPU temperature, power consumption, mainboard voltage, fan speeds, GPU voltage and other related details. EnhanceMySe7ev Free This is a tweaking and system enhancement program that allows you to see the system information of your PC and the current temperature of the CPU and GPU. The tool will show the minimum and the maximum temperature of your processor along with other vital information such as fan speed. In addition, you’ll enjoy some utility features including disk defragment, registry cleaning, start up manager and more. CPU Thermometer This is another tiny tool that can easily determine the temperature of your system with a basic and simple interface. You can find out the current temperature of each core and also the percentage of load, as well, along with changing the units of temperature. We hope that you find all these monitoring tools useful. You probably will not need all of them, so pick the ones that seem the most valuable to you for maintaining your Windows PC. Article source
  14. When it comes to Android, people often think of it as an operating system for mobile devices like smartphones or tablets. But the recent versions of Android have the same features as any other modern operating system. This is why the developers the Phoenix OS have designed this operating system based on Android to work on all the computers that support Intel x86 instructions. Phoenix OS is actually based on the open-source Android-x86 project that we have posted about previously in another article : how to install Android in Virtual Box. But Android-x86 is based on the stock version of Android. The Phoenix OS enhances Android-x86 and makes it much more like an operating system for PC. Easy installation on any PC Phoenix OS downloads are offered in two versions – one based on Android 5.1 Lollipop and another based on Android 7.1 Nougat. The latter version is the latest version of Android available from AOSP (Android Open Source Project). Both of these versions are offered in the ISO format as well as the EXE format. The benefit of the ISO file is that you can burn it on to a blank CD/DVD and then boot from it to install on any PC. Since the requirement for Phoenix OS is not that high (only 2 GB RAM), it can be installed on any PC manufactured or assembled in the last 8 years. Familiar desktop PC experience After the installation, you will see the expected Android start up screen and will have to login using existing Google account. When it finishes loading everything, you will see a desktop operating system complete with features that you use in Windows like the start menu, notification center and a taskbar. You can install apps as usual and access them shortcuts in start menu or desktop. Switch between Phoenix OS and Stock Android Phoenix OS offers a special feature called OS Switch which allows the user to switch back and forth between the Phoenix OS interface or the stock Android interface. You can access this feature from the start menu in Phoenix OS or from the home screen in Android. This can provide a great user experience and compatibility with different apps. Conclusion: Phoenix OS as an Android-x86 based operating system that can be installed on any PC that supports Intel x86 based instructions. It provides a complete desktop operating system experience built with the power of Android. You can download Phoenix OS from http://www.phoenixos.com/download_x86. Article source Other article: How to Run Android on Your Computer
  15. This article explains how to automatically clear clipboard when the computer is idle. This can be done easily using a free software, called “Clipboard Auto-Clear“. Using this software, you can set the idle time for 5 seconds, 10 seconds, 15 seconds, or 20 seconds. After that, whatever is copied to the clipboard is wiped out automatically. Normally, when we copy something on the clipboard, it remains there until we copy something else. But, using this software, the clipboard content is cleared automatically when computer remains idle for the specified time. You can choose only pre-defined time intervals as there is no option to set custom time interval. Still, the software is good as it helps to clear the clipboard automatically when PC is idle for specified seconds. The recording above shows copied content was cleared from the clipboard automatically after 5 seconds. All it was made possible using this software. How to Automatically Clear Clipboard When Computer Is Idle? Get the setup of this software. You can use this link to access the homepage and grab the setup. After installation, run the software and its small interface will be in front of you. This is the main interface of this software visible in the screenshot below. There are only two options: set the PC idle time and Start the software automatically when Windows starts (choose Yes or No). You can set idle time for 5, 10, 15, or 20 seconds. That’s it! Now you can minimize this software in the system tray. When you will copy something, it will be cleared from the clipboard automatically based on the PC idle time. I must say the software works very well. It is so because if you will move mouse cursor a bit, it will count the idle time again from the starting. So, clipboard item(s) will be cleared only when the computer is actually idle. You may also try some best free clipboard managers covered by us. The Verdict: There are some cases when it is actually good to keep the clipboard cleared. For example, to avoid pasting clipboard content accidentally, for security purpose, etc. This software is handy for such cases. I really wish it would have provided the option to set the custom idle time, but it is not available. Clipboard Auto-Clear Article source
