• Content count

  • Joined

  • Last visited

Community Reputation

11 Good


About chain

  • Rank
    Founder Owner Administrator
  • Birthday 01/26/1962

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
  • Interests
    scripting and chatting

Recent Profile Visitors

24,271 profile views
  1. Google has seemingly taken another step to sanitize the browsing environment for users. Allegedly, the tech giant is now planning to regularize advertisements for optimal loading. Consequently, in the days to come, Google Chrome will block heavy ads for seamless browsing. Chrome To Block Heavy AdsAs evident from the Chrome commit, Google has made plans to block heavy ads from loading. It will supposedly filter out those ads that consume more resources. This will, in turn, facilitate users for smooth browsing experience. First caught up by 9to5Google, the report reveals about some ongoing work towards achieving fast and smooth browsing. As mentioned in Chrome commit by John Delaney, Google is working on implementing ‘Heavy Ad Intervention’. The idea is to unload ad iframes that Google identifies for higher resource consumption.
  2. Cyber attack methods have evolved aggressively to become more targeted, more sophisticated, and more frequent. For this webinar we have distilled 5 of the most common and urgent problems that enterprises face, and will share our analysis of the issues and practical recommendations for addressing them within your own security program.  Join Jack Danahy, SVP, Security, as he outlines steps to: Track and combat the evolving threat landscapeIncrease visibility and resistance at the attack surfaceBattle alert fatigue and the security talent shortageDefine a cyber-risk baseline and process for your security program
  3. Looking for a good place to read up on the latest tech gadgets and tech updates.Look no further check this site out!!
  4. Your Independence Day visits to r/technology will be short indeed -- Reddit's tech subreddit is offline as part of a stand against social media. Wikipedia cofounder Larry Sangler led the push to "demand that giant, manipulative corporations give us back control over our data, privacy, and user experience." "Following on from the announcement by Larry Sangler of a Social Media Strike," the notice reads. "/r/technology is joining the #SocialMediaStrike Click the links above for more info. Normal service will resume on the 5th."
  5. UK businesses have reported a significant fall in