Jump to content

Search the Community

Showing results for tags 'protect'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 15 results

  1. Yandex Browser is Chromium based browser. Yandex beta browser beta uses Blink 61.0.3163.100 core. You can select more than 1500 extensions. Yandex Browser Protect: Secure web surfing and protecting the browser against malware. Protect active security technology scans files and websites for viruses, blocks fraudulent webpages, protects your passwords and bank card details, and keeps your online payments safe from theft. When connecting to open Wi-Fi networks or to the points that use a weak WEP-defense, Yandex Browser automatically encrypts traffic between it and the HTTP sites. Yandex browser is the first browser with support for DNSCrypt technology: Choose DNS server with DNSCrypt encryption. Yandex browser homepage Yandex browser beta download page
  2. Years ago, before the advent of the two-step verification, when I did not use a password manager like KeyPass, I was in the habit of forgetting the login credentials of many websites. And then I used to take the usual route of password recovery which basically sends an email containing your password or username or both. I often copy-pasted this password in the email message to the login screen and the password stayed in the clipboard for as long as the Windows PC was running. In a situation like this, just about anybody can steal such sensitive information from the clipboard. In fact when some of the professional hackers target someone’s PC, the clipboard is the first of the few things they check for something useful. And since the clipboard can contain anything from simple text, image or files – you should always clear the clipboard after copy-pasting anything sensitive or private. Manually, it is very easy to erase the contents of the clipboard – all you have to do is just overwrite the clipboard with something else. So just copy anything into the clipboard and it is done. But what if you cannot remember to clear the clipboard. This is where a small utility called ClipTTL might help you. ClipTTL is an unobtrusive little tool that keeps erasing the contents of your Windows’ clipboard after a set time of twenty seconds. It has no options and no user interface – nothing except a system tray icon that can be used to shutdown the ClipTTL when not needed. By default, ClipTTL runs the clipboard cleaning mechanism after every 20 seconds. If this is too small a time duration for you, then you can specify your own time frequency by invoking the ClipTTL with a parameter containing the number of seconds after which you want the clipboard to be cleared. For example, if you run ClipTTL with a command line clipttl.exe 120 then it will flush the Clipboard after every 120 seconds. It would have been better if this functionality (to choose a custom time period) was given in the system tray right-click menu. Verdict: ClipTTL stays out of the way and keeps on cleaning the clipboard contents repeatedly until you choose to shut this tool down. It is a nifty little program to boost your privacy in a Windows PC. Download ClipTTL Article source
  3. SSL is a great way to encrypt and protect data transferred between servers or between browser and servers from any attempt to spy on the data on its way or as known as man in the middle attack, we will focus in this article on HTTPS protocol and the method to attack it and proper way to fight against this attacks. Is HTTPS that important ? first let’s declare the importance of using SSL with HTTP traffic. Imagine the next scenario. you are trying to login to your bank account with your laptop connected in your wifi and you know its secure its you and your little sister who connect in the same wifi, secure right? ? but your wifi uses weak password or vulnerable to exploits, so someone gain access to the same wifi and with a simple tool he can run a packet sniffer and catch all your and your sister’s traffic and look into your password and even change the data if he wants. Imaging the same scenario but your bank is using HTTPS, when you access the website you receive the website certificate signed and your browser validate the signature to make sure that certificate belongs to the website, then your browser encrypt all data then send the encrypted data to the server and do it vice versa, so if our attacker try to sniff the data all what he will get is the encrypted data, cool right ? Lets be honest no one is 100% secure and SSL had a tough couple of years from attacks like Heartblead, DROWN and POODLE , this attacks target the SSL it self , all what you have to do to mitigate this attacks is to be up to date always and apply vendors patches as it appears. But what about sniffing dangerous, does using HTTPS solve it? the answer is not completely, some researchers tried to sniff HTTPS packages by inventing tools like SSL sniff and SSL strip. SSL sniff :- SSL sniff is tool programmed by Moxie Marlinspike based on vulnerability he discovered, let us quickly describe it. When you request a website for example ( example.com ) as we said before you receive the example.com certificate the certificate must be issued by one of the valid vendors, so if follow certificate chain from the root certificate ( root