  16. Product keys are becoming less and less common these days, but if you have a piece of software on your computer—and can’t find its product key—this simple program can help you extract it. NirSoft’s ProduKey lets you view product keys for Windows, Microsoft Office, and many other software programs. It can show the keys from the current computer, or you can use it to view the keys stored on a broken computer’s hard drive. How to Recover Keys From a Working Computer Download the ProduKey archive from this page and run the ProduKey.exe file. You’ll see the product key for your Windows installation as well as other applications installed on your system, including Microsoft Office, Visual Studio, MIcrosoft Exchange Server, Microsoft SQL Server, and some Adobe and Autodesk products. If your computer comes with a Windows 10 or 8 key embedded in its UEFI firmware, it will be displayed as a “Windows (BIOS OEM Key)” here. This key is stored on your computer’s motherboard and Windows will automatically use it whenever you installed Windows on your PC. You don’t need to back it up or write it down. Write down any product keys you want to keep and store them in a safe place. It’s that easy! How to Recover Keys From a Separate Hard Drive If you have a computer that won’t boot, you can recover its keys as long as the hard drive still works. You just need to remove the drive, connect it to a functional computer, and point ProduKey at it. If you’d like to do this, you’ll need to shut down the broken computer, open it up, and remove its internal drive. This will be easier on some computers than others—for example, many laptops aren’t designed to be easily opened, while desktops generally are. You can then insert the drive into an internal drive bay on a working computer, or use an SATA hard drive docking station, like the one shown below. Whatever option you choose, once the drive is plugged in and appears in Windows, go ahead and run ProduKey, just like you would on a functioning computer described in the previous section. Click File > Select Source to choose the secondary drive. In the Select Source window, select “Load the product keys from external Windows directory” and point it at the Windows directory on the drive from the other PC. For example, if the other PC’s drive is D:, you’ll need to point it at D:\Windows. ProduKey will then display the keys from the other computer’s drive, and not the keys in use on the current computer. How to Recover Keys Without Removing a Computer’s Drive First Lastly, if you can’t—or just don’t want to—physically remove the drive from the first computer, you could instead use a Linux live USB drive to copy the files from that drive, and then examine them with ProduKey on another computer. Generally, we think it’s easier to just remove the drive, but this will work as an alternative. To do this, you’ll first need to create yourself a live Linux drive. For example, you can create a Ubuntu drive. To do this, you’ll need to download a Ubuntu ISO and download the Rufus tool for Windows. Warning: The USB drive you turn into a live Linux drive will be erased. Back up any important files on it first. Once you have both, connect a USB drive and launch Rufus. Select your USB drive, pick the FAT32 file system, and check the “Create a bootable disk using” box. Click the button to the right of it and select the Ubuntu ISO image you downloaded. Click “Start” and agree to download the Syslinux software. Select “Write in ISO image mode (Recommended)” and agree to wipe the data on the disk when you’re asked. When the disk is created, you can connect the USB drive to your broken computer and boot from it. You may just need to insert the drive, boot it up, and the computer will start from the USB drive. Or, you may have to tweak the boot order or use a boot options menu. When Ubuntu boots, open a file manager window by clicking the drive icon on the panel. Locate your Windows drive and navigate to C:\Windows\system32\ . Right-click the “config” folder and select “Copy”. Connect another external USB drive to your computer and copy the config folder to it. Take the drive containing the “config” folder to another computer running Windows. You’ll need to recreate the directory structure. Create a “Windows” folder and then create a “system32” folder inside it. Copy the “config” folder into the system32 folder. Launch ProduKey, click File > Select Source, and select the Windows folder you just created. You can’t just point it at the config folder directly. ProduKey will then show you the product keys from the config folder you copied over. Credit to
  17. The perils of leaving computers unattended is about to get worse. The perils of leaving computers unattended just got worse, thanks to a newly released exploit tool that takes only 30 seconds to install a privacy-invading backdoor, even when the machine is locked with a strong password. PoisonTap, as the tool has been dubbed, runs freely available software on a $5/£4 Raspberry Pi Zero device. Once the payment card-sized computer is plugged into a computer's USB slot, it intercepts all unencrypted Web traffic, including any authentication cookies used to log in to private accounts. PoisonTap then sends that data to a server under the attacker's control. The hack also installs a backdoor that makes the owner's Web browser and local network remotely controllable by the attacker. PoisonTap is the latest creation of Samy Kamkar, the engineer behind a long line of low-cost hacks, including a password-pilfering keylogger disguised as a USB charger, a key-sized dongle that jimmies open electronically locked cars and garages, and a DIY stalker app that mined Google Streetview. While inspiring for their creativity and elegance, Kamkar's inventions also underscore the security and privacy tradeoffs that arise from an increasingly computerized world. PoisonTap continues this cautionary theme by challenging the practice of password-protecting an unattended computer rather than shutting it off or, a safer bet still, toting it to the restroom or lunch room. Kamkar told Ars: The primary motivation is to demonstrate that even on a password-protected computer running off of a WPA2 Wi-Fi, your system and network can still be attacked quickly and easily. Existing non-HTTPS website credentials can be stolen, and, in fact, cookies from HTTPS sites that did not properly set the 'secure' flag on the cookie can also be siphoned. Unsecured home or office routers are similarly at risk. Kamkar has published the PoisonTap source code and additional technical details here and has also released the following video demonstration: PoisonTap - exploiting locked machines w/ Raspberry Pi Zero. Once the device is inserted in a locked Mac or PC (Kamkar said he hasn't tested PoisonTap on a Linux machine), it surreptitiously poisons the browser cache with malicious code that lives on well after the tool is removed. That makes the hack ideal for infecting computers while they are only briefly unattended. Here's