Jump to content

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. The internet infrastructure company wants to protect your inbox from targeted threats, starting with the launch of two new tools. Cloudflare, The internet infrastructure company, already has its fingers in a lot of customer security pots, from DDoS protection to browser isolation to a mobile VPN. Now the company is taking on a classic web foe: email. On Monday, Cloudflare is announcing a pair of email safety and security offerings that it views as a first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing, and mitigating the fallout if a user does click a malicious link. The features, which the company will offer for free, are mainly geared toward small business and corporate customers. And they’re made for use on top of any email hosting a customer already has, whether it’s provided by Google’s Gmail, Microsoft 365, Yahoo, or even relics like AOL. Cloudflare CEO Matthew Prince says that from its founding in 2009, the company very intentionally avoided going anywhere near the thorny problem of email. But he adds that email security issues are unrelenting, so it has become necessary. “I think what I had assumed is that hosting providers like Google and Microsoft and Yahoo were going to solve this issue, so we weren’t sure there was anything for us to do in the space,” Prince says. “But what’s become clear over the course of the last two years is that email security is still not a solved issue.” Prince says that Cloudflare employees have been “astonished by how many targeted threats were getting through Google Workspace,” the company's email provider. That's not for lack of progress by Google or the other big providers on anti-spam and anti-malware efforts, he adds. But with so many types of email threats to deal with at once, strategically crafted phishing messages still slip through. So Cloudflare decided to build additional defense tools that both the company itself as well as its customers could use. On Monday, the company is launching two products: Cloudflare Email Routing and Email Security DNS Wizard. The tools let customers place Cloudflare in front of their email hosting provider, essentially allowing Cloudflare to receive and process emails before sending them through to the Microsofts and Googles of the world. This is somewhat similar to Cloudflare's long-standing role as a “content delivery network” for websites, in which the company is a proxy that can serve data or catch malicious activity as web traffic passes through. Cloudflare Email Routing makes it possible for individuals or organizations to manage an entire custom email domain, like @coolbusiness.com, from a single consumer email account, such as a personal Gmail address. The tool even lets you consolidate many addresses—[email protected], [email protected]—so they all forward to a single inbox. This way, small businesses in particular can get the benefits of a dedicated, custom email domain without having to manage a whole separate platform. The second tool, Security DNS Wizard, aims to make two email security features accessible for Cloudflare customers and easy to use. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are two tools that are essentially a combination of caller ID and screening schemes for email: They aim to reduce email address spoofing by setting up public records that must match an email's sender information for the message to go through. This significantly reduces how easy it is for attackers to, say, send an email to employees that really looks like it comes from "Cool Business CEO." SPF and DKIM have been around for more than a decade, but they aren't ubiquitous, because they are difficult to set up without mistakes that can result in problems like legitimate emails getting lost. Cloudflare's goal with Email Security DNS Wizard is to make it easy for users to set up one or the other protection without any flubs. “These are both technologies that have been around for a long time, but the problem is they don’t get a lot of use, because they're extremely complicated and in some cases dangerous to set up,” Prince says. “We're hopeful that implementing this tech, making it easy, and making it free will dramatically expand the usage and decrease the amount of targeted phishing and domain abuse." Ultimately, Cloudflare plans to roll out a more comprehensive suite of services, called Advanced Email Security Suite, that will incorporate these two tools plus others. These initial offerings allow the company to get email flowing through its network, Prince says, so that it can study threats and patterns on a large scale. He adds that all Cloudflare email security products are carefully designed to leave crucial indicators intact for providers like Google and Microsoft. This way the tools aren't disrupting the important anti-spam and anti-abuse features that those services already have in place. And the goal is for existing Cloudflare offerings like browser isolation to work in tandem with the new email security features even when customers do click a bad link. As with many Cloudflare offerings, though, one byproduct of turning on these email security features is that customers will need to trust the company with their messages on top of all the other web data they already have flowing through Cloudflare. When asked whether there are privacy implications of this, Prince repeats what he has often said about Cloudflare's approach. “We think of customer data as a toxic asset. We don’t have a business around advertising, we don’t sell customer data,” he says. “We have privacy certifications and do external audits of our systems. But, yeah, we have to earn our customers' trust everyday." In a way, email is one of the last web security frontiers for Cloudflare. Whether customers are willing to share this final piece of themselves with the company will likely depend on how successful Cloudflare can be at making a dent in the very real, and maddening, risks that come with corporate email. Cloudflare Is Taking a Shot at Email Security (May require free registration to view)
  2. malakai1911

    Comprehensive Security Guide

    Comprehensive Security Guide NOTE: As of 1/1/2019 this guide is out of date. Until parts are rewritten, consider the below for historical reference only. i. Foreword The primary purpose of this guide is to offer a concise list of best-of-breed software and advice on selected areas of computer security. The secondary purpose of this guide is to offer limited advice on other areas of security. The target audience is an intermediately skilled user of home computers. Computer software listed are the freeware versions when possible or have free versions available. If there are no free versions available for a particular product, it is noted with the "$" symbol. The guide is as well formatted as I could make it, within the confines of a message board post. ii. Table of Contents i. Foreword ii. Table of Contents 1. Physical Security a. Home b. Computer c. Personal 2. Network Security a. Hardware Firewall b. Software Firewall 3. Hardening Windows a. Pre-install Hardening b. Post-install Hardening c. Alternative Software d. Keep Windows Up-To-Date 4. Anti-Malware a. Anti-Virus b. HIPS / Proactive Defense c. Malware Removal 5. Information and Data Security a. Privacy / Anonymity b. Encryption c. Backup, Erasure and Recovery d. Access Control (Passwords, Security Tokens) 6. Conclusion 1. Physical Security I just wanted to touch on a few things in the realm of physical security, and you should investigate physical and personal security in places other than here. a. Home How would you break in to your own home? Take a close look at your perimeter security and work inwards. Make sure fences or gates aren't easy to climb over or bypass. The areas outside your home should be well lit, and motion sensor lights and walkway lights make nice additions to poorly lit areas. If possible, your home should have a security system featuring hardwired door and window sensors, motion detectors, and audible sirens (indoor and outdoor). Consider integrated smoke and carbon monoxide detectors for safety. Don't overlook monitoring services, so the police or fire department can be automatically called during an emergency. Invest in good locks for your home, I recommend Medeco and Schlage Primus locks highly. Both Medeco and Schlage Primus locks are pick-resistant, bump-proof, and have key control (restricted copying systems). Exterior doors should be made of steel or solid-core wood and each should have locking hardware (locking doorknob or handle), an auxiliary lock (mortise deadbolt) with a reinforced strike plate, and a chain. Consider a fireproof (and waterproof) safe for the storage of important documents and valuables. A small safe can be carried away during a robbery, and simply opened at another location later, so be sure and get a safe you can secure to a physical structure (in-wall, in-floor, or secured to something reasonably considered immovable). You may be able to hide or obscure the location of your safe in order to obtain some additional security, but don't make it cumbersome for yourself to access. b. Computer Computers are easy to just pick up and take away, so the only goal you should have is to deter crimes of opportunity. For desktop computers, you may bring your desktop somewhere and an attacker may not be interested in the entire computer, but perhaps just an expensive component (video card) or your data (hard drive), and for that I suggest a well-built case with a locking side and locking front panel. There are a variety of case security screws available (I like the ones from Enermax (UC-SST8) as they use a special tool), or you can use screws with less common bits (such as tamper resistant Torx screws) to secure side panels and computer components. There are also cable lock systems available for desktop computers to secure them to another object. For laptop computers, you are going to be primarily concerned about a grab-and-go type robbery. There are a variety of security cables available from Kensington, which lock into the Kensington lock slot found on nearly all laptops, which you can use to secure it to another object (a desk or table, for example). Remember though, even if it's locked to something with a cable, it doesn't make it theft-proof, so keep an eye on your belongings. c. Personal Always be aware of your surroundings. Use your judgment, if you feel an area or situation is unsafe, avoid it altogether or get away as quickly and safely as possible. Regarding hand to hand combat, consider a self-defense course. Don't screw around with traditional martial arts (Karate, Aikido, Kung-Fu), and stay away from a McDojo. You should consider self-defense techniques like Krav Maga if you are serious about self defense in a real life context. I generally don't advocate carrying a weapon on your person (besides the legal mess that may be involved with use of a weapon, even for self-defense, an attacker could wrestle away a weapon and use it against you). If you choose to carry any type of weapon on your person for self-defense, I advise you to take a training course (if applicable) and to check with and follow the laws within the jurisdiction you decide to possess or carry such weapons. Dealing with the Police Be sure to read Know Your Rights: What to Do If You're Stopped by the Police a guide by the ACLU, and apply it. Its advice is for within the jurisdiction of the US but may apply generally elsewhere, consult with a lawyer for legal advice. You should a;so watch the popular video "Don't talk to the police!" by Prof. James Duane of the Regent University Law School for helpful instructions on what to do and say when questioned by the police: (Mirror: regent.edu) Travelling Abroad Be sure and visit the State Department or Travel Office for your home country before embarking on a trip abroad. Read any travel warnings or advisories, and they are a wealth of information for travelers (offering guides, checklists, and travel advice): (US, UK, CA). 2. Network Security As this is a guide geared towards a home or home office network, the central theme of network security is going to be focused around having a hardware firewall behind your broadband modem, along with a software firewall installed on each client. Since broadband is a 24/7 connection to the internet, you are constantly at risk of attack, making both a hardware and software firewall absolutely essential. a. Hardware Firewall A hardware firewall (router) is very important. Consider the hardware firewall as your first line of defense. Unfortunately, routers (usually) aren't designed to block outbound attempts from trojans and viruses, which is why it is important to use a hardware firewall in conjunction with a software firewall. Be sure that the firewall you choose features SPI (Stateful Packet Inspection). Highly Recommended I recommend Wireless AC (802.11ac) equipment, as it is robust and widely available. Wireless AC is backwards compatible with the earlier Wireless N (802.11n) G (802.11g) and B (802.11b) standards. 