certificate embedded in the browsers by default) to the leaf certificate ( example.com certificate) but what if leaf certificate tried to generate another certificate in the chain? lets say to website like paypal.com! the surprising thing that it worked and no one bothered himself by checking that leaf certificate generated another leaf certificate, but how attacker can use this? the website still be example.com not paypal.com, and that’s why he made SSL Sniff tool. by intercepting the traffic (man in the middle attack) you will intercept the request to paypal.com and with SSL Sniff, then you can generate the paypal.com certificate from the leaf certificate you have example.com and send it back to the browser instead of original paypal.com certificate, when the browser try to validate the certificate it will pass because the chain is correct, then any request between the browser and the server will be signed by the certificate you generate so you can decrypt the data as you want, and then re-transfer it by using the original paypal.com certificate, Boom. fortunately it had been fixed and now the leaf certificate cannot generate another certificate. SSL Strip:- Another tool by the same man Moxie Marlinspike. but in this time he came up with another trick using man in the middle, but what if he changed the request to http instead of HTTPS, and he will request the website on behalf of the user using HTTPS but between the attacker and the user its plain http, and the user will not be so suspicious to notice the difference in his browser. How to defend against this techniques ? Using HTTPS only will not solve it completely, even if you restricted the connection to HTTPS only in the server side, the attacker still can force user to use HTTP by using SSL strip and you will not notice the request still HTTPS in your end, and here HSTS header comes. HTTP Strict Transport Security (HSTS) is a web security policy mechanism it tells the browser that he must only connect to the website using secure HTTPS connection. just send header like this from your server. Strict-Transport-Security: max-age=31536000 The key is Strict-Transport-Security that tells the browser or any other agent to strict the transportation to ssl . the value is maximum age to use this header in seconds 31536000 equal to one non-leap year. Then the user agent will automatically change any url to HTTPS before it send it to the server allowing only secure connections. Bottom line , using HTTPS comes with responsibilities , you must be up to date , patch your system if any vulnerability comes up, renew your certificate on time and don’t forget to use Strict-Transport-Security Policy. Article source
  4. Here are 10 easy steps to show you how to use the Tor network to mask your browsing habits. What is Tor? Tor stands for The Onion Router project. The Onion Router (TOR) is a non-profit setup which runs a network designed to improve personal privacy and increase anonymity online by masking Internet traffic, as well as preventing online domains from gathering information about you and your browsing habits. What is Tor used for? Tor is used by people who are privacy-conscious -- especially after Edward Snowden's disclosures about the NSA, In addition, the network is used by journalists, people avoiding censorship, businesses and traders in underground markets. You can only access the underbelly of the Internet, known as the "Deep Web" and .onion web addresses -- which are not indexed by standard search engines -- through Tor. How does it work? Tor uses relays and nodes ran by volunteers to disguise your traffic and the true origin of your IP address, a de facto network of tunnels rather than a direct line to websites you visit. Instead of sending packets of data directly to a server, this information is bounced to different relay points. By doing so, the network helps you disguise your digital footprint and keep out spying eyes. Does Tor encrypt my data and traffic? The answer is no. Tor is only a traffic anonymizer and does not encrypt your traffic, but the use of virtual private networks (VPNs) in addition to Tor and staying away from HTTP-based websites will help. Use HTTPS whenever possible. Do I have to pay? Tor is free and open-source with a number of developers working on the network, which is compatible with Windows, Mac, Linux/Unix, and Android. How do I use Tor? You simply download the browser for PCs and Orbot for Android devices. The software is already configured for you, but as the network relays traffic indirectly, it is unlikely you will reach the same speed levels as before. How do I access .onion addresses? The "clear web" is the layer of the Internet which is indexed by search engines including Google. Underneath, you have the "deep web" and "dark web," the latter of which is associated with illegal operations. Onion addresses are part of the "deep web," and to access them, you need to know the 16-character code instead of a standard URL. You can find these through deep web search engines, forums and through invitations -- and some companies, such as Facebook, have issued .onion addresses for Tor users. How can I stay safe? If you're going to use Tor, you need to understand some of the basics of Internet security. As a standard tip, disable plugins