how it works. Once the PoisonTap software is installed, the Raspberry Pi device becomes a miniature Linux computer that presents itself as an Ethernet network. Like a router, it's responsible for allocating IP addresses for the local network through the dynamic host configuration protocol. In the process, the device becomes the gateway for sending and receiving traffic flowing over the local network. In this sense, PoisonTap is similar to a USB exploit tool demonstrated in September that stole login credentials from locked PCs and Macs. Through a clever hack, however, PoisonTap is able to become the gateway for all Internet traffic as well. It does this by defining the local network to include the entire IPv4 address space. With that, the device has the ability to monitor and control all unencrypted traffic the locked computer sends or receives over its network connection. PoisonTap then searches the locked computer for a Web browser running in the background with an open page. When it finds one, the device injects HTML iframe tags into the page that connect to the top 1 million sites ranked by Alexa. Because PoisonTap masquerades as the HTTP server for each site, the hack is able to receive, store, and upload any non-encrypted authentication cookies the computer uses to log in to any of those sites. Given its highly privileged man-in-the-middle position, PoisonTap can also install backdoors that make both the Web browser and connected router remotely accessible to the attacker. To expose the browser, the hack leaves a combination of HTML and JavaScript in the browser cache that produces a persistent WebSocket. PoisonTap uses what's known as a DNS rebinding attack to give remote access to a router. That means attackers can use PoisonTap to remotely access a browser as it connects to a website or to gain administrative control over the connected router. Attackers still must overcome any password protections safeguarding an exposed router. But given the large number of unpatched authentication bypass vulnerabilities or default credentials that are never changed, such protections often don't pose much of an obstacle. PoisonTap challenges a tradition that can be found in almost any home or office—the age-old practice of briefly leaving a locked computer unattended. And for that reason, the ease and thoroughness of the hack may be understandably unsettling for some people. Still, several safeguards can significantly lower the threat posed by the hack. The first is to, whenever possible, use sites that are protected by HTTPS encryption and the transmission of secure cookies to prevent log-in credentials from being intercepted. A measure known as HTTP Strict Transport Security is better still, because it prevents attack techniques that attempt to downgrade HTTPS connections to unsecured HTTP. As a result, neither Google nor Facebook pages can be triggered by computers infected by PoisonTap. Sadly, multi-factor authentication isn't likely to provide much protection because it generally isn't triggered by credentials provided in authentication cookies. End users, meanwhile, should at a minimum close their browsers before locking their computer or, if they're on a Mac, be sure to enable FileVault2 and put their machine to sleep before walking away, since browsers are unable to make requests in such cases. Regularly flushing browser caches is also a sound, albeit imperfect, measure. For the truly paranoid, it may make more sense to simply bring laptops along or to turn off machines altogether. Article source
  18. Dmitry Ponomarev, professor of computer science at Binghamton University, State University of New York, is the principal investigator of a project titled 'Practical Hardware-Assisted Always-On Malware Detection.' Credit: Jonathan Cohen/Binghamton University Fighting computer viruses isn't just for software anymore. Binghamton University researchers will use a grant from the National Science Foundation to study how hardware can help protect computers too. "The impact will potentially be felt in all computing domains, from mobile to clouds," said Dmitry Ponomarev, professor of computer science at Binghamton University, State University of New York. Ponomarev is the principal investigator of a project titled "Practical Hardware-Assisted Always-On Malware Detection." More than 317 million pieces of new malware—computer viruses, spyware, and other malicious programs—were created in 2014 alone, according to work done by Internet security teams at Symantec and Verizon. Malware is growing in complexity, with crimes such as digital extortion (a hacker steals files or locks a computer and demands a ransom for decryption keys) becoming large avenues of cyber attack. "This project holds the promise of significantly impacting an area of critical national need to help secure systems against the expanding threats of malware," said Ponomarev. "[It is] a new approach to improve the effectiveness of malware detection and to allow systems to be protected continuously without requiring the large resource investment needed by software monitors." Countering threats has traditionally been left solely to software programs, but Binghamton researchers want to modify a computer's central processing unit (CPU) chip—essentially, the machine's brain—by adding logic to check for anomalies while running a program like Microsoft Word. If an anomaly is spotted, the hardware will alert more robust software programs to check out the problem. The hardware won't be right about suspicious activity 100 percent of the time, but since the hardware is acting as a lookout at a post that has never been monitored before, it will improve the overall effectiveness and efficiency of malware detection. "The modified microprocessor will have the ability to detect malware as programs execute by analyzing the execution statistics over a window of execution," said Ponomarev. "Since the hardware detector is not 100-percent accurate, the alarm will trigger the execution of a heavy-weight software detector to carefully inspect suspicious programs. The software detector will make the final decision. The hardware guides the operation of the software; without the hardware the software will be too slow to work on all programs all the time." The modified CPU will use low complexity machine learning—the ability to learn without being