802.11ac supports higher speeds and longer distances than the previous standards, making it highly attractive. I generally recommend wireless networking equipment from Ubiquiti or Asus. Use WPA2/WPA with AES if possible, and a passphrase with a minimum of 12 characters. If you are really paranoid, use a strong random password and remember to change it every so often. Alternatives A spare PC running SmoothWall or IPCop, with a pair of NIC's and a switch can be used to turn a PC into a fully functional firewall. b. Software Firewall A software firewall nicely compliments a hardware firewall such as those listed above. In addition to protecting you from inbound intrusion attempts, it also gives you a level of outbound security by acting as a gateway for applications looking to access the internet. Programs you want can access the internet, while ones you don't are blocked. Do not use multiple software firewalls simultaneously. You can actually make yourself less secure by running two or more software firewall products at once, as they can conflict with one another. Check out Matousec Firewall Challenge for a comparison of leak tests among top firewall vendors. Leaktests are an important way of testing outbound filtering effectiveness. Highly Recommended Comodo Internet Security Comodo is an easy to use, free firewall that provides top-notch security. I highly recommend this as a first choice firewall. While it includes Antivirus protection, I advise to install it as firewall-only and use an alternate Antivirus. Alternatives Agnitum Outpost Firewall Free A free personal firewall that is very secure. Be sure to check out the Outpost Firewall Forums, to search, and ask questions if you have any problems. Online Armor Personal Firewall Free Online Armor Personal Firewall makes another great choice for those who refuse to run Comodo or Outpost. Online Armor 3. Hardening Windows Windows can be made much more secure by updating its components, and changing security and privacy related settings. a. Pre-install Hardening Pre-install hardening has its primary focus on integrating the latest available service packs and security patches. Its secondary focus is applying whatever security setting tweaks you can integrate. By integrating patches and tweaks, you will be safer from the first boot. Step 1 - Take an original Windows disc (Windows 7 or later) and copy it to a folder on your hard drive so you can work with the install files. Step 2 - Slipstream the latest available service pack. Slipstreaming is a term for integrating the latest service pack into your copy of windows. Step 3 - Integrate the latest available post-service pack updates. This can be done with a utility such as nLite or vLite, and post-service pack updates may be available in an unofficial collection (such as the RyanVM Update Pack for XP). Step 4 - Use nLite (Windows 2000/XP) or vLite (Windows Vista/7) to customize your install. Remove unwanted components and services, and use the tweaks section of nLite/vLite to apply some security and cosmetic tweaks. Step 5 - Burn your newly customized CD, and install Windows. Do not connect the computer to a network until you install a software firewall and anti-virus. b. Post-Install Hardening If you have followed the pre-install hardening section, then your aim will be to tweak settings to further lock down windows. If you hadn't installed from a custom CD, you will need to first update to the latest service pack, then install incremental security patches to become current. After updating, you'll then disable unneeded Windows services, perform some security tweaks, and use software such as xpy to tweak privacy options. Disable Services Start by disabling unneeded or unnecessary services. By disabling services you will minimize potential security risks, and use fewer resources (which may make your system slightly faster). Some good guides on disabling unnecessary services are available at Smallvoid: Windows 2000 / Windows XP / Windows Vista. Some commonly disabled services: Alerter, Indexing, Messenger, Remote Registry, TCP/IP NetBIOS Helper, and Telnet. Security Tweaks I highly recommend using a strong Local Security Policy template as an easy way to tweak windows security options, followed by the registry. Use my template (security.inf) to easily tweak your install for enhanced security (Windows 2000/XP/Vista/7): 1. Save the following attachment: (Download Link Soon!) 2. Extract the files. 3. Apply the Security Policy automatically by running the included "install.bat" file. 4. (Optional) Apply your policy manually using the following command: [ secedit /configure /db secedit.sdb /cfg "C:\<Path To Security.inf>\<template>.inf" ] then refresh your policy using the following the command:[ secedit /refreshpolicy machine_policy ] (Windows 2000), [ gpupdate ] (Windows XP/Vista/7) This template will disable automatic ("administrative") windows shares, prevent anonymous log on access to system resources, disable (weak) LM Password Hashes and enable NTLMv2, disable DCOM, harden the Windows TCP/IP Stack, and much more. Unfortunately my template can't do everything, you will still need to disable NetBIOS over TCP (NetBT), enable Data Execution Prevention (AlwaysOn), and perform other manual tweaks that you may use. Privacy Tweaks xpy (Windows 2000/XP) and vispa (Windows Vista/7) These utilities are great for modifying privacy settings. They supersede XP AntiSpy because they include all of XP Anti-Spy's features and more. You should use them in conjunction with the security tweaks I've listed above. c. Alternative Software Another simple way of mitigating possible attack vectors is to use software that is engineered with better or open security processes. These products are generally more secure and offer more features then their Microsoft counterparts. Highly Recommended Google Chrome (Web Browser) Mozilla Thunderbird (Email Client) OpenOffice.org (Office Suite) Alternatives Mozilla Firefox (Web Browser) Google Docs (Online) (Office Suite) Firefox Additions Mozilla has a Privacy & Security add-on section. There are a variety of add-ons that may appeal to you (such as NoScript). And although these aren't strictly privacy related, I highly recommend the AdBlock Plus add-on, with the EasyList and EasyPrivacy filtersets. d. Keep Windows Up-To-Date Speaking of keeping up-to-date, do yourself a favor and upgrade to at least Windows XP (for older PC's) and Windows 7 (or later) for newer PC's. Be sure to keep up-to-date on your service packs, they're a comprehensive collection of security patches and updates, and some may add minor features. Microsoft Windows Service Packs Windows 2000 Service Pack 4 with Unofficial Security Rollup Package Windows XP Service Pack 3 with Unofficial Security Rollup Package Windows XP x64 Service Pack 2 with Unofficial Security Rollup Package Windows Vista Service Pack 2 Windows 7 Service Pack 1 Microsoft Office Service Packs Office 2000 Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office XP (2002) Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office 2003 Service Pack 3 with the Office 2007 Compatibility Pack (SP3) and Office File Validation add-in. Office 2007 Service Pack 3 with the Office File Validation add-in. Office 2010 Service Pack 1 After the service pack, you still need to keep up-to-date on incremental security patches. Windows supports Automatic Updates to automatically update itself. However, if you don't like Automatic Updates: You can use WindowsUpdate to update windows periodically (Must use IE5 or greater, must have BITS service enabled), or you can use MS Technet Security to search for and download patches individually, or you can use Autopatcher, an unofficial updating utility. In addition to security patches, remember to keep virus definitions up-to-date (modern virus scanners support automatic updates so this should not be a problem), and stay current with latest program versions and updates, including your replacement internet browser and mail clients. 4. Anti-Malware There are many dangers lurking on the internet. Trojans, viruses, spyware. If you are a veteran user of the internet, you've probably developed a sixth-sense when it comes to avoiding malware, but I advocate backing up common sense with reliable anti-malware software. a. Anti-Virus Picking a virus scanner is important, I highly recommend Nod32, but there are good alternatives these days. Check out AV Comparatives for a comparison of scanning effectiveness and speed among top AV vendors. Highly Recommended Nod32 Antivirus $ I recommend Nod32 as a non-free Antivirus. Features excellent detection rates and fast scanning speed. Nod32 has a great heuristic engine that is good at spotting unknown threats. Very resource-friendly and historically known for using less memory than other AV's. There is a 30 day free trial available. Alternatives Avira AntiVir Personal I recommend Avira as a free Antivirus. Avira is a free AV with excellent detection rates and fast scanning speed. (Kaspersky no longer recommended, due to espionage concerns.) Online-Scanners Single File Scanning Jotti Online Malware Scan or VirusTotal These scanners can run a single file through a large number of different Antivirus/Antimalware suites in order to improve detection rates. Highly recommended. Whole PC Scanning ESET Online Scanner Nod32 Online Antivirus is pretty good, ActiveX though, so IE only. There is a beta version available that works with Firefox and Opera. b. HIPS / Proactive Defense Host-based intrusion prevention systems (HIPS) work by disallowing malware from modifying critical parts of the Operating System without permission. Classic (behavioral) HIPS software will prompt the user for interaction before allowing certain system modifications, allowing you stop malware in its tracks, whereas Virtualization-based HIPS works primarily by sandboxing executables. Although HIPS is very effective, the additional setup and prompts are not worth the headache for novice users (which may take to just clicking 'allow' to everything and defeating the purpose altogether). I only recommend HIPS for intermediate or advanced users that require a high level of security. Highly Recommended I highly recommend firewall-integrated HIPS solutions. Comodo Defense+ is a classic HIPS built into Comodo Internet Security, and provides a very good level of protection. Outpost and Online Armor provide their own HIPS solutions, and the component control features of the firewalls are powerful enough to keep unwanted applications from bypassing or terminating the firewall. If you want to use a different HIPS, you can disable the firewall HIPS module and use an alternative below. Alternatives Stand-alone HIPS solutions are good for users who either don't like the firewall built-in HIPS (and disable the firewall HIPS), or use a firewall without HIPS features. HIPS based on Behavior (Classic) ThreatFire ThreatFire provides a strong, free behavioral HIPS that works well in conjunction with Antivirus and Firewall suites to provide additional protection. HIPS based on Virtualization DefenseWall HIPS $ DefenseWall is a strong and easy-to-use HIPS solution that uses sandboxing for applications that access the internet. GeSWall Freeware GeSWall makes a nice free addition to the HIPS category, like DefenseWall it also uses sandboxing for applications that access the internet. Dealing with Suspicious Executables You can run suspicious executables in a full featured Virtual Machine (such as VMware) or using a standalone sandbox utility (such as Sandboxie) if you are in doubt of what it may do (though, you may argue that you shouldn't be running executables you don't trust anyway). A more advanced approach to examining a suspicious executable is to run it through Anubis, a tool for analyzing the behavior of Windows executables. It displays a useful report with things the executable does (files read, registry modifications performed, etc.), which will give you insight as to how it works. c. Malware Removal I recommend running all malware removal utilities on-demand (not resident). With a firewall, virus scanner, HIPS, and some common sense, you won't usually get to the point of needing to remove malware... but sometimes things happen, perhaps unavoidably, and you'll need to remove some pretty nasty stuff from a computer. Highly Recommended Anti-Spyware Spybot Search & Destroy Spybot S&D has been around a long time, and is very effective in removing spyware and adware. I personally install and use both Spybot & Ad-Aware, but I believe that Spybot S&D has the current edge in overall detection and usability. Anti-Trojan Malwarebytes' Anti-Malware Malwarebytes has a good trojan detector here, and scans fast. Anti-Rootkit Rootkit Unhooker RKU is a very advanced rootkit detection utility. Alternatives Anti-Spyware Ad-Aware Free Edition Ad-Aware is a fine alternative to Spybot S&D, its scanning engine is slower but it is both effective and popular. Anti-Trojan a-squared (a2) Free a-squared is a highly reputable (and free) trojan scanner. Anti-Rootkit IceSword (Mirror) IceSword is one of the most capable and advanced rootkit detectors available. 