and software which could leave you open to exploit, such as Flash and Java. You should keep in mind that Tor does not prevent you from operating system security vulnerabilities -- and considering how many flaws are found in software on Windows, you may want to use a different OS to stay as protected as possible. Anonymity isn't fool proof There are still ways that police agents can scrutinize your activity, so do not consider yourself 100 percent protected just because you are using Tor. If you visit illegal domains, buy or sell illegal goods or download explicit, banned material, Tor may not protect you. So, should I use Tor? If you want to help anonymize your traffic, do so -- but for tasks which need a high Internet speed such as torrenting, this is not the right solution. In addition, if you want to use the network for illegal activity, this is at your own risk. Do not consider Tor as the ultimate solution to security -- it is, instead, one aspect. VPNs and sticking to HTTPS are also important components to protecting yourself and your data. Article source
  5. Arbor Networks released global DDoS attack data for the first six months of 2016 that shows a continuing escalation in the both the size and frequency of attacks. Arbor’s data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor in order to deliver an aggregated view of global traffic and threats. ATLAS data has also been utilized recently in Cisco’s Visual Networking Index Report and the Verizon Data Breach Incident Report. Global DDoS activity DDoS remains a commonly used attack type due to the ready availability of free tools and inexpensive online services that allow anyone with a grievance and an internet connection to launch an attack. This has led to an increase in both the frequency, size and complexity of attacks in recent years. ATLAS has observed an average of 124,000 events per week over the last 18 months. A 73% increase in peak attack size over 2015, to 579Gbps. 274 attacks over 100Gbps monitored in 1H 2016, versus 223 in all of 2015. 46 attacks over 200Gbps monitored in 1H2016, versus 16 in all of 2015. USA, France and Great Britain are the top targets for attacks over 10Gbps. As Arbor’s Security Engineering & Research Team (ASERT) recently documented, large DDoS attacks do not require the use of reflection amplification techniques. LizardStresser, an IoT botnet was used to launch attacks as large as 400Gbps targeting gaming sites worldwide, Brazilian financial institutions, ISPs and government institutions. According to ASERT, the attack packets do not appear to be from spoofed source addresses – and no UDP-based amplification protocols such as NTP or SNMP were used. When average is a problem A 1 Gbps DDoS attack is large enough to take most organizations completely off line. Average attack size in 1H 2016 was 986Mbps, a 30% increase over 2015. Average attack size is projected to be 1.15Gbps by end of 2016. “The data demonstrates the need for hybrid, or multi-layer DDoS defense,” said Darren Anstee, Arbor Networks Chief Security Technologist. “High bandwidth attacks can only be mitigated in the cloud, away from the intended target. However, despite massive growth in attack size at the top end, 80% of all attacks are still less than 1Gbps and 90% last less than one hour. On-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS.” Time for reflection Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. As a result, the majority of recent large attacks leverage this technique using DNS servers, NTP, Chargen and SSDP. As a result, in 1H 2016: DNS is the most prevalent protocol used in 2016, taking over from NTP and SSDP in 2015. Average size of DNS reflection amplification attacks growing strongly. Peak monitored reflection amplification attack size in 1H 2016 was 480Gbps (DNS). Article source
  6. Fort File Encryption is an open source security program for Windows that allows anyone to protect individual files on Windows PCs. You have three main options when it comes to encrypting data on your computer. You can encrypt the hard drive, create an encrypted container that you can put files into, or encrypt individual files. What you select depends largely on what your goals are. If you just want to protect an important document, then you may not want to spend the time to encrypt the hard drive. Fort File Encryption is a free program for Windows that offers that option to you. Fort File Encryption You can download the program from the developer website and need to install it on the Windows machine afterwards. Please note that it requires the Microsoft .Net Framework 4.0 to work, and that it is compatible with all supported versions of the Windows operating system. The program adds an entry to the Windows Explorer menu that you use to encrypt and decrypt files on the system. The process itself has been streamlined for ease of use. Right-click on a file or files, and select Fort > Encrypt from the context menu to start the encryption process. You are asked to type a passphrase that is used to encrypt the file. Fort File Encryption grades the strength of the password you type. You may click on the plus icon next to the passphrase field to have a random password generated for you by the program. A click on the "eye-icon" next to it reveals the