explicitly programmed—to classify malware from normal programs, which is Yu's primary area of expertise. "The detector is, essentially, like a canary in a coal mine to warn software programs when there is a problem," said Ponomarev. "The hardware detector is fast, but is less flexible and comprehensive. The hardware detector's role is to find suspicious behavior and better direct the efforts of the software." Much of the work—including exploration of the trade-offs of design complexity, detection accuracy, performance and power consumption—will be done in collaboration with former Binghamton professor Nael Abu-Ghazaleh, who moved on to the University of California-Riverside in 2014. Lei Yu, associate professor of computer science at Binghamton University, is a co-principal investigator of the grant. Grant funding will support graduate students that will work on the project both in Binghamton and California, conference travel and the investigation itself. The three-year grant is for $275,000. Article source Other source: These researchers are modifying CPUs to detect security threats
  19. This search engine remembers literally everything that's been on your computer Our brains often forget where we saw something among the countless tabs and documents on our computers each day. To make it easier to find things, Seattle-based Atlas Informatics launched Atlas Recall, which lets you search for anything you've ever looked at on your computer. Atlas Informatics founder and CEO Jordan Ritter calls the software "a photographic memory for your digital life." In a demonstration to CNNMoney, that proved to be a fairly accurate assessment. Once installed, Atlas Recall displays personalized search results from the app, desktop search, or Google (GOOGL, Tech30)search. This includes web pages, emails, Slack chats, Netflix films, Spotify songs, or anything else that's appeared in front of your eyes on your screen. Let's say you're planning a wedding. You can search for "wedding," and Atlas Recall will pull up calendar appointments, emails from your wedding party, websites of flower companies, photos of wedding dresses, the Spotify playlist you listened to when emailing your fiancé, and the Facebook wedding planning group you're a part of. You can search by keyword, content type or time, and it displays all related information based on relevancy. For instance, if two documents were open at the same time and you toggled between them, they will both appear whether or not they contain a keyword. Once installed on your hard drive and browser, Atlas Recall runs in the background and begins collecting your activity. The company captures all the content you've looked at and stores it on its servers. So how does it work? Computers have built-in features for people with disabilities to use hardware and software. These features -- like Apple's VoiceOver -- use accessibility APIs, the programming tools that pass information between the computer and the user. Atlas Recall taps into these tools and indexes all the data shared on-screen. Though Atlas Recall is a unique product, it's similar to Google's ecosystem that saves and tracks everything you do. When you're logged in to Google services, it collects and saves your activity, from where you go via Google Maps, to appointments you make with Google Calendar. You can search these services to find personal data. But Atlas Recall takes that behavior and applies it to literally everything you do with your computer. "The platform wars are over, nobody won, and no one will ever win them again," Ritter told CNNMoney. "We now have diverse sets of apps and platforms and services, and we move fluidly between all of them. What we want is something that works the way we use our devices and data." The tool understandably raises privacy concerns. Ritter, cofounder of Napster and no stranger to controversial file-sharing, said all the data is encrypted while it's transferred to Atlas Cloud and stored in its servers. You can block Atlas from reading and indexing links, files, and apps -- say, block it from reading your Gmail -- remove stored data, or pause Atlas Recall so it's not running in the background indefinitely. Atlas Recall is launching in beta on Wednesday for Apple devices running macOS Sierra or OS X El Capitan. It also has a compatible iPhone app that lets you search for items, but does not index content from your phone. Ritter said an app for Windows 10 is coming soon. The search engine is the first product from Atlas Informatics, and it's free for people to try out while in beta. The company plans to charge for premium features in the future. The Emerald City startup has raised $20.7 million from investors including Microsoft (MSFT, Tech30), Nathan Myhrvold and Aspect Ventures. Article source
  20. One of the primary vectors for the distribution of tech support scams is malvertising. You’ll simply be browsing the web when all of a sudden your browser shows a scary page claiming your computer is infected. Behind the scenes, an unscrupulous ad network usually lets a malicious actor push a malicious code snippet instead of a regular advert. Now all you see is a page that looks like a Microsoft website and no matter how many times you try to close the annoying popup, it simply won’t go away. Over time, various tricks have been used to fool browsers and in particular Google Chrome, which is not surprising considering its market share. Typically we have seen JavaScript code to send what seems to be an infinite number of pop ups, which in reality is a simple loop. Of course there have been variations of this and historically browsers have let users down by not being to handle those tricks cleanly. As of matter of fact, one of the easiest ways to get rid of a browser locker is to kill its process using Task Manager or other such tool. Today we are looking at yet another technique which isn’t new per se, but has finally made its way into tech support scams. Remember the websites that could crash Chrome/Firefox/Safari even on mobile devices? The flaw was originally identified in July 2014 and it is an abuse of the history.pushState() method introduced with HTML5 which according to the documentation, pushes the given data onto the session history stack with the specified title and, if provided, a URL. One important thing you may notice from the bug report above