5. Information and Data Security Data can be reasonably protected using encryption and a strong password, but you will never have complete and absolute anonymity on the internet as long as you have an IP address. a. Privacy / Anonymity Anonymity is elusive. Some of the following software can help you achieve a more anonymous internet experience, but you also must be vigilant in protecting your own personal information. If you use social networking sites, use privacy settings to restrict public access to your profile, and only 'friend' people you know in real life. Don't use (or make any references to) any of your aliases or anonymous handles on any websites that have any of your personal information (Facebook, Amazon, etc..). You should opt-out from information sharing individually for all banks and financial institutions you do business with using their privacy policy choices. You should opt-out of preapproved credit offers (US), unsolicited commercial mail and email (US, UK, CA), and put your phone numbers on the "Do Not Call" list (US, UK, CA). Highly Recommended Simply install and use Tor with Vidalia to surf the internet anonymously. It's free, only downside is it's not terribly fast, but has fairly good anonymity, so it's a tradeoff. Keep in mind its for anonymity not for security, so make sure sites you put passwords in are SSL encrypted (and have valid SSL certificates), and remember that all end point traffic can be sniffed. You can use the Torbutton extension for Firefox to easily toggle on/off anonymous browsing. POP3/IMAP and P2P software won't work through Tor, so keep that in mind. Portable Anonymous Browsing The Tor Project now has a "Zero-Install Bundle" which includes Portable Firefox and Tor with Vidalia to surf anonymously from a USB memory stick pretty much anywhere with the internet. It also includes Pidgin with OTR for encrypted IM communications. Note: These won't protect you from Trojans/Keyloggers/Viruses on insecure public terminals. Never type important passwords or login to important accounts on a public computer unless it is absolutely necessary! Alternatives I2P functions similar to Tor, allowing you to surf the general internet with anonymity. IPREDator $ is a VPN that can be used to anonymize P2P/BitTorrent downloads. Freenet is notable, but not for surfing the general internet, it's its own network with its own content. b. Encryption For most people, encryption may be unnecessary. But if you have a laptop, or any sort of sensitive data (whether it be trade secrets, corporate documents, legal or medical documents) then you can't beat the kind of protection that encryption will offer. There are a variety of options available today, including a lot of software not listed here. A word to the wise, please, please don't fall for snake oil, use well established applications that use time tested (and unbroken) ciphers. Regardless of what software you use, the following "what to pick" charts will apply universally. If you have to pick an encryption cipher: Best: AES (Rijndael) (128-bit block size) Better: Twofish (128-bit block size), Serpent (128-bit block size) Good: RC6 (128-bit block size) Depreciated: Blowfish (64-bit block size), CAST5 (CAST-128) (64-bit block size), Triple-DES (64-bit block size) When encrypting large volumes of data, it is important to pick a cipher that has a block size of at least 128-bytes. This affords you protection for up to 2^64x16 bytes (264 exabytes) . 64-bit block ciphers only afford protection of up to 2^32x8 bytes (32 gigabytes) so using it as a full disk or whole disk encryption cipher is not recommended. The depreciated list is only because some of you might be stuck using software that only supports older encryption methods, so I've ordered it from what I feel is best to worst (though all three that are on there are pretty time tested and if properly implemented, quite secure). If you have to pick a hash to use: Best: Whirlpool (512-bit) Better: SHA-512 (512-bit), SHA-256 (256-bit) Good: Tiger2/Tiger (192-bit), RIPEMD-160 (160-bit) Depreciated: RIPEMD-128, SHA-1, MD-5. With all the recent advances in cryptanalysis (specifically with work on hash collisions) These days I wouldn't trust any hash that is less than 160-bits on principle. To be on the safe side, use a 192-bit, 256-bit, or 512-bit hash where available. There will be cases where your only options are insecure hashes, in which case I've ordered the "depreciated" list from best to worst (they are all varying levels of insecure). Many older hashes (MD4, MD2, RIPEMD(original), and others) are totally broken, and are not to be used. A quick software rundown, these applications are popular and trusted: Highly Recommended Freeware Whole Disk Encryption TrueCrypt Based upon E4M, TrueCrypt is a full featured disk encryption suite, and can even be run off a USB memory stick. TrueCrypt supports the whole disk encryption of Windows, with pre-boot authentication. Very nice. If you can't use whole-disk encryption (WDE), you can use the TCTEMP add-on to encrypt your swapfile, temp files and print spooler, and you can use the TCGINA add-on to encrypt your windows home directory. (Note: TCTEMP/TCGINA is less secure than WDE, and only preferable if WDE is not an option. WDE is highly recommended.) Freeware PKI Encryption GnuPG (GPG) GnuPG provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, and encryption and decryption of documents and email messages. Freeware Email Encryption Enigmail Enigmail is truly a work of art, it integrates with GnuPG and provides seamless support for encryption and decryption of email messages, and can automatically check PGP signed documents for validity. (Enigmail requires both Mozilla Thunderbird and GnuPG) Alternatives Encryption Suite (with Whole Disk and Email Encryption) PGP Full Disk Encryption $ PGP provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, encryption and decryption of documents and email messages, volume disk encryption, whole disk encryption, outlook integration, and instant messenger encryption support. c. Backup, Erasure and Recovery // This section is under construction. Backups Your data might be safe from prying eyes, but what if you are affected by hardware failure, theft, flood or fire? Regular backups of your important data can help you recover from a disaster. You should consider encryption of your backups for enhanced security. Local Backup Cobian Backup Cobian Backup is a fully-featured freeware backup utility. SyncBack Freeware, Macrium Reflect Free SyncBack Freeware and Macrium Reflect Free are feature-limited freeware backup utilities. Off-site Backup SkyDrive (25GB, filesize limited to 100MB), box.net (5GB) SkyDrive and box.net offer free online storage, useful for easy offsite backups. Be sure to utilize encrypted containers for any sensitive documents. Data Destruction It would be better to have your data residing in an encrypted partition, but sometimes that may not be possible. When sanitizing a hard drive, I recommend using a quality Block Erase tool like DBAN followed by a run-through with ATA Secure Erase if you really want a drive squeaky clean. Block erasing is good for data you can normally reach, but ATA secure erase can hit areas of the drive block erasers can't. As for multiple overwrite passes, there is no proof that data overwritten even one time can be recovered by professional data recovery corporations. For moderate security, a single pseudorandom block-erase pass (random-write) followed by an ATA Secure Erase pass (zero-write) is sufficient to thwart any attempts at data recovery. For a high level of security, a "DoD Short (3 pass)" block-erase pass followed by an ATA Enhanced Secure Erase will ensure no recovery is possible. Single-File/Free Space Erase If you are interested in just erasing single files or wiping free space, you can use the Eraser utility. Block Erase For hard drive block-erasure, use DBAN. ATA Secure Erase For ATA Secure Erasing, use the CMRR Secure Erase Utility. CMRR Secure Erase Protocols (.pdf) http://cmrr.ucsd.edu...seProtocols.pdf NIST Guidelines for Media Sanitation (.pdf) - http://csrc.nist.gov...800-88_rev1.pdf File Recovery Software This is kind of the opposite of data destruction. Keep in mind no software utility can recover properly overwritten data, so if it's overwritten there is no recovery. Highly Recommended Recuva Recuva is an easy to use GUI-based recovery utility. Alternatives TestDisk and PhotoRec These tools are powerful command-line recovery utilities. TestDisk can recover partitions, and PhotoRec is for general file recovery. Ontrack EasyRecovery Professional $ EasyRecovery is one of the best paid utilites for file recovery. d. Access Control (Passwords, Security Tokens) // This section is under construction. Secure Passwords //Section under construction. Your security is only as strong as its weakest password. There are a few basic rules to follow when creating a strong password. Length - Passwords should be at least 12 characters long. When possible, use a password of 12 or more characters, or a "passphrase". If you are limited to using less than 12 characters, you should try and make your password as long as allowable. Complexity - Passwords should have an element of complexity, a combination of upper and lowercase characters, numbers, and symbols will make your passwords much harder to guess, and harder to bruteforce. Uniqueness - Passwords should avoid containing common dictionary words, names, birthdays, or any identification related to you (social security, drivers license, or phone numbers for example). Secret - If you have a password of the utmost importance, do not write it down. Do not type them in plain view of another person or share them with anyone. Avoid use of the same password in multiple places. Security Tokens Security Tokens are cryptographic devices that allow for two-factor authentication. Google Titan Yubikey 5 Series 6. Conclusion And here we are at the end! I would like to thank all of you for taking the time to read my guide, it's a few (slow) years in the making and I've kept it up to date. This guide is always changing, so check back from time to time. Revision 1.10.020 Copyright © 2004-2012 Malakai1911, All Rights Reserved The information contained within this guide is intended solely for the general information of the reader and is provided "as is" with absolutely no warranty expressed or implied. Any use of this material is at your own risk, its authors are not liable for any direct, special, indirect, consequential, or incidental damages or any damages of any kind. This guide is subject to change without notice. Windows_Security_Template__1.10.015_.zip
  3. New features build on Total Cookie Protection, simplifying privacy management. Mozilla's Firefox 91, released this morning, includes a new privacy management feature called Enhanced Cookie Clearing. The feature allows users to manage all cookies and locally stored data generated by a website—regardless of whether they're cookies tagged to that site's domain or cookies placed from that site but belonging to a third-party domain, e.g., Facebook or Google. Building on Total Cookie Protection Enlarge / Mozilla isn't being delicate about which tech giant is first in its crosshairs. Mozilla The new feature builds and depends upon Total Cookie Protection, introduced in February with Firefox 86. Total Cookie Protection partitions cookies by the site that placed them rather than the domain that owns them—which means that if a hypothetical third party we'll call "Forkbook" places tracking (or authentication) cookies on both momscookies.com and grandmascookies.com, it can't reliably tie the two together. Without cookie partitioning, a single Forkbook cookie would contain the site data for both momscookies.com and grandmascookies.com. With cookie partitioning, Forkbook must set two separate cookies—one for each site—and can't necessarily relate one to the other. Even if the cookies are used for a third-party Forkbook login, tying the two together would need to be done on the back end—since both are presumably for the same Forkbook account—rather than Forkbook being able to simply, cheaply, and easily read all tracking data from a single cookie. If the sites don't use Forkbook for authentication, the two probably can't be tied together at all—because even if the user is logged in to Forkbook in a different tab, that cookie is split apart from the ones used on mom's and grandma's cookie sites. Clearing data site-wide Enlarge / The updated Cookies and Site Data management dialog displays all locally stored resources set at a particular site, whether owned by that site or by a third party. Mozilla Once you understand that websites routinely place cookies that belong to third-party domains, it becomes obvious why it might be difficult to clear all traces of data stored by that site—returning to our "Forkbook" example above, clearing all data belonging directly to momscookies.com wouldn't clear the Forkbook cookie, and clearing a universal Forkbook cookie would necessarily log the user out of all websites using Forkbook authentication. However, when each site has its own individual cookie jar—meaning Forkbook needs to place separate cookies, separate copies of embedded javascript libraries, separate copies of images, and so forth between momscookies.com and grandmascookies.com and forkbook.com itself—it becomes possible to easily manage all data stored locally by that individual site. When using Total Cookie Protection, you can empty the entire bucket for momscookies.com, including its own cookies, Forkbook's cookies, and anything else. This breaks Forkbook's record of your browsing activities on momscookies.com—because although it will set a new cookie the next time you visit, it won't have a reliable way to tie that cookie to the previous cookie you deleted or to other Forkbook cookies set by other sites. Fuhgeddaboudit Enlarge / The new "Forget about this site" option in History allows you to clear all site data, as well as your history of visiting it in the first place. Mozilla In addition to organizing locally stored data by the website that placed it rather than the domain that owns it, Firefox 91 gives users the ability to quickly and easily remove all local traces of visiting a site. When browsing your own History timeline in Firefox 91, you can right-click a site's entry and select Forget About This Site. Doing so removes both the entry in History and all cookies, images, cached scripts, and so forth set during visits to that site. Get strict In order to use the new privacy management features, you'll first have to make sure that Strict Tracking Protection is enabled. Without Strict Tracking Protection, cookies aren't separated by the site that sets them in the first place. To enable Strict Tracking Protection, click the shield to the left of the address bar and select Protection Settings. This opens Privacy and Security in a new tab—from there, just make sure the radio-button option for Enhanced Tracking Protection is set to Strict, not Standard. Although Firefox's Privacy and Security dialog warns you—accurately—that Strict protection may cause some sites or content to break, those breakages have so far been few and minor in our own testing. The majority of the web—including the bits using third-party authentication and tracking—should continue to work just fine. Today’s Firefox 91 release adds new site-wide cookie-clearing action