password so that you can copy and paste it, or memorize it. A click on encrypt creates encrypted versions of the selected files in the same directory. You will notice that a backup copy of the original file is placed in the directory as well. If you don't require that, you may disable that in the program settings. There you find other interesting options. First, you may disallow insecure passphrases from being selected in the encryption process. Fort File Encryption won't accept passwords that it grades as weak if you disallow insecure passphrases in the program settings. A click on interface displays an option to add verification to the password selection process. Instead of having to type the password once only, you now have to type it twice after enabling the option which helps you make sure the password that you have typed is correct. The program uses AES 256-bit for encryption and is not limited in regards to file size. Closing Words Fort File Encryption has been designed to protect individual files to avoid unauthorized access. You can use it to protect files on the local system, or files that you store in the cloud or send to others via email or messaging applications. The program is only available for Windows though which limits its use if you use devices that run other operating systems like Android or Linux as you won't be able to decrypt the data on these devices. Fort - Cryptography Extension for Windows Article source
  7. Fraunhofer Institute gives clean bill of health to crypto tool used by millions. The TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts is safer than some studies have suggested, according to a comprehensive security analysis conducted by the prestigious Fraunhofer Institute for Secure Information Technology. The extremely detailed 77-page report comes five weeks after Google's Project Zero security team disclosed two previously unknown TrueCrypt vulnerabilities. The most serious one allows an application running as a normal user or within a low-integrity security sandbox to elevate privileges to SYSTEM or even the kernel. The Fraunhofer researchers said they also uncovered several additional previously unknown TrueCrypt security bugs. Despite the vulnerabilities, the analysis concluded that TrueCrypt remains safe when used as a tool for encrypting data at rest as opposed to data stored in computer memory or on a mounted drive. The researchers said the vulnerabilities uncovered by Project Zero and in the Fraunhofer analysis should be fixed but that there's no indication that they can be exploited to provide attackers access to encrypted data stored on an unmounted hard drive or thumb drive. According to a summary by Eric Bodden, the Technische Universität Darmstadt professor who led the Fraunhofer audit team: When random numbers aren't The analysis, which was performed under contract with Germany's Federal Office for Security in Information Technology, largely echoes the conclusions reached in April in a separate security audit of TrueCrypt. It also uncovered several programming errors, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. The Fraunhofer researchers also found weaknesses in the way TrueCrypt retrieves random numbers. Theoretically, weaknesses in generating random numbers can make it easier for attackers to guess the secret keys needed to decrypt encrypted data. "To be on the safe side it would therefore be advisable to re-encrypt volumes with a version of TrueCrypt in which this flaw has been fixed," Bodden said. Unfortunately, such a fix may never be available for TrueCrypt since development of the project abruptly ceased 18 months ago when its mostly anonymous developers said the program should no longer be trusted. April's security audit also uncovered several buffer overflow vulnerabilities. The Fraunhofer researchers said the overflows can't occur at runtime and "thus cannot possibly be exploited." Bodden continued: The conclusion means that the millions of people who have relied on TrueCrypt will probably have a grace period to safely continue using the program until VeraCrypt or another TrueCrypt replacement is farther along in development. The current state of TrueCrypt—with its lack of updates and vague but alarmist warning from developers—is by no means ideal. The added assurances from Fraunhofer at least buys users time until a suitable alternative is available. News source
  8. Some of the latest cyber attacks seek to steal information using man-in-the-browser (MITB) attacks. These represent a dangerous trend because they circumvent even the strongest authentication techniques by hijacking the session after the user has authenticated a bank or other site. Threat intelligence start up buguroo is looking to combat this with its new online fraud detection solution that can detect hijacked sessions in real time and stop them before any money leaves the bank. The company's new bugFraud Defense technology is entirely host- and cloud-based and doesn't require any action, such as installing software or an agent, by an end-user client in order to be protected. The buguroo software is transparent to the user, requires minimal resources and doesn't degrade the user experience or performance. "Any online fraud detection solution that still relies on signatures