is the “Doesn’t technically crash, just hang” part. This is so important because as you will see below, scammers really want their victims to see the instructions on screen, and in particular the phone number to call to fix their computer: This is a clever use of this bug because the computer that visited this site is essentially stuck with the CPU and memory maxed out while the page is not responding. All of this is done by using a few lines of code: Depending on your computer’s specifications you may or may not be able to launch Task Manager to kill the browser process. Otherwise your system will be brought to its knees and a hard reboot may be the only option left. Whatever you do, please do not call the phone number for support because it is not Microsoft’s but rather a group of scammers waiting to rob you of hundreds of dollars under false pretenses. We reported this particular scam to the Google Safebrowsing team even though the bug existed before, because the fact it is used in the wild to trick people makes it more urgent to be looked at and fixed. Hat tip to @TheWack0lian for sharing this new browlock scam with us. IOCs 1-844-507-3556 perfecthosting[.]co/alert/ perfecthosting.co/alert/123.mp3 Microsoft Identification-Malware infected website visited.Malicious data transferred to system from unauthorized access.System Registry files may be changed and can be used for unethical activites. System has been infected by Virus Trojan.worm!055BCCAC9FEC — Personal information (Bank Details, Credit Cards and Account Password) may be stolen.System IP Address is unmasked and can be accessed for virus spreading.Microsoft has reported to the connected ISP to implement new firewall.User should call immediatley to Technical Support 1-844-507-3556 for free system scan. Article source
  21. Acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, spectral and temporal properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed relatively strong adversary models that are not very practical in many real-world settings. Such strong models assume: (i) adversary's physical proximity to the victim, (ii) precise profiling of the victim's typing style and keyboard, and/or (iii) significant amount of victim's typed information (and its corresponding sounds) available to the adversary. In this paper, we investigate a new and practical keyboard acoustic eavesdropping attack, called Skype & Type (S&T), which is based on Voice-over-IP (VoIP). S&T relaxes prior strong adversary assumptions. Our work is motivated by the simple observation that people often engage in secondary activities (including typing) while participating in VoIP calls. VoIP software can acquire acoustic emanations of pressed keystrokes (which might include passwords and other sensitive information) and transmit them to others involved in the call. In fact, we show that very popular VoIP software (Skype) conveys enough audio information to reconstruct the victim's input -- keystrokes typed on the remote keyboard. In particular, our results demonstrate that, given some knowledge on the victim's typing style and the keyboard, the attacker attains top-5 accuracy of 91.7% in guessing a random key pressed by the victim. (The accuracy goes down to still alarming 41.89% if the attacker is oblivious to both the typing style and the keyboard). Finally, we provide evidence that Skype & Type attack is robust to various VoIP issues (e.g., Internet bandwidth fluctuations and presence of voice over keystrokes), thus confirming feasibility of this attack. Article source
  22. Address Space Layout Randomization (ASLR) is a security technique used in operating systems, first implemented in 2001. The current versions of all major operating systems (iOS, Android, Windows, macOS, and Linux) feature ASLR protection. But in the past week, a new method of bypassing ASLR has been found. So, should you be worried? To those without a low-level programming background, ASLR can be confusing. To understand it, you must first understand virtual memory. What Is Virtual Memory? Virtual Memory is a memory management technique with many benefits, but it was primarily created to make programming easier. Imagine you have Google Chrome, Microsoft Word, and several other programs open on a computer with 4 GB of RAM. As a whole, the programs on this computer use much more than 4 GB of RAM. However, not all the programs will be active at all times, or need simultaneous access to that RAM. The operating system allocates chunks of memory to programs called pages. If there is not enough RAM to store all the pages at once, the pages least likely to be needed are stored on the slower (but more spacious) hard drive. When the stored pages are needed, they’ll switch spaces with less necessary pages currently in RAM. This process is called paging, and lends its name to the pagefile.sys file on Windows. Virtual memory makes it easier for programs to manage their own memory, and also makes them more secure. Programs don’t need to worry about where other programs are storing data, or how much RAM is left. They can just ask the operating system for additional memory (or return unused memory) as necessary. All the program sees is a single continuous chunk of memory addresses for its exclusive use, called virtual addresses. The program is not allowed to look at another program’s memory. When a program needs to access memory, it gives the operating system a virtual address. The operating system contacts the CPU’s memory management unit (MMU). The MMU translates between virtual and physical addresses, returning that information to the operating system. At no point does the program directly interact with RAM. What Is ASLR? Address Space Layout Randomization (ASLR) is primarily used to protect against buffer overflow attacks. In a buffer overflow, attackers feed a function as much junk data as it can handle, followed by a malicious payload. The payload will overwrite data the program intends to access. Instructions to jump to another point in code are a common payload. The famous JailbreakMe method of jailbreaking iOS 4, for example, used a buffer overflow attack, prompting Apple to add ASLR to iOS 4.3. Buffer overflows require an attacker to know where each part of the program is located in memory. Figuring this out is usually a difficult process of trial and error. After determining