  4. Mozilla says that starting with Firefox 91, users will be able to fully erase the browser history for all visited websites, thus preventing privacy violations due to "sneaky third-party cookies sticking around." This change builds on the inclusion of default blocks for cross-site tracking in private browsing, first introduced after Total Cookie Protection was released with Firefox 86 in February. The new feature, dubbed Enhanced Cookie Clearing, helps you delete all cookies and supercookies stored on your computer by websites or web trackers. Enhanced Cookie Clearing is triggered automatically whenever you're clearing cookies and other site data after enabling Strict Tracking Protection. "When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website's cookie jar," Mozilla said. "This 'Enhanced Cookie Clearing' makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around." HTTPS enabled by default in private browsing Mozilla also announced today that, starting with Firefox 91, private browsing windows will automatically switch to secure HTTPS connections by default. By upgrading all connections to HTTPS, Mozilla aims to protect users from man-in-the-middle (MITM) attacks trying to snoop on or alter data exchanged with web servers over the unencrypted HTTP protocol. "Whenever you enter an insecure (HTTP) URL in Firefox's address bar, or you click on an insecure link on a web page, Firefox will now first try to establish a secure, encrypted HTTPS connection to the website," Mozilla explained. "In the cases where the website does not support HTTPS, Firefox will automatically fall back and establish a connection using the legacy HTTP protocol instead." Mozilla has added an HTTPS-Only Mode starting with Firefox 83 to secure web browsing by rewriting URLs to use HTTPS (even though this feature is disabled by default, it can be easily enabled from the browser's settings). Microsoft Edge can also be configured to switch secure HTTPS connections when connecting over HTTP by enabling an experimental Automatic HTTPS option available in the Canary and Developer preview channels. In April, Google updated Chrome to default to HTTPS for all URLs typed in the address bar if the user doesn't specify a protocol. HTTPS by default in private browsing (Mozilla) According to Mozilla, while browsing the web in private mode, Firefox defends your privacy using several privacy protection technologies, all enabled by default: Total Cookie Protection isolates cookies to the site where they were created Supercookie protections stop supercookies from following you from site to site Cookies and caches are cleared at the end of every Private Browsing session and aren't shared with standard windows Trackers are blocked, including cookies, scripts, tracking pixels, and other resources from domains on Disconnect's list of known trackers Many fingerprinting scripts are blocked, according to Disconnect's list of invasive fingerprinting domains SmartBlock intelligently fixes up web pages that were previously broken when tracking scripts were blocked To go into private browsing mode, you have to open the Application Menu by clicking the button (☰) on the top right and choosing "New Private Window." You can also use keyboard shortcuts to enable private browsing mode using Ctrl + Shift + P (or Cmd + Shift + P on macOS) Firefox adds enhanced cookie clearing, HTTPS by default in private browsing
  5. I couldn't find much information. I pay for a subscription through Private Internet Access for their VPN service. While visiting my Client Control Panel on their website, I saw the offer on the sidebar. It appears to still be in development. Homepage: https://www.privateinternetaccess.com/ Download: https://app.intego.com/pi/downloader.php https://cdn1-piav.intego.com/pi/install/20210615/PrivateInternetAntivirusSetup.exe https://anonfiles.com/dcVc3051u9/PrivateInternetAntivirusSetup_exe
  6. Microsoft admits to signing rootkit malware in supply-chain fiasco Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs. G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft. It turns out, the C2 infrastructure belongs to a company classified under "Communist Chinese military" by the US Department of Defense. This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft's code-signing process. "Netfilter" driver is rootkit signed by Microsoft Last week, G Data's cybersecurity alert systems flagged what appeared to be a false positive, but was not—a Microsoft signed driver called "Netfilter." The driver in question was seen communicating with China-based C&C IPs providing no legitimate functionality and as such raised suspicions. This is when G Data's malware analyst Karsten Hahn shared this publicly and simultaneously contacted Microsoft: The malicious binary has been signed by Microsoft (VirusTotal) "Since Windows Vista, any code that runs in kernel mode is required to be tested and signed before public release to ensure stability for the operating system." "Drivers without a Microsoft certificate cannot be installed by default," states Hahn. At the time, BleepingComputer began observing the behavior of C2 URLs and also contacted Microsoft for a statement. The first C2 URL returns a set of more routes (URLs) separated by the pipe ("|") symbol: Navigating to the C2 URL presents more routes for different purposes Source: BleepingComputer Each of these serves a purpose, according to Hahn: The URL ending in "/p" is associated with proxy settings, "/s" provides encoded redirection IPs, "/h?" is for receiving CPU-ID, "/c" provided a root certificate, and "/v?" is related to the malware's self-update functionality. As seen by BleepingComputer, for example, the "/v?" path provided URL to the malicious Netfilter driver in question itself (living at "/d3"): Path to malicious Netfilter driver Source: BleepingComputer The G Data researcher spent some time sufficiently analyzing the driver and concluded it to be malware. The researcher has analyzed the driver, its self-update functionality, and Indicators of Compromise (IOCs) in a detailed blog post. "The sample has a self-update routine that sends its own MD5 hash to the server via hxxp://110.42.4.180:2081/v?v=6&m=," says Hahn. An example request would look like this: hxxp://110.42.4.180:2081/v?v=6&m=921fa8a5442e9bf3fe727e770cded4ab "The server then responds with the URL for the latest sample, e.g. hxxp://110.42.4.180:2081/d6 or with 'OK' if the sample is up-to-date. The malware replaces its own file accordingly," further explained the researcher. Malware's self-update functionality analyzed by G Data During the course of his analysis, Hahn was joined by other malware researchers including Johann Aydinbas, Takahiro Haruyama, and Florian Roth. Roth was able to gather the list of samples in a spreadsheet and has provided YARA rules for detecting these in your network environments. Notably, the C2 IP 110.42.4.180 that the malicious Netfilter driver connects to belonged to Ningbo Zhuo Zhi Innovation Network Technology Co., Ltd, according to WHOIS records. The U.S. Department of Defense (DoD) has previously marked this organization as a "Communist Chinese military company," another researcher @cowonaut observed. Microsoft admits to signing the malicious driver Microsoft is actively investigating this incident, although thus far, there is no evidence that stolen code-signing certificates were used. The mishap seems to have resulted from the threat actor following Microsoft's process to submit the malicious Netfilter drivers, and managing to acquire the Microsoft-signed binary in a legitimate manner: "Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments." "The actor submitted drivers for certification through the Windows Hardware Compatibility Program. The drivers were built by a third party." "We have suspended the account and reviewed their submissions for additional signs of malware," said Microsoft yesterday. According to Microsoft, the threat actor has mainly targeted the gaming sector specifically in China with these malicious drivers, and there is no indication of enterprise environments having been affected so far. Microsoft has refrained from attributing this incident to nation-state actors just yet. Falsely signed binaries can be abused by sophisticated threat actors to facilitate large-scale software supply-chain attacks. The multifaceted Stuxnet attack that targeted Iran's nuclear program marks a well-known incident in which code-signing certificates were stolen from Realtek and JMicron to facilitate the attack. This particular incident, however, has exposed weaknesses in a legitimate code-signing process, exploited by threat actors to acquire Microsoft-signed code without compromising any certificates. Source
  7. Meet Thistle, the startup that wants to secure billions of IoT devices Startup gets $2.5 million funding to jump-start security for connected devices. Enlarge Getty Images For more than two decades, Window Snyder has built security into products at some of the biggest companies in the world. Now, she’s unveiling her own company that aims to bake security into billions of connected devices made by other companies. San Francisco-based Thistle Technologies said on Thursday that it received $2.5 million in seed funding from True Ventures. The startup is creating tools that will help manufacturers build security into connected devices from the ground up. IoT, hackers’ low-hanging fruit Printers, ATMs, consumer electronics, automobiles, and similar types of Internet-of-things devices have emerged as some of the biggest targets of malware. Manufacturers typically don’t have the security expertise that companies like Apple, Microsoft, and Google have developed over the past 20 years. The result is billions of devices that ship with vulnerabilities that are preyed upon by profit-driven criminals and nation-state hackers. “What it takes to build security into products… requires a lot of really specialized skills,” said Snyder, Thistle’s CEO and founder. “You get folks, especially at the devices level, building the same security mechanisms over and over again, reinventing the wheel, and doing it to different levels of resilience.” Security veteran Snyder previously served as chief security officer at Square, Mozilla, and Fastly and was chief software security officer at Intel. As a teenager, she was part of a Boston hacker collective before going on to be a consultant at @stake, a security company that employed many of the members of L0pht, another Boston hacker collective. She also spent time at Microsoft working on Windows XP SP2, the update that added a host of security improvements to the OS. Later, she worked on security at Apple. Thistle will develop frameworks that allow device manufacturers to quickly build reliable and resilient security into their products more quickly than they could do on their own. The company’s initial work will focus on building a platform that delivers security updates to connected devices. Patching devices typically requires reflashing firmware, a process that can be fraught with risk. “It’s one of the reasons that nobody delivers updates for devices, because the cost of failing an update is so high,” Snyder said. “If you’ve got 100 million devices out there and you’ve got a 1-percent failure rate—which is very, very low for updates—that’s still a million devices that are bricked potentially.” True Ventures is investing $2.5 million in seed funding to Thistle. The Silicon Valley venture capital firm has provided funding to hundreds of early-stage startups, including Duo Security, the company that provides two-factor authentication and other security services and is now owned by Cisco. Meet Thistle, the startup that wants to secure billions of IoT devices
  8. New Dodge Challenger and Charger Software Limits Cars to 3 HP Because People Keep Stealing Them Dodge says the update will be good for “foiling fast getaways and joyrides.” It's no secret that car thieves have a thing for high-performance Dodge muscle cars. Because of that, the company is responding with a software patch that should make life a little harder for those who'd like to live the Hellcat life but refuse to do so under legal means. Soon to be available to Chargers and Challengers equipped with either the 6.2- or 6.4-liter Hemi V8 engines, a new Security Mode locks the cars' full performance behind a four-digit code as an extra layer of security against thieves who have spoofed the main key code, sort of like how two-factor authentication adds extra protection against people trying to gain access to your Facebook profile. (If you do not have 2FA set up for your major online accounts or are not even aware of what 2FA is, you should probably do some research and get on that.) Without the four-digit code, presumed Dodge thieves will only be able to drive the cars with the engines at idle speed (675 rpm), limiting them to just 22 pound-feet of torque and less than three horsepower. Yes, three hp. Not 300 hp. Not 30. Three. Well, 2.8 hp to be completely precise. So, if you ever see a Hellcat being driven around suspiciously slowly and quietly, it may very well be stolen. All the more reason for legit owners to give their cars a random rev every once in a while, I guess. High-horsepower Chargers and Challengers from the 2015 model year onwards are eligible to have this retroactively installed free of charge by any Dodge dealership. "When flashed into the computer of affected 2015 or newer Dodge muscle cars, the protective software will limit the engine output to less than three horsepower, foiling fast getaways and joyrides," said Dodge CEO Tim Kuniskis. "More than 150 cars are stolen every day in the United States. For any car owner, it's terrible, it's a hassle and it's a personal violation. Though statistically rare, car thieves have targeted the high-horsepower Dodge muscle cars, and we want the Dodge 'Brotherhood' to know we're taking quick action and covering their backs." Reportedly, more than 1,000 Chargers were stolen in and around the Detroit area in 2020 alone (around three every single day) while the Charger Hemi and Challenger SRT Hellcat ranked first and second, respectively, on the list of vehicles most likely to be stolen in America a couple of years ago. However, these two aren't the only FCA, er, Stellantis hot rods to have become dubiously appetizing to thieves. Late last year, a pre-production 2021 Durango SRT Hellcat SUV was swiped straight off of a company employee's driveway in Detroit and a Jeep Grand Cherokee Trackhawk press car was once taken from the folks at Jalopnik during the 2019 Detroit Auto Show. We've contacted Stellantis to ask whether the new security software will make its way to other models and will update this story when we hear back. The Security Mode software will be available for Dodge's muscle cars late in the second quarter of 2021. Source: New Dodge Challenger and Charger Software Limits Cars to 3 HP Because People Keep Stealing Them