or requires users to take action is based on a failed model," says Pablo de la Riva Ferrezuelo, CTO and founder of buguroo. "Industry research shows that 'opt-in' models that require installing client-side software at best get low single digit percentage participation. Study after study shows users expect their service providers to protect them, and they are not willing to help. Period. That's what we do". The solution is implemented at web server level for both development and security teams. It then requires only a lightweight modification in regular server content to link online sessions to the cloud-based fraud detection engine. Available immediately in the US, Europe and Latin America, buguroo bugFraud Defense can be bought as a standalone product or as part of bugThreats, the company's comprehensive threat intelligence platform, also announced today. The company is targeting those sectors most commonly attacked by cyber criminals, banking, social networking and e-commerce. More information is available on the buguroo website. Article source
  9. Dell's business laptops and tablets will get an extra layer of protection from hackers with a new security tool being loaded into the company's portable computers. The new Dell security tool focuses on protecting the boot layer so PC hardware or software don't malfunction. It secures the low-level UEFI (Unified Extensible Firmware Interface), which sits in a protected layer above the OS. An attack on this firmware can compromise a system at boot time. Hacking the firmware can cause the OS and hardware components to malfunction. Hackers have shown increasingly sophisticated ways in which the UEFI -- which has replaced the conventional BIOS -- can be infected with malware. Recovery from a hacked boot layer isn't as easy as running an anti-virus program. It usually requires a system to be rebooted and firmware to be flashed before loading the OS. As a hacked UEFI is hard to to fix, Dell's new security tool offers an alternative method. At boot, the tool verifies a UEFI snapshot with an identical copy in the cloud and can notify a user or system administrator of any inconsistency. A copy of the UEFI can then be reloaded on the computer to fix the problem. That's just a start. The company is working on a feature in which hacked UEFI can "auto-remediate" itself, said David Konetski, executive director in the Client Solutions Office of the CTO at Dell. He did not share when that feature would be in PCs. Dell has also taken precautions to protect the process of verifying the UEFI with an image in the cloud, Konetski said. A copy of the UEFI image is sent from flash storage to a PC's SRAM, and then data from the SRAM is then sent over a secure channel for verification. The cloud can be set up within a customer's premises, which makes intercepting a UEFI hash even more difficult, Konetski said. Trying to beat the cloud-based UEFI verification system would require hacking both the PC boot layer and the UEFI snapshot in the cloud. The verification tool's design is much like cloud-based anti-virus programs, which are being deployed in more enterprises to protect PCs, tablets and thin clients. In case of a hack, an original copy of the BIOS can be reloaded on the PC from a server via Microsoft's System Center Configuration or other Windows-based remote system management software. Support for Linux server management software will come soon, Konetski said. The tool will be loaded in Dell's Precision, OptiPlex and XPS PCs and Venue Pro tablets. Buyers will have to pay extra for the BIOS verification tool. Dell hasn't said how much it will cost. Intel already provides system management tools to protect the boot layer in PCs. System administrators can remotely start a PC, fix the boot layer and then shut down the PC. HP also includes secure boot tools in its business PCs, though they are designed for individual users. The Source Edit: Reported it to moved to Security & Privacy News had too many tabs open
  10. The new frame blocking experience in SmartScreen does not obscure webpages Microsoft has announced that it has updated its SmartScreen phishing and malware filtering technology for Internet Explorer 11 and Microsoft Edge in Windows 10 to protect users from drive-by attacks. A drive-by attack, unlike traditional forms of malware delivery, occurs without user interaction by targeting users who merely visit webpages, and may also leverage zero-day exploits. In addition to protecting users from drive-by attacks, Microsoft has stated that the updated version of SmartScreen may also protect users from zero-day exploits—such as the 'HanJuan EK' exploit that was discovered last year, which exploited a vulnerability in Adobe's Flash Player software—even before a patch is made available. The new drive-by protection feature in SmartScreen is, according to Microsoft, the result of data collected over the course of a year by a variety of data sources, including Bing, the Enhanced Mitigation Experience Toolkit (EMET), Internet Explorer, Microsoft Edge, SmartScreen, and Windows Defender. In addition to offering protection from drive-by attacks, the user experience in the latest update to SmartScreen has been enhanced. As shown in the screenshot posted above, when a potentially malicious frame is detected in a webpage, only the frame itself will be blocked. Previous versions of SmartScreen obscured entire webpages with a warning when a potentially malicious frame was detected—even if the webpage itself was not malicious—inconveniencing users. While the aforementioned improvements to SmartScreen should make browsing the web a safer and more enjoyable experience for users of Microsoft's web browsers, they have arrived at a time where users are switching to alternative browsers. And even with these improvements, Microsoft has cautioned that users should regularly install all available security updates as soon as possible. Source: Microsoft Article source