that, they must craft a payload and find a suitable place to inject it. If the attacker does not know where their target code is located, it can be difficult or impossible to exploit it. ASLR works alongside virtual memory management to randomize the locations of different parts of the program in memory. Every time the program is run, components (including the stack, heap, and libraries) are moved to a different address in virtual memory. Attackers can no longer learn where their target is through trial and error, because the address will be different every time. Generally, applications need to be compiled with ASLR support, but this is becoming the default, and is even required on Android 5.0 and later. So Does ASLR Still Protect You? Last Tuesday, researchers from SUNY Binghamton and University of California, Riverside, presented a paper called Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR. The paper details a way to attack the Branch Target Buffer (BTB). The BTB is part of the processor that speeds up if statements by predicting the outcome. Using the authors’ method, it is possible to determine locations of known branch instructions in a running program. The attack in question was performed on a Linux machine with an Intel Haswell processor (first released in 2013), but could likely be applied to any modern operating system and processor. That said, you shouldn’t necessarily despair. The paper offered a few ways that hardware and operating system developers can mitigate this threat. Newer, fine-grain ASLR techniques would require more effort from the attacker, and increasing the amount of entropy (randomness) can make the Jump Over attack infeasible. Most likely, newer operating systems and processors will be immune to this attack. So what is left for you to do? The Jump Over bypass is new, and hasn’t yet been spotted in the wild. When attackers exploit it, the flaw will increase the potential damage an attacker can cause on your device. This level of access isn’t unprecedented; Microsoft and Apple only implemented ASLR in their operating systems released 2007 and later. Even if this style of attack becomes commonplace, you won’t be any worse off than you were back in the days of Windows XP. Keep in mind that attackers still have to get their code on your device to do any harm. This flaw does not provide them with any additional ways to infect you. As always, you should follow security best practices. Use antivirus, stay away from sketchy websites and programs, and keep your software up to date. By following these steps and keeping malicious actors off your computer, you’ll be as safe as you’ve ever been. Article source
  23. Malware overwrites your browser's homepage Malware shuts down your PC when you try to terminate its process Researchers from Kahu Security have come across a new malware variant, coded in JavaScript, which hijacks your browser's homepage but will also shut down your computer if you detect the intrusion and attempt to terminate its process. Variants of this malware have been spotted online since 2014, but not as aggressive in their behavior as this latest variation. The malware arrives on user PCs as a malicious file attachment via email spam, and despite being a JavaScript file, it is not executed inside a browser, but via the Windows Script Host, the Windows built-in JavaScript executor. Malicious actions disguised under heavy obfuscation Looking at the malware's source code, regular users won't see anything more than a jumble of random characters. Kahu Security researchers say the script is obfuscated to hide its true payload, a series of operations that change underlying operating system settings. Besides obfuscation, the script also uses tricks like encoded characters, regex search, regex replace, unusual base conversions (script works with base33), and conditional statements. Once the researchers managed to fight their way through all the entangled source code, they discovered that the script goes through the following steps: 1) Creates a new folder in the AppDataRoaming directory and hides it using a new registry key 1) Copies the legitimate Windows wscript.exe application inside this folder and gives it a random name 3) Copies itself inside this folder and creates a shortcut to itself, which it names "Start" and places in the "Startup" folder, also accessible via the Windows Start Menu 4) Assigns a fake folder icon to the Start shortcut in order to trick users into thinking it's a folder and not a file 5) The rest of the script's code checks for an Internet connection by trying to access Microsoft, Google, or Bing. 6) Sends telemetry data to urchintelemetry[.]com and downloads and runs an encrypted file from 95.153.31[.]22 7) The encrypted file is another JS script that sets the homepage of Chrome, Firefox and IE to login.hhtxnet[.]com, which at the time of writing redirects users to another site: portalne[.]ws 8) This last script uses WMI (Windows Management Instrumentation) to check for security-related software 9) If the script finds security-related software, it terminates execution with a fake error message 10) If users spot the wscript.exe process in their task manager and try to stop this process, the script executes a CLI command that immediately shuts down their computer 11) When the user restarts his PC, because of the "Start" script in the Startup menu, the malicious JS malware starts operating all over again "If you end up with this script on your computer, you can easily get rid of it by restarting in Safe Mode (or logging into another account) then removing the startup link and roaming folder," Darryl, Kahu Security expert writes. "If you wish to analyze the script while it’s running then simply rename your security tool to something benign." "Start" script in Startup folder Article source
  24. Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable. A recent paper published by researchers at the State University of New York at Binghamton alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR. Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control. The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable. As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.” Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan. Article source