  9. Email is an insecure, outdated communication method, but can it be saved? Despite growth in the use of instant messaging, email remains the most common form of business communication online. In 2019, there were over 3.9 billion email users globally, a number that’s set to rise to 4.48 billion by 2024. Any company operating online must use email services—there’s no avoiding it. But email was never designed to be a secure method of communication used daily by billions of people around the globe. While there have been many attempts to upgrade the security of email protocols, email is one of the least private ways to communicate online. Certain email service providers attempt to shore up some of email’s inherent security weaknesses by offering robust encryption. In this article, we look at why a business might want to consider a secure email provider. Despite growth in the use of instant messaging, email remains the most common form of business communication online. In 2019, there were over 3.9 billion email users globally, a number that’s set to rise to 4.48 billion by 2024. Any company operating online must use email services—there’s no avoiding it. But email was never designed to be a secure method of communication used daily by billions of people around the globe. While there have been many attempts to upgrade the security of email protocols, email is one of the least private ways to communicate online. Certain email service providers attempt to shore up some of email’s inherent security weaknesses by offering robust encryption. In this article, we look at why a business might want to consider a secure email provider. What’s wrong with email? Email was developed as a basic means to send messages back and forth over the internet, so little thought was put into security, privacy, or encryption in the early days. Everything was transferred in plain text, and emails could be read by anyone watching the network traffic. Though emails nowadays have a little more security, much of the data is still sent unencrypted. There are multiple places where email conversations in a company can be compromised. For starters, messages are stored on your devices, so anyone with physical access to your computer or smartphone can read them. Or, a malicious app can read emails and get to file attachments easily. Even if you personally ensure that your devices are stored securely and free from malware, not everyone in the company may be so diligent. Also, every email must be transferred through your connection to the email provider. The reality is that even if all your company’s emails are stored on the same server, any remote email access requires the data to be sent through a chain of routers and switches operated by many different companies. If the sender and the recipient of an email use different email servers, there are even more intermediary ISPs involved. At every link of the chain, it’s quite easy to eavesdrop on email conversations. Why most email servers are insecure Consider the overall security of your email server, where emails are stored. Some companies run their own email servers entirely disconnected from the internet, but most use an email service provider like Gmail or Outlook.com because it’s simple and keeps costs low. One way that attackers can gain access to emails is by guessing, stealing, or cracking your employees’ email passwords. Weeks, months, or years of emails can be exposed, including emails that you thought were already deleted. Most email providers store emails on their servers in plain text. This means if there’s a security breach, hackers can easily access all your company’s emails and attachments. Unfortunately, security breaches are all too common. Your email is being used for advertising One reason that most email providers don’t store emails in an encrypted format is to reduce performance overheads and make searching through emails faster. More importantly, it allows them to scan your emails automatically so they can target advertising at you. Even companies that don’t use your emails to build personalized ads will scan them for other purposes. In a high-profile move, Google removed ad personalization based on email from its Gmail product in 2017, in a bid to woo more business customers, but it still scans emails. After all, the Google app knows when your next flight is leaving, and the Google Calendar app automatically adds restaurant reservations for you! For privacy-concerned citizens, the fact that these email service providers will hand over your email data to governments without hesitation is incredibly problematic. Secure email providers are better Email providers that focus on security and privacy eliminate some, but not all, of email’s inherent problems. Services like ProtonMail and Tutanota encrypt all emails on their servers, so no one else can read them. Your data is never used for advertising purposes, and there’s no tracking or logging. Some of the best secure email providers support end-to-end encryption. This means that messages are encrypted on the sender’s device and can only be decrypted on the recipient’s device. No third party can read the contents of the emails when they are in transit. Secure email providers also have more robust two-factor authentication and strong password rules to help reduce the chances of passwords being cracked or stolen. Even with end-to-end encryption, emails are insecure Even with end-to-end encryption, email metadata is not encrypted, so any servers relaying your emails can read certain information about the emails. Email metadata includes the sender, recipient, date, and subject line. With just this information alone, snoopers can learn much about the conversation. Companies that need absolute privacy need to double down with added layers of security, like using a business VPN or Tor. That said, you can’t expect everyone who interacts with your company via email to jump through so many hoops. Instead, it’s better to consider any email sent and received to have a low level of security, and you should seek out better options than email for internal communication. Conclusion Email is an old, insecure protocol. When you use a basic email service provider, your company’s emails are vulnerable to attack. Secure email providers improve the privacy and security of your emails, but they can’t completely overcome email’s inherent flaws. Companies should take pains to secure emails as much as possible but still treat it as an insecure method of communication. For internal communication that needs to be secure, avoiding email altogether and using a more modern solution, such as Signal or Wire, is preferable. We've featured the best email clients. SOURCE
  10. Microsoft 365 adds 'External' email tags for increased security Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. Once the feature is available, Exchange Online admins can increase their organizations' spam and phishing protection by having all emails from external senders tagged automatically. "This will be achieved by presenting a new tag on emails called 'External' in the message list," Microsoft explains in the Microsoft 365 roadmap. "In some Outlook clients, a 'mail tip' will be included at the top of the reading pane with sender's email address." The new external email tags will only show up in Outlook on the web, the new Outlook for Mac, and Outlook mobile (iOS and Android). External tags in Outlook on the web (Microsoft) External tags in Outlook for iOS (Microsoft) How to enable external email tagging After its rollout to all Office 365 environments to standard multi-tenants worldwide later this month, the Exchange Online external tag feature will be off by default. Admins who want to enable it in their tenants will have to use the Get-ExternalInOutlook and Set-ExternalInOutlook PowerShell cmdlets to view and modify external sender identification configuration in supported Outlook versions. "If you enable the cmdlet, within 24-48 hours, your users will start seeing a warning tag in email messages received from external sources (outside of your organization)," Microsoft says. "In Outlook mobile, by tapping on the External tag at the top of the message, the user will see the email address of the sender." Microsoft is also working on adding SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to thwart downgrade and man-in-the-middle (MITM) attacks. Last year, Exchange Online added support for plus addressing (also known as subaddressing or detailed addressing), allowing Office 365 customers to use unlimited disposable recipient email addresses to filter and track email sources. Source: Microsoft 365 adds 'External' email tags for increased security
  11. Microsoft: We're cracking down on malware that uses Excel macros A new antivirus and Office 365 integration from Microsoft allows for scanning malicious macro scripts written in XLM at runtime. Macro malware has been a popular choice for hackers since the 1990s and even in recent years the technique has continued to be a simple way of delivering malware to the unwary. Just last month, Ukraine accused Russian government spies of uploading documents with malicious macros to a Ukrainian government document-sharing site. And amid the first wave of the COVID-19 pandemic, Microsoft warned of emails containing Excel files with malicious macros. Microsoft has been using an integration between its Antimalware Scan Interface (AMSI) and Office 365 to knock out macro malware for years, but its successful efforts to take out macro scripts written in Visual Basic for Applications (VBA) ended up pushing attackers to an older macro language called XLM, which came with Excel 4.0 in 1992. Now Microsoft is expanding the integration of its AMSI with Office 365 to include the scanning of Excel 4.0 XLM macros at runtime, bringing AMSI in line with VBA. AMSI allows applications to integrate with any antivirus on a Windows machine to enable the antivirus to detect and block a range of malicious scripts in Office documents. Microsoft notes its Defender anti-malware is using this integration to detect and block XLM-based malware and is encouraging other anti-malware providers to adopt it, too. Although XLM was superseded by VBA in 1993, XLM is still used by some customers and so it remains supported in Excel. "While more rudimentary than VBA, XLM is powerful enough to provide interoperability with the operating system, and many organizations and users continue to use its functionality for legitimate purposes. Cybercriminals know this, and they have been abusing XLM macros, increasingly more frequently, to call Win32 APIs and run shell commands," explain Microsoft's security teams. The arrival of AMSI's VBA runtime scan in 2018 "effectively removed the armor that macro-obfuscation equipped malware with, exposing malicious code to improved levels of scrutiny," says Microsoft. "Naturally, threat actors like those behind Trickbot, Zloader, and Ursnif have looked elsewhere for features to abuse and operate under the radar of security solutions, and they found a suitable alternative in XLM," it continues. If the antivirus detects a malicious XLM macro, the macro won't execute and Excel is terminated, thus blocking the attack. Runtime inspection of XLM macros is now available in Microsoft Excel and is enabled by default on the February Current Channel and Monthly Enterprise Channel for Microsoft 365 subscription users. Microsoft Source: Microsoft: We're cracking down on malware that uses Excel macros