  11. Denmark's largest torrent site and one of the country's largest overall says it has shut down in order to protect tens of thousands of users. NextGen had been in operation for more than four years, offering a broad range of content including the latest movies and TV shows. But the heat got to the site and as usual, controversy is not far away. While sites such as The Pirate Bay and KickassTorrents are viewed as the public face of large-scale file-sharing, hidden away behind passworded fronts lies the private tracker community. Many hundreds – possibly thousands – of so-called ‘private trackers’ exist on the Internet today, each serving their own unique blend of users and often focusing on specialist mix of content. Since these are closed-door communities, few make the headlines. But despite their growth being artificially restricted by strict rules on who can enter, some swell to a significant size. The Denmark-based tracker ‘NextGen‘ is one such site and is currently the country’s 225 most-visited site overall. Those successes, however, are now in the past. For reasons best known to its operators the site (NG) has now closed its doors, but the notice handed out to more than 40,000 users suggests that all is not well. “Due to much attention on NG and therefore its users recently, we have decided to shut down the tracker. This is done solely and exclusively for your safety, as during the last few weeks NG has attracted much extra attention,” the site’s operators said in a statement. “This means not only a greater risk for the staff but also you as users. That is why we have decided that we will no longer take the risk that we or you must end up in a situation that none of us would like. We would like to thank you for the time we have had together, with the hope of a reunion soon.” While it is fairly common for sites to shut down without giving much of an explanation, in the informational vacuum that follows rumors begin to fly. For instance, in some quarters much is being made of Pirate Bay founder Gottfrid Svartholm’s alleged connections to the site. As seen in the image below, his name is indeed present in the site’s domain listings. But this fact alone is almost certainly not a sign of his direct involvement. In the past, NextGen had dealings with PRQ, a company historically owned by Gottfrid. Over the years countless dozens of sites opted to have PRQ and the Pirate Bay founder’s name as contact details on their domain instead of their own. That being said, for a successful site to close down so quickly it’s likely that pressure from the authorities had been mounting for some time. As far back as 2011, Danish police arrested then 19-year-old law student Halfdan Timm, accusing him of spreading illegal information on a blog and suggesting he was the NextGen operator. “At first, they tried to figure out whether I was leading the tracker, searching for hidden equipment in the apartment, but when they realized that wasn’t the case, they tried to get as much information as possible about the actual owners,” he told TF at he time. For an earlier article, Timm had indeed interviewed an operator of NextGen in-depth, which led the police to believe there had been a connection. However, several years later potentially more damaging information began appearing online about the operators of NextGen and their alleged activities. After it was alleged they were making upwards of $200,000 a year from the NextGen, two men were publicly linked to the site by anonymous critics. A document purporting to detail how NextGen accepted Bitcoin through a ‘front’ web-hosting company is now doing the rounds. If accurate (and it’s hard to say either way), that ‘doxxing’ certainly won’t have helped the security of the site – or its operators. News source
  12. Batu69

    Free tools to protect eyes

    1. Flux - f.lux makes your computer screen look like the room you're in, all the time. When the sun sets, it makes your computer look like your indoor lights. In the morning, it makes things look like sunlight again. Tell f.lux what kind of lighting you have, and where you live. Then forget about it. f.lux will do the rest, automatically. 2. EyeCare - Application appears in system tray and keeps reminding to take short break for relaxing eyes after every rest time interval. It displays a blank screen enforcing rest for some time. User can enable/disable rest enforcement as needed. 3. Eye Protector PRO - This software reminds you to take breaks from computer and perform light stretching excercises. It is an eye care / RSI prevention software available in both free and paid versions.