  25. After a break of a couple of months in their Pascal launch schedule, NVIDIA is back again to launch a new Pascal desktop product. Following their near-perfect top-down launch schedule that started with GeForce GTX 1080 in May, being announced today and formally launching next week is the GeForce GTX 1050 Ti and GeForce GTX 1050. Aimed at the entry level discrete video card market, these products will round-out the GeForce 10-series desktop lineup. Launching their low-tier cards last instead of first for the Pascal generation marks an interesting inverse of what happened with the Maxwell generation. In 2014 it was the low-end Maxwell 1 parts that launched first, only to be followed up by the other Maxwell 2 parts later on in the year. As a result, the Maxwell 2 family went through a full cycle – from release to retirement – before NVIDIA’s entry-level cards were refreshed. Out of all of the segments in the NVIDIA product stack, it’s fair to say that the entry-level was the one most due for a refresh. And to that end, here we are with the GeForce GTX 1050 series. The previous GeForce GTX 750 series went very well for NVIDIA, so much so that the new 1050 series follows a number of beats laid out by its predecessor. NVIDIA is launching two cards – both of which are based on the new GP107 – which setup a two-tier product offering for the entry level market. The faster of the two cards is the GTX 1050 Ti, while the GTX 1050 follows closely to offer a bit less performance at a lower price point. And in order to maximize compatibility, both cards are being offered in configurations that draw their power entirely from the PCIe bus, forgoing the need for an external power connection. NVIDIA GPU Specification Comparison GTX 1060 3GB GTX 1050 Ti GTX 1050 GTX 750 Ti GTX 750 CUDA Cores 1152 768 640 640 512 Texture Units 72 48 40 40 32 ROPs 48 32 32 16 16 Core Clock 1506MHz 1290MHz 1354MHz 1020MHz 1020MHz Boost Clock 1709MHz 1392MHz 1455MHz 1085MHz 1085MHz Memory Clock 8Gbps GDDR5 7Gbps GDDR5 7Gbps GDDR5 5.4Gbps GDDR5 5Gbps GDDR5 Memory Bus Width 192-bit 128-bit 128-bit 128-bit 128-bit VRAM 3GB 4GB 2GB 2GB 1GB FP64 1/32 1/32 1/32 1/32 1/32 TDP 120W 75W 75W 60W 55W GPU GP106 GP107 GP107 GM107 GM107 Transistor Count 4.4B 3.3B 3.3B 1.87B 1.87B Manufacturing Process TSMC 16nm Samsung 14nm Samsung 14nm TSMC 28nm TSMC 28nm Launch Date 08/18/2016 10/25/2016 10/25/2016 02/18/2014 02/18/2014 Launch Price $199 $139 $109 $149 $119 Diving into the specs, we’ll start with the GTX 1050 Ti. Based on a fully enabled GP107 GPU, this card is arguably the backbone of NVIDIA’s entry-level offerings. All-told, it has 6 SMs enabled – 60% that of GP106/GTX 1060 – so GP107 is a bit more than half of a GP106. The rest of the Pascal architecture has been scaled similarly; GP107/GTX 1050 Ti retains 2/3rds of the ROP and memory controller configuration, meaning we’re looking at 32 ROPs attached to a 128-bit memory bus. Notably, this is double the number of ROPs found on GTX 750, so all other factors held equal, GTX 1050 Ti will see a massive jump in ROP throughput compared to its predecessor. Unofficial GP107 Block Diagram Feeding GTX 1050 Ti is 4GB of GDDR5 memory, clocked at 7Gbps. This is a budget card – and a power limited one at that – so NVIDIA has pulled back on the memory clocks compared to the other Pascal cards. Meanwhile power consumption starts at 75W, the maximum amount allowed to be pulled from a PCIe slot. I say “starts” because NVIDIA will be allowing partners to sell factory overclocked cards, and these cards will feature a higher TDP and an external power connector in order to meet the card’s power needs. The significance of offering a 75W-and-under card cannot be overstated; there is a sizable market for end users who would like to upgrade an OEM system but don’t have an external power connector, and this is a role the preceding GTX 750 filled very well. Meanwhile HTPC users who were holding out for a 75W card will be equally pleased, as now Pascal’s suite of media features are on a lower power card. Joining the GeForce GTX 1050 Ti is its smaller, cheaper sibling, the GTX 1050. Based on a cut-down GP107 GPU, GTX 1050 drops 1 SM and 2GB of memory. This leaves us with a 5 SM (640 CUDA core) card paired with 2GB of GDDR5 running at 7Gbps. Otherwise it has the full ROP complement and memory bus, so while GTX 1050 loses some shader and geometry throughput, in other areas it holds firm. In fact due to the unusual clockspeeds of these cards – more on this in a moment – the GTX 1050 is actually clocked higher than the GTX 1050 Ti. So the net performance difference on paper is less than the loss of the SM; the smaller card should offer around 87% of the GTX 1050 Ti’s performance. With that said, unlike the last generation you don’t save any power versus the Ti card when going by the official TDP, as the GTX 1050 is also a 75W card, which happens to be 20W more than the GTX 750. Consequently while it’s still a card that can run on just PCIe slot power, by NVIDIA’s own numbers we may be looking at a relatively sizable increase in power consumption relative to its predecessor. GP107 – An Enigma of a GPU Having covered the basic specifications, I want to spill a bit more ink talking about the GP107 GPU. Reading the specs table, the GTX 1050 series cards are very unusual compared to their more powerful siblings. To be sure they’re still Pascal cards, but certain elements we take for granted about the Pascal family don’t apply here. At the same time there are certain elements we take for granted about x50 series cards which also aren’t applicable here. GP107 is, at the moment, an enigma of a GPU. I’ll address what’s likely the elephant in the room first, which is the manufacturing process. To date all Pascal GPUs have been fabbed over at TSMC on their 16nm FinFET process. GP107 is not one of those GPUs. Instead, it’s fabbed on a 14nm process – NVIDIA’s specification sheet doesn’t technically state whose process – but by simple elimination it’s a very safe bet that they’re making the chip over at Samsung. Feature size is a red herring here, and instead the significance of this deal is that NVIDIA has not used a fab other than TSMC for GPUs for a long time. In fact we’d have to go back to 2003 to find an NVIDIA GPU fabbed somewhere else, when NVIDIA tapped IBM to help fab the ill-fated NV3x series (GeForce FX). Suffice it to say, tapping another fab is a very big deal. There’s no