  12. Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform. Windows Server 2022 is now in preview and "provides secured connectivity enabled by industry-standard AES 256 encryption," as Microsoft announced today. The next Windows Server release will also improve hybrid server management by enhancing performance monitoring and event alerts in Windows Admin Center. "Furthermore, this release includes significant improvements to Windows container runtime, such as virtualized time zones and IPV6 support for globally scalable apps, as well as containerization tools for .NET, ASP.NET, and IIS applications," Microsoft added at Microsoft Ignite 2021. Windows Server 2022 also brings Secured-core to Windows Server for added protection against a wide range of threats. Secured-core servers with built-in threat protection Secured-core PCs come as a solution for the number of increasing firmware vulnerabilities that attackers can exploit to bypass a Windows machine's Secure Boot and the lack of visibility at the firmware level present in today's endpoint security solutions. Built-in protection capabilities designed to protect users from threats (both state-sponsored hacking attacks and commodity malware) abusing firmware and driver security flaws are included with all Secured-core PCs since October 2019. They can defend users against malware designed to take advantage of driver security flaws to disable security solutions. Secured-core PCs built by Microsoft in collaboration with OEM partners and silicon vendors protect users against such attacks by following these requirements: Loading Windows securely: Enabled with Hypervisor Enforced Integrity, a Secured-core PC only starts executables signed by known and approved authorities. Also, the hypervisor sets and enforces permissions to prevent malware from attempting to modify the memory and made executable Firmware protection: System Guard Secure Launch uses the CPU to validate the device to boot securely, preventing advanced firmware attacks Identity protection: Windows Hello allows you to sign-in without a password, Credential Guard leverages VBS to prevent identity attacks Secure, hardware-isolated operating environment: Uses the Trusted Platform Module 2.0 and a modern CPU with dynamic root of trust measurement (DRTM) to boot up your PC securely and minimizes firmware vulnerabilities Secured-core servers now follow these provisions to boot securely, protect themselves from firmware security bugs, shield the OS from attacks, prevent unauthorized access, and secure users' identity and domain credentials. Together, Windows Server 2022 and Secured-core add the following preventative defense capabilities to servers: Enhanced exploit protection: Hardware innovations allow for robust and performant implementations of exploit mitigations. Hardware-enforced Stack Protection will take advantage of the latest chipset security extension, Control-flow Enforcement Technology. Windows Server 2022 and protected applications will be secured from a common exploit technique, return-oriented programming (ROP), often used to hijack intended control flow of a program. Connection security: Secure connections are at the heart of today’s interconnected systems. Transport Layer Security (TLS) 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a secure communication channel between two endpoints. TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. Windows Server 2022 includes TLS 1.3 enabled by default, protecting the data of clients connecting to the server. Improved account support for containers: Containers are being embraced by many customers as a preferred building block for their applications and services. Customers use group Managed Service Accounts (gMSA) as the recommended Active Directory identity solution for running a service across a server farm. Today, anyone trying to containerize their Windows services and applications that use gMSA is required to domain join their container host to enable gMSA functionality. This can cause scalability and management issues. Windows Server 2022 supports improvements to gMSA for Windows Containers that allow you to enable support for gMSA without domain joining the host. Secured-core for Azure IoT Edge devices Microsoft also introduced the Edge Secured-core device label at Microsoft Ignite 2021 to identify Azure IoT Edge devices that meet the Secured-core spec. The new device label is no in public preview within the Azure Certified Device program after previously being announced for Windows enterprise devices. "Now, enterprise customers seeking Internet of Things (IoT) devices that meet the Azure defined security bar can easily identify device models that have the Edge Secured-core label in the Azure Device Catalog," Microsoft said. "As part of this requirement, devices will have Azure Defender for IoT built-in." SOURCE
  13. Apple's closed software ecosystem can be the perfect hiding spot for elite hackers Tight security can be a double-edged sword In brief: Apple is notorious for its walled garden approach and renowned for promoting security and privacy as the top feature of its products. However, security researchers believe this also means hackers who do manage to breach the wall tend to remain undetected a lot more often than you'd think. For years, Apple has touted the privacy and the security of its devices and explained through its marketing that it values those two features more than other tech companies. Lately, that has attracted legal fights with companies like Epic, which are interested in breaking the walled garden that Apple has built around its ecosystem and aligning it to what the rest of the industry is doing. However, the Cupertino giant may have inadvertently created a bigger problem than the one it set out to solve. Creating a digital fortress around its products and services has given some of the world's top hackers one of the best places to hide. It may be harder to break into an iPhone, but once in, it's also easier for that bad actor to conceal their activity for a long time. A report from the MIT Technology Review takes a deep dive into Apple's intense drive to bolster product security while touching on the unintended consequences of that approach. The analysis cites Citizen Lab's senior cybersecurity researcher Bill Marczak, who explains that top-tier hackers have the resources and motivation to develop zero-click exploits that allow them to run their malicious code while users are none the wiser. It's not just malicious actors that do this. Companies like Israel-based NSO Group have been at it for years, and while they promise to only provide their tools to legitimate organizations such as law enforcement, there's always a risk they could be misused. Additionally, companies like Facebook have tried to purchase NSO's spyware tools specifically to gain the ability to monitor iPhone and iPad users. Marczak was one of the first to raise awareness about the existence of NSO and notes that when investigating an Al Jazeera journalist's iPhone last year, he initially found no evidence of hacking on it. As the investigation dragged on, the Citizen Lab team discovered the phone was pinging servers that belong to NSO. When Apple released iOS 14, it broke the researchers' "jailbreaking" tool and cut off access to specific folders that hackers tend to use to hide their malicious code. Modern computers have been moving in a similar direction to Apple's lockdown philosophy, albeit with a limited degree of success. In the case of Macs, we've already seen the introduction of T-series security chips (which are now integrated into the M1 SoC for Apple Silicon Macs) that can govern encrypted storage, secure boot, perform image signal processing and biometric authentication, and even physically disable microphones to prevent snooping. Even that implementation is not perfect and theoretically allows a skilled hacker to bake in a keylogger and steal credentials while being virtually impossible to detect. On the software side, Apple's approach is a similar double-edged sword. On the one hand, any software that runs on a Mac has to pass a Notarization check. On the other hand, that can fail spectacularly when too many people update to the latest version of macOS at the same time. Security researchers are somewhat limited because Apple doesn't allow Mac analysis tools the kind of deep access needed to look for evidence of hacks—they aren't allowed to peek at the memory allocations of other processes. That means apps cannot check another app's personal space, which is suitable for protecting end users but a significant limitation for security research. Other companies like Google are going down a similar path. For instance, Chromebooks are locked down so that you can't run anything outside of the web browser. Apple believes this approach to security is right—that the tradeoffs are a small price to pay for making the life of malicious actors very difficult when they're looking to get access to sensitive data on your devices. Security researchers tend to agree, but they're also worried that as more people gravitate toward mobile devices designed around the walled garden paradigm, it will be more challenging to assess whether a device has been compromised. They fear malicious actors will get away with it more often than not without leaving a trace. Source: Apple's closed software ecosystem can be the perfect hiding spot for elite hackers
  14. Google funds Linux maintainers to boost Linux kernel security Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security. "While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today. Gustavo Silva and Nathan Chancellor, the two kernel developers funded through this initiative will exclusively focus on Linux kernel security development. Chancellor will triage and fix bugs in Clang/LLVM compilers. Silva will turn the elimination of several classes of buffer overflows into his full-time Linux development work. "Additionally, [Silva] is actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities," the Linux Foundation added. "He is consistently one of the top five most active kernel developers since 2017" and he "has impacted 27 different stable trees, going all the way down to Linux v3.16." This initiative comes after the release of the 2020 FOSS Contributor Survey, authored by the Laboratory for Innovation Science at Harvard (LISH) and Open Source Security Foundation (OpenSSF). The survey found that open-source software security requires more work due to its role as "a critical part of the modern economy." Over 20,000 Linux contributors have made more than one million commits since August 2020, with Linux kernel devs always considering code security. Despite this, Google's underwriting of two full-time Linux security maintainers further highlights the importance of security in open-source software. "Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure," Linux Foundation's Director of Open Source Supply Chain Security David A. Wheeler said. "We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organizations who have made the Linux kernel a collaborative global success." Google funds Linux maintainers to boost Linux kernel security
  15. Android 12 is bringing some important security features Protecting your privacy will be one of the main reasons to upgrade (Image credit: Google) Google is doubling down on security and privacy enhancements in Android 12 and when the next version of its mobile operating system launches this fall, users will be able to manually block access to some of the hardware sensors on their devices. As reported by 9To5Google, the latest version of Android includes a pair of new toggles that will allow users to prevent apps from accessing their smartphone's microphone and camera. The inclusion of these new toggles comes at a time when users have grown more concerned about their privacy and the fact that hackers could use the cameras, microphones and other sensors found on their devices to spy on them. This is why aftermarket webcam covers have become so popular for laptops and Lenovo has started adding its ThinkShutter automatic webcam cover to more of its devices. Privacy toggles With the launch of Android 12, users will be able to quickly turn off access to their microphone and camera right from the operating system's Quick Settings menu which can be accessed by swiping down from the notifications menu. Once enabled, these toggles will appear in the quick settings menu as icons that read “Block Camera” and “Mute Microphone”. When tapped, these toggles will entirely shut off access to either your device's camera or microphone. During its tests, 9To5Google found that Android 12's privacy toggles are not currently working with either system apps or third-party apps. For instance, with the “Block Camera” toggle active, the news outlet was still able to use their device's native camera app and this was also the case when it tired to use the viewfinders in Instagram and Twitter. However, at least with those two third-party apps, a system prompt did appear saying they had to turn on the camera though it was still active in the background on the developer preview of Android 12 in testing. We'll likely hear more about the security and privacy enhancements that will be included in Android 12 once Google begins preparing for its official rollout which will likely happen in September of this year. Via 9to5Google Android 12 is bringing some important security features