  13. It isn't just big organizations that are at risk from cybercrime. Smaller businesses are vulnerable too, figures from the Small Business Committee suggest 71 percent of cyber attacks target businesses with under 100 employees, and they're less able to afford sophisticated tools to protect themselves. To address this security company Trustwave is launching a new set of integrated security tools aimed at small and medium enterprises. The Trustwave SMB Security Toolkit includes anti-virus, vulnerability scanning, security health checks, endpoint security monitoring, credit card data scanning for data loss prevention, file integrity monitoring and more. Key features include remote access security which monitors and tracks any remote access software -- such as TeamViewer -- installed and enabled on endpoints and provides guidance on best practices for configuring remote access securely. Remote access tools are often an easy point of entry for attackers and a leading cause of data breaches. There's regular monitoring for malware that may be present on a business website. It also tracks other issues that may affect consumer confidence in the website, such as being listed on a search engine blacklist, domain hijacking, and expired SSL certificates. It includes mobile security audits and reports on security and compliance of mobile devices to enable proactive defense, and a Point-of-Sale (POS) Tracker monitors POS equipment for tampering and substitution. "In today's cybercrime environment, taking a check-box approach to security is like using a deadbolt on a door made of straw: technically you've met the requirement but it's not going to stop the bad guys," says Ted McKendall, vice president of product management at Trustwave. "The Trustwave SMB Security Toolkit is a new security-first approach that delivers an integrated set of 13 easy-to-administer security tools to help these targeted businesses secure their business environment, while automating and streamlining the process of achieving PCI DSS compliance". For more information on the toolkit you can visit the Trustwave website. News source
  14. Silicon Valley, long an enabler of government digital spying, is changing its tune, and Microsoft is at the forefront Guess who's leading the charge to replace the now-defunct Safe Harbor agreement with a new international framework to protect privacy? None other than Microsoft. Sounding more like an activist than the president and chief legal officer of the world's largest software company, Brad Smith this week laid out a sweeping, four-point program in a blog post that explicitly values privacy over business and national security concerns. "Privacy really is a fundamental human right," he wrote. Most significantly, Smith said that countries on both sides of the Atlantic should agree to only access user data through the company that holds it, instead of gaining access by hacking into corporate networks or other surreptitious means. Microsoft has also led the fight against U.S. government efforts to take American citizens' and companies' data held in foreign data centers. The privacy ground has shifted in Silicon Valley It's easy to be cynical and argue that Microsoft and other tech giants now lobbying for privacy have come to Jesus because the Edward Snowden revelations have made foreign customers wary of doing business with U.S. companies. That may well be true, but it's also true that the ground has shifted dramatically this year. Silicon Valley firms are now taking strong stands on privacy-related matters beyond Safe Harbor. For example, Apple and Dropbox said Tuesday they oppose a controversial cyber security bill called CISA that would give the government sweeping new powers to spy on Americans in the name of protecting them from hackers. "The trust of our customers means everything to us, and we don't believe security should come at the expense of their privacy," Apple said in a statement, echoing positions taken recently by Google, Facebook, and others in Silicon Valley. In last year's iOS 8, Apple also changed how encryption works in its mobile devices, so it can no longer unlock users' devices even if ordered to do so by the courts. The decision was meant to thwart government efforts to gain such access. Despite such tech-industry opposition, it would be surprising if the CISA bill doesn't pass -- it has broad bipartisan support and President Barack Obama is certain to sign it. And the tech industry's newfound commitment to privacy hasn't meant an end to tracking cookies and the sale of customer data to