second-sourcing here – GP107 is only being made on Samsung’s 14nm process and GP106+ only on TSMC’s 16nm process – but splitting orders like this may just as well be new territory for NVIDIA. As this is just a product announcement NVIDIA hasn’t said anything about the change in fabs, so let your imagination go wild here, but it definitely has some ramifications. I really need to get the GTX 1050 cards in house and on the testbed to figure out the full ramifications of this, but I think the most important change here is that a new process from a new vendor means that the voltage/frequency curve we’ve come to know with TSMC 16nm and Pascal has essentially been thrown out the window. This in turn may explain the clockspeeds of the GTX 1050 cards. All of the other desktop GeForce 10-series cards have an official boost clock of 1600MHz+, with all but one of those cards being 1700Mhz+. The massive jump in clockspeed relative to Maxwell 2 is one of the signature elements of the Pascal architecture, and a major factor driving the significant performance gains of this generation compared to the last. The GTX 1050 series, by comparison, is only rated to boost up to 1455MHz for the GTX 1050, and lower still for the GTX 1050 Ti at 1392MHz. Given that these are power-constrained cards, the final specifications of the cards are bound by a larger number of variables than usual – power curves, attainable frequency range, and now total power consumption – so I’m not even going to try to insinuate that the lower clockspeeds are solely a function of the change in fabs. However it’s very important to keep in mind that these lower clockspeeds come with a sometimes sizable increase in TDP relative to the GTX 750 series; instead of 55W/60W cards, we have 75W cards. So to use the fully enabled GTX 1050 Ti as an anchor point, power consumption has gone up 15W (25%) for a 28% increase in the boost clock, 1 more SM (20%), and somewhat decoupled from this, the doubled ROP count. It’s telling then that NVIDIA has informed the press that the higher TDP cards with an external power connector are going to have much higher boost clocks. Whatever is going on under the hood, power plays a big part, and at a TDP limit of 75W, GP107 isn’t getting all the room it needs to stretch. Meanwhile it’s also noteworthy that NVIDIA’s own marketing materials call for GTX 1050 to have a 3x performance increase over GTX 650, and only a bit over 50% increase over GTX 750 Ti. At the same time though, keep in mind we’re looking at a generation and a half architectural jump from the GTX 750 series (GM107) to the GTX 1050 series (GP107). So NVIDIA has to spend quite a bit of their transistor budget on supporting new features, and not just graphical features like SMP and Feature Level 12_1, but also features like the new video display block and the full fixed-function HEVC encode and decode blocks. By virtue of being the smallest Pascal, GP107 spends relatively more die size and space on non-graphics features. For those reasons the transistor count is quite a bit larger than GM107; NVIDIA has gone from 1.87B transistors to 3.3B, an increase of 76% (greater than the increase for any of the other Pascal GPUs). Or to put this another way, GP107 is 75% of the transistor count of GP106. Die size meanwhile stands at 135mm2, down a bit from the 148mm2 die size of GM107. Ultimately GP107 is not just another Pascal GPU. While it offers the same feature set, there’s more than meets the eye, and it will be interesting to see how things shake out in benchmarking and overclocking. Ahead of launch, this is easily the least predictable GPU and card set of the entire Pascal family. GTX 1050 Series Launch Info – No Reference Cards, GTX 1050 Ti Available Next Week Getting back to the cards at hand, let’s talk about positioning, pricing, and availability. As these are NVIDIA’s entry-level cards, it goes without saying that they’re not targeted at NVIDIA’s usual horde of PC gaming enthusiasts. These cards won’t have the power to run games at 1080p with all the bells and whistles turned up – that’s really what the GTX 1060 is for – but instead they’re meant to be the next step up from integrated GPUs. This is a market that the GTX 750 series served very well (and judging from market share, NVIDIA sold well to), and the GTX 1050 will do the same. From specifications alone, the GTX 1050 series should be head and shoulders above the Intel GT2 iGPU found on Skylake/Kaby Lake. Unlike the GTX 750 series, NVIDIA won’t be producing any reference cards this time around, Founders Edition or otherwise. So all GTX 1050 series cards are going to be vendor custom designs. Expect a mix of cards that follow the 75W TDP and cards that offer factory overclocks in exchange for a higher TDP. If for some reason you’re after a slot-powered card, be sure to check the specifications closely. Meanwhile, although NVIDIA is listing the launch date as the 25th for both cards, from what NVIDIA has told me at the product briefing, in reality this isn’t quite the case. GTX 1050 Ti should in fact be available next week, right in time for the launch. However NVIDIA is not expecting GTX 1050 to be in stock for a few more weeks. Vendors can sell the cards as soon as they have them, so indeed the retail embargo ends on the 25th, but if the GTX 1050 interests you, don’t expect to be able to buy it until around mid-November. Finally, let’s take a look at the completive landscape. Besides the outgoing Maxwell 1 and Maxwell 2 cards, the current-generation competition for the GTX 1050 series is AMD’s already-launched Radeon RX 460. The $109 GTX 1050 is the very clear counterpart to the 2GB RX 460. Meanwhile the $139 GTX 1050 Ti is in a bit of a different place; the cheaper 4GB RX 460 cards are running closer to $120 right now, so the GTX 1050 Ti is essentially $20 more expensive, which is a small but still significant difference given the overall low prices of entry-level cards. Still, it means that AMD’s two-month run as the sole supplier of current-generation entry-level video cards is about to come to an end. Fall 2016 GPU Pricing Comparison AMD Price NVIDIA Radeon RX 480 (8GB) $249 GeForce GTX 1060 6GB Radeon RX 480 (4GB) $229 Radeon RX 470 $199 GeForce GTX 1060 3GB $139 GeForce GTX 1050 Ti Radeon RX 460 (4GB) $119 Radeon RX 460 (2GB) $109 GeForce GTX 1050 Article source
  • Create New...