  16. Apple Offers Its Closest Look Yet at iOS and MacOS Security In its latest Platform Security Guide, Cupertino raised the curtain on the critical features that protect against hackers. Security researchers still want more info from Apple—but this is a good start.Photograph: Aaron P./Bauer-Griffin/Getty Images Apple is a notoriously tight-lipped and insular organization, a tendency that has often put it at odds with the security research community. The company is typically secretive on the technical details of how its products and security features work. So the resource that security researchers say they have come to rely on most for bread crumbs is Apple's annual “Platform Security Guide," the new edition of which launched today. It provides the most comprehensive and technical look at Apple's safeguards yet—including the first documentation of Apple's new M1 chips. Apple first offered the guide a decade ago as a very short writeup at the dawn of the iPhone era. It would later evolve into an “iOS Security Guide" focused exclusively on mobile, before expanding to encompass macOS in 2019. It details security features like Touch ID and Face ID, Apple's secure enclave, and secure boot, so that software developers and security researchers can understand more about how those features work and interact with each other. Over the years, the company says it has tried to balance readability for a wide audience with usefulness to those with deeper technical knowledge. This year, it packs in more information than ever about features both new and old. “I am constantly referring to that guide, and have been for years,” says Sarah Edwards, a longtime Apple security researcher. “I use it for all aspects of my research, my day job, my teaching gig, everything. About once a year or so I sit down with it on my iPad and read it page by page to see what I might have missed before or what happens to 'click' when I review it again after learning something through my research.” This year's edition contains significantly expanded information about hardware like M1, new details about the secure enclave, and an accounting of a host of software features. Researchers and hackers alike glean a lot through reverse engineering, the process of determining how something is built by examining the finished product. That "security through obscurity" helps keep attackers at bay to a degree, but by releasing the Platform Security Guide, Apple can help its customers take advantage of its defensive features while also providing guideposts for security researchers, in hopes that they can find vulnerabilities before the bad guys do. “Everything can be reverse-engineered, that’s a lot of fun at least for me,” says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. “But having a verbose and well-detailed authoritative document from Apple is helpful as it allows folks to know the intentions and limitations associated with certain security capabilities. Apple always does a great job with it, even if it doesn’t dive too deeply in the weeds." Researchers say they always have some “wish list” items that they want Apple to include in future guides. Strafach wants to know more about how M1 chips securely handle booting other operating systems, always a question for jailbreakers when Apple releases new processors. And he is curious about Apple's iOS 14 enhancements that were meant to negate a ubiquitous jailbreak exploit, but can be circumvented at least in some cases. Researchers each have specific, even esoteric hopes and dreams for new guides based on their specialities. Patrick Wardle, an independent Apple security researcher, said he was hoping to see more details on Apple's own antivirus and malware detection tools, something the company added in today's report. He still hopes to get more insight, though, into how to control some macOS features more granularly. “The guide is largely aimed at helping organizations that deploy Apple devices do so in a secure manner,” Wardle says. “And while the information provided by Apple is often quite helpful, I wish they would be more focused on practical advice for using their security components to lock systems down.” The new Platform Security Guide weighs in at almost 200 pages, and has grown steadily over more than 10 years. This slow progression reflects Apple's general hesitance to open up to security researchers. Until 2016, the company didn't even offer a bug bounty program to incentivize researchers to disclose vulnerabilities they discovered in Apple products. In 2019, the company announced that it would distribute special, less restricted iPhones to a handful of security researchers—and they finally started shipping at the very end of 2020. For cryptographers at Johns Hopkins University who recently conducted an extensive analysis of iOS and Android's various encryption states, the Platform Security Guide and historic iOS guides have been vital to understanding how everything fit together. “The guides were a really useful resource,” says Maximilian Zinkus, a PhD student at Johns Hopkins who led the analysis of iOS. Apple doesn't keep a central archive of the documents, but Zinkus and his colleagues compiled them back to 2012 from third parties. Zinkus says that while the change log at the end of each report is helpful for figuring out what information has been updated from edition to edition, it would be more useful if Apple documented changes with footnotes throughout. And including technical explanations for changes would help researchers understand certain decisions. For example, in the February 2014 iOS Security Guide, Apple listed location data as being in a special, extra-sensitive data category requiring very strong encryption. But in another version from October 2014 the paragraph mentioning that requirement was gone. “Those subtle changes can be worrying—that was definitely a surprise to see,” Zinkus says. As researchers begin to dig into the new report, they emphasize that more information is always better. But when it comes to proprietary platforms and systems, they're always going to have their wish list of what else they would want to know to help find more vulnerabilities before bad actors do—and propose ever stronger defenses in return. Apple Offers Its Closest Look Yet at iOS and MacOS Security
  17. Google Meet is getting an important new security feature It will enable Meet users to better optimize network access (Image credit: Google) Video communication tool Google Meet has announced a change to how it manages network traffic, making it easier for administrators to configure their firewalls to allow authorized traffic but block untrusted networks. In addition, the update now ensures that non-Google Workspace users receive the same protections as Workspace users. Back in January 2019, Google launched a range of fixed IP addresses for Google Meet in Workspace domains that allowed users to identify video conference traffic more easily. Now, Google has confirmed that it is introducing a range of official, fixed IP addresses for non-Google Workspace users: individuals joining calls with personal Google accounts or anonymously. “This will allow Google Workspace customers and their partners to better configure and optimize network and firewall access,” a Google Workspace update reads. “It will help non-Google Workspace domains and organizations with users who aren’t signed into Google Accounts to identify video conference traffic.” Network configuration Google also confirmed that the launch of the new IP ranges means that Meet will cease to use its old IP addresses on March 1, 2021. This may impact previously employed network optimization protocols, so Google Workspace customers are advised to add the new IP addresses to their current firewall and network configuration. Google Workspace admins should update their firewalls if they want to apply specific network rules to non-Google Workspace Meet traffic. In addition, non-Google Workspace admins should update their firewalls to allow the new Google Meet IP addresses. The new IP addresses are just the latest addition to Google Meet, which has seen a sizeable uptick in use since the COVID-19 pandemic forced many employees to work remotely. Other collaboration tools, including Microsoft Teams and Zoom, have experienced a similar popularity boost. Google Meet is getting an important new security feature
  18. Hi Guys I'm interested in what people consider a standard install required to protect your android devices. What Anti Virus, What Ad blocker and any other software people install when looking to secure an Android device. Having a Windows background you get told to keep your AV up-to date and apply security patches but what applies to the Android environment?
  19. Though Encryption is not a new topic, you might have heard it online, while doing purchases, etc. Whats App messages are protected with end-to-end encryption. Your credit card details, id& password, payment information are transferred over an encrypted network. You might have already read these things on various sites and services. So, every time you read about or heard of encryption, what was the first thing that came to your mind? Most of the people would think that encryption is complex, has something to do with security and only computer programmers or geeks can understand it. But it is not that complicated you might be thinking right now. I mean the encryption techniques you may find hard to understand but the basic essence of encryption and decryption is very simple. So, What is Encryption? In simple words, Encryption is the process of encoding a data in such a way that only intended or authorized recipient can decode it. Encryption does not secure the data but it makes your data un-readable to other parties. Which means, even if an unauthorized person or hacker is able to read the network he/she won’t be able to make any sense out of it without the correct decryption key. The science of encryption and decryption is called cryptography. Why is Encryption important? In today’s scenario, we perform a lot of data exchange online. When much of your personal information and financial transactions are processed via the Internet, no business or individual can afford to get their data stolen. Not only the financial data or business files, even the messages we exchanged with our friends, the photos/files shared with family or emails sent to our clients, we need encryption for all of these data. Cybercrime is already at its peak. Nothing is really safe. We witness cases of identity theft on daily basis. Keeping your personal data secure while using the system or at your end can be done. But when the same information is sent over the Internet, you want that information to be only viewed by the particular person and no one else. The data is first sent to the local network and then travels to Internet Service Provider. Finally, a person for whom the information was meant for, finally receives it. Meanwhile, there are numerous of people who can access your information that you are sending. That is the reason why encryption is important. Individuals use it to protect personal information, businesses use it to protect corporate secrets and government uses it to secure classified information. Basic Encryption Techniques For Network Security You Should Know About The strength of encryption is measured by its key size. No matter how strong encryption algorithm is being used, the encrypted data can be subjected to brute force attacks. There are some basic encryption techniques that are used by online services and websites that you should know about. 1. AES (Advanced Encryption Standard) Advanced Encryption Standard is a symmetric encryption technique. Symmetric encryption means it involves secret key that could be a number, word or a string of random letters which is known to both sender and receiver. This secret key is applied to messages in a particular way after which the data becomes encrypted. As long as the sender and recipient know the secret key, encryption and decryption can be performed. AES is extremely efficient in 128-bit form and it uses 192 and 256 bits for encryption purposes. In present day cryptography, AES is widely supported in hardware and software with a built-in flexibility of key length. The security with AES is assured if and only if it is implemented correctly with the employment of good key management. AES-256 bit is a very heavy and strong encryption. Most of the governments use it. 2. Blowfish Encryption Blowfish is symmetric cipher technique ideal for domestic and exportable purpose as this symmetric cipher splits messages into blocks of 64 bit each and then encrypts them individually. Blowfish encryption technique can be used as a drop-in replacement for DES. The technique takes variable length key varying from 32 bits to 448 bits. Blowfish is found in software categories ranging from e-commerce platform from security passwords to various password management tools. It is one the most flexible encryption methods available. 3. RSA Encryption The Rivest Shamir Adleman (RSA) encryption technique is one of the most popular and secure public key encryption methods. This public key encryption technique is also known as asymmetric cryptography that uses two keys, one public and one private. In RSA encryption technique, both public and private key can be used to encrypt the message. But for the decryption of the message, the opposite key that has been used for encryption will be used. Most of the times, the data is encrypted with public key and decrypte using the private key. RSA encryption method assures the confidentiality, authenticity, integrity and non-reputability of electronic communication and data storage. 4. Triple DES Encryption Triple DES encryption method is a more secure procedure of encryption as the encryption is done three times. Triple DES encryption technique takes three keys each of 64bit, so overall key length is 192bis. The data is encrypted with the first key, decrypted with the second key and then again encrypted with the third key. The procedure of decryption is somewhat same as the procedure included in encryption expect that it is executed in reverse. 5. Twofish Encryption Twofish is a symmetric block cipher method, in which single key is used for encryption and decryption. Twofish could be the best choice when among AES techniques as this encryption technique is unique in terms of speed, flexibility, and conservative design. Twofish is new encryption technique which is highly secure and flexible. This encryption technique works extremely well with large microprocessors, dedicated hardware, and 8-bit or 32-bit card processors. Also, twofish encryption technique can be used in network applications where keys tend to change frequently and in various applications with little or no ROM or RAM available. 6. DES Encryption Data Encryption Standard (DES) is symmetric block cipher which uses 56-bit key to encrypt and decrypt 64-bit block of data. The Same key is used to encrypt and decrypt the message, so both the sender and the receiver should know how to use the same private key. DES has been suspended by more secure and advanced AES encryption technique and triple DES encryption techniques. 7. IDEA Encryption International Data Encryption Algorithm (IDEA) is another block cipher encryption technique that uses 52 sub keys, each 16-bit long. This technique was used in pretty good privacy version 2. Conclusion Encryption is a standard method for making a communication private. The sender encrypts the message before sending it to another user. Only the intended recipient knows how to decrypt the message. Even if someone was eavesdropping over the communication would only know about the encrypted messages, but not how to decrypt the message successfully. Thus in order to ensure the privacy in electronic communication, various encryption techniques and methods are used. As with the growth of electronic commerce and Internet, the issue of privacy has forefront in electronic communication. In this era of internet, where every kind of data is transferred in digital format, it is important that we know how our data is transferred, saved and used. Everyone must know about these basic encryption techniques. You can share this information with your friends and family to make them aware of encryption techniques. Article source