advertisers, among other privacy-invading tactics. Unsafe harbor: Why Safe Harbor was overturned The Safe Harbor agreement allowed companies to move data such as people's Web search histories, online purchases, and social media updates between the United States and the European Union. In today's environment of global companies and cloud services, personal data belonging to a person who lives in one country is routinely stored in another, then moved back and forth as needed. It's also often bought and sold as part of cross-border advertising deals. Safe Harbor imposed some restrictions on how companies could use that personal data, since Europeans desire greater privacy than Americans do and didn't want America's looser standards imposed on them through corporate actions. American companies wanted a clear set of usage guidelines that would at least not interfere with their data storage and transmission processes. That changed radically in early October when the European Court of Justice said the agreement was flawed because it allowed American government authorities to gain routine access to Europeans' online information. Snowden's revelations, the court said, showed that U.S. spy agencies had easy access to data belonging to Europeans. Microsoft now favors user privacy despite its self-interest The end to Safe Harbor is a massive problem for companies like Google and Facebook, whose businesses are built on online advertising and the user tracking needed to get the most from those ads. Microsoft is affected as well, as Smith quite rightly points out, but not nearly as severely. Even so, Smith's blog post marks a notable departure in the tech industry's approach to privacy. American law allowed the industry to tap data when convenient, and American technology made it possible to do so efficiently. You'd expect giants like Microsoft to cling desperately to the status quo. Under Smith, Microsoft is doing the opposite: Microsoft proposes new, privacy-protecting Safe Harbor Here's a summary of Smith's proposal for a new version of the Safe Harbor agreement: Users' legal rights should move with their data. That would mean the U.S. government would have to agree to abide by all E.U. laws when requesting private data on a European citizen whose information is stored on U.S. soil.A new agreement would creates an expedited legal process through which governments on both sides of the Atlantic can make data requests.For the sake of public safety, there should be an exception to this approach for citizens who move physically across the Atlantic. For example, the U.S. government should be permitted to turn solely to its own courts under U.S. law to obtain data about E.U. citizens who move to the United States, and the same would be true for a European government when U.S. citizens reside there.All governments involved should agree to only access a particular company's user data through that company directly instead of surreptitiously gaining access through a cloud provider or another means of spying.Smith wrote, "This fundamental approach would cut through the existing legal confusion by making clear both that people will not lose their privacy rights when their data is moved across a border and that there is an effective and legally proper basis for law enforcement to access the data needed to keep the public safe." Smith pointed out that without a replacement for Safe Harbor there will be serious business consequences: "Imagine trying to complete a purchase online and being told that your purchase has been blocked because your credit card information needs to be processed somewhere else. Imagine having your airline reservation rejected because your passport information cannot be transmitted by the airline to the country where you want to fly." New laws might simply mandate that everyone's information stay inside one's country or perhaps even one's personal devices. That's a simple approach legislatively, "but that would require a return to the digital dark ages," he argued. Why? In effect it would stymie cross-border transactions. Opponents of global capitalism may aspire to that result, but it would undo centuries of commerce and cooperation among nations, not only cross-border exploitation. I know that the Microsoft haters will find all sorts of reasons to doubt Smith's sincerity and poke holes in his arguments. That's not important. What is important is we're finally having serious discussions about privacy and due process, and Microsoft deserves credit for its contribution to that dialog. Source
  15. I use this for a little while now.