  20. Mine is extremely light, but undoubtedly powerful. Here is my setup: Defensewall ShadowDefender Keyscrambler Sandboxie (custom rules) (A2, SAS, MBAM used rarely, on demand)
  21. Brian12

    Malware Removal Guide

    "This guide will help you remove malicious software from your computer. If you think your computer might be infected with a virus or trojan, you may want to use this guide. It provides step-by-step instructions on how to remove malware from Windows operating system. It highlights free malware removal tools and resources that are necessary to clean your computer. You will quickly learn how to remove a virus, a rootkit, spyware, and other malware." Guide: http://www.selectrealsecurity.com/malware-removal-guide I'll be posting updates. :)
  22. Tor is still DHE 1024 (NSA crackable) After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips. The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys. You can see this for yourself by going to a live listing of Tor servers, like http://torstatus.blutmagie.de/. Only 10% of the servers have upgraded to version 2.4. Recently, I ran a "hostile" exit node and recorded the encryption negotiated by incoming connections (the external link encryption, not the internal circuits). This tells me whether they are using the newer or older software. Only about 24% of incoming connections were using the newer software. Here's a list of the counts: 14134 -- 0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 5566 -- 0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 2314 -- 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 905 -- 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1 -- 0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA The older software negotiates "DHE", which are 1024 bit Diffie-Hellman keys. The newer software chooses ECDHE, which are Elliptical-Curve keys. I show the raw data because I'm confused by the last entry, I'm not sure how the software might negotiate ECDHE+3DES, it seems like a lulz-worthy combination (not that it's insecure -- just odd). Those selecting DHE+3DES are also really old I think. I don't know enough about Tor, but I suspect anything using DHE+3DES is likely more than 5 years old. (By the way, I used my Ferret tool to generate this, typing "ferret suites -r ".) The reason software is out of date is because it takes a long time for repositories to be updated. If you type "apt-get install tor" on a Debian/Ubuntu computer, you get the 2.3 version. And this is what pops up as the suggestion of what you should do when you go to the Tor website. Sure, it warns you that the software might be out-of-date, but it doesn't do a good job pointing out that it's almost a year out of date, and the crypto the older version is using is believed to be crackable by the NSA. Of course, this is still just guessing about the NSA's capabilities. As it turns out, the newer Elliptical keys may turn out to be relatively easier to crack than people thought, meaning that the older software may in fact be more secure. But since 1024 bit RSA/DH has been the most popular SSL encryption for the past decade, I'd assume that it's that, rather than curves, that the NSA is best at cracking. Therefore, I'd suggest that the Tor community do a better job getting people to upgrade to 2.4. Old servers with crackable crypto, combined with the likelyhood the NSA runs hostile Tor nodes, means that it's of much greater importance. by Robert Graham from Errata Security The feds pay for 60 percent of Tor’s development. Can users trust it? This week, we learned that the NSA had managed to circumvent much of the encryption that secures online financial transactions and other activities we take for granted on the Internet. How? By inserting backdoors into the very commercial software designed to keep sensitive medical records, bank files and other information private. The NSA’s sustained attempt to get around encryption calls into question many of the technologies people have come to rely on to avoid surveillance. One indispensable tool is Tor, the anonymizing service that takes a user’s Internet traffic and spits it out from some other place on the Web so that its origin is obscured. So far there’s no hard evidence that the government has compromised the anonymity of Tor traffic. But some on a Tor-related e-mail list recently pointed out that a substantial chunk of the Tor Project’s 2012 operating budget came from the Department of Defense, which houses the NSA. Last year, DoD funding accounted for more than 40 percent of the Tor Project’s $2 million budget. Other major donors include the U.S. State Department, which has an interest in promoting Internet freedom globally, and the National Science Foundation. Add up all those sources, and the government covers 60 percent of the costs of Tor’s development. Tor Executive Director Andrew Lewman wrote in an e-mail to users that just because the project accepts federal funding does not mean it collaborated with the NSA to unmask people’s online identities. “The parts of the U.S. and Swedish governments that fund us through contracts want to see strong privacy and anonymity exist on the Internet in the future,” Lewman wrote. “Don’t assume that ‘the government’ is one coherent entity with one mindset.” And Roger Dingledine, a founder of the Tor Project, says that the Defense Department money is much more like a research grant than a procurement contract. “They aren’t ‘buying products’ from us,” Dingledine tells me. “They’re funding general research and development on better anonymity, better performance and scalability and better blocking-resistance. Everything we do we publish in the open.” Dingledine acknowledges that “bad guys” could conceivably introduce vulnerabilities into Tor’s open-source code. But one of the major advantages of open-source software is that the product can be inspected by anyone for defects, which raises its security somewhat. There’d only be a problem if the NSA were somehow able to insert malicious code that nobody recognized. The NSA didn’t immediately respond to a request for comment Friday afternoon. Update: Roger Dingledine writes in to explain why the government has never asked the Tor Project to install a backdoor: I think this is mainly due to two reasons: A) We’ve had that faq entry up for a long time, including the part where we say we’ll fight it and that we have lots of lawyers who will help us fight it. So they know it won’t be easy. B ) I do a lot of outreach to various law enforcement groups to try to teach them how Tor works and why they need it to be safe. See e.g. the first two paragraphs of this: I think ‘A’ used to be a sufficient reason by itself, but now we’re reading about more and more companies and services that have tried to fight such a request and given up. The architecture of the Tor network makes it more complex (there’s no easy place in the deployed network to stick a backdoor), but that doesn’t mean they won’t try. I guess we rely on ‘B’ for now, and see how things go. Source Large botnet cause of recent Tor network overload Recently, Roger Dingledine described a sudden increase in Tor users on the Tor Talk mailinglist. To date there has been a large amount of speculation as to why this may have happened. A large number of articles seem to suggest this to be the result of the recent global espionage events, the evasion of the Pirate Bay blockades using the PirateBrowser or the Syrian civil war. At the time of writing, the amount of Tor clients actually appears to have more than quintupled already. The graph shows no signs of a decline in growth, as seen below: An alternative recurring explanation is the increased usage of botnets using Tor, based on the assertion that the increase appears to consist of mostly new users to Tor that apparently are not doing much given the limited impact on Tor exit performance. In recent days, we have indeed found evidence which suggests that a specific and rather unknown botnet is responsible for the majority of the sudden uptick in Tor users. A recent detection name that has been used in relation to this botnet is “Mevade.A”, but older references suggest the name “Sefnit”, which dates back to at least 2009 and also included Tor connectivity. We have found various references that the malware is internally known as SBC to its operators. Previously, the botnet communicated mainly using HTTP as well as alternative communication methods. More recently and coinciding with the uptick in Tor users, the botnet switched to Tor as its method of communication for its command and control channel. The botnet appears to be massive in size as well as very widespread. Even prior to the switch to Tor, it consisted of tens of thousands of confirmed infections within a limited amount of networks. When these numbers are extrapolated on a per country and global scale, these are definitely in the same ballpark as the Tor user increase. Thus one important thing to note is that this was an already existing botnet of massive scale, even prior to the conversion to using Tor and .onion as command and control channel. As pointed out in the Tor weekly news, the version of Tor that is used by the new Tor clients must be 0.2.3.x, due to the fact that they do not use the new Tor handshake method. Based on the code we can confirm that the version of Tor that is used is 0.2.3.25. The malware uses command and control connectivity via Tor .onion links using HTTP. While some bots continue to operate using the standard HTTP connectivity, some versions of the malware use a peer-to-peer network to communicate (KAD based). Typically, it is fairly clear what the purpose of malware is, such as banking, clickfraud, ransomware or fake anti-virus malware. In this case however it is a bit more difficult. It is possible that the purpose of this malware network is to load additional malware onto the system and that the infected systems are for sale. We have however no compelling evidence that this is true, so this assumption is merely based on a combination of small hints. It does however originate from a Russian spoken region, and is likely motivated by direct or indirect financial related crime. This specific version of the malware, which includes the Tor functionality, will install itself in: %SYSTEM%\config\systemprofile\Local Settings\Application Data\Windows Internet Name System\wins.exeAdditionally, it will install a Tor component in: %PROGRAMFILES%\Tor\Tor.exeThis location is regularly updated with new versions. Related md5 hashes: 2eee286587f76a09f34f345fd4e00113 (August 2013)c11c83a7d9e7fa0efaf90cebd49fbd0b (September 2013)Related md5 hashes from non-Tor version: 4841b5508e43d1797f31b6cdb83956a3 (December 2012)4773a00879134a9365e127e2989f4844 (January 2013)9fcddc45ae35d5cdc06e8666d249d250 (February 2013)b939f6ef3bd292996f97aa5786757870 (March 2013)47c8b85a4c82ed71487deab68de196ba (March 2013)3e6eb9f8d81161db44b4c4b17763c46a (April 2013)a0343241bf53576d18e9c1329e6a5e7e (April 2013)Source New Tor 0.2.4.17-rc packages There's a new Tor 0.2.4.17-rc to hopefully help mitigate some of the problems with the botnet issues Tor is experiencing. All packages, including the beta Tor Browser Bundles, have been updated. Relay operators are strongly encouraged to upgrade to the latest versions, since it mostly has server-side improvements in it, but users will hopefully benefit from upgrading too. Please try it out and let us know. https://www.torproject.org/projects/torbrowser.html.en#downloads Tor Browser Bundle (2.4.17-beta-1) Update Tor to 0.2.4.17-rc Update NoScript to 2.6.7.1 Update HTTPS Everywhere to 4.0development.11 Source
  23. Wondershare Data Recovery, safe and effective Windows data recovery software, retrieves your lost videos, photos, music, documents, emails, etc. from your PC's hard drive as well as from USB drives, external hard drives, mobile phones, digital cameras, iPods, MP3/MP4 players, and other storage devices Quick, Complete Recovery of Over 500 File Formats Recover over 550 unique file formats Fully recover documents, emails, photos, videos, audio files and more Read-only, risk-free, and cost-effective Windows data recovery software An easy-to-use wizard, no prior recovery skills needed System Requirements: Operating System: Microsoft Windows XP/Vista /Win7/Win8 32bit&64bit (Windows 7 64 bits & 32 bits / Vista 64 bits & 32 bits/ XP/2003 ) Hardware Requirements: Memory: 256MB RAM (1028MB Recommended) CPU: 1GHz 32 bits(x86)or 64bits(x64)processor Hard Disk: 50MB above free space Note: To avoid data overwriting, please connect an external storage media to install Data Recovery and save the recovered data there if your computer only has one partition. Download URL: http://download.wondershare.com/data-recovery_full542.exe To get your license key, visit the giveaway page: http://www.wondershare.com/data-recovery/ Note: This giveaway will be available from Oct 18th, 2013 to Oct 21st, 2013. Key ( not tested ): http://tny.cz/79dfb15b
  24. RestoreIT 2013 Download Link http://ppt.cc/vQE4 Beta version -supports English, French, Dutch, Italian, Spanish, Traditional and Simplified Chinese -supports Windows 7/8/8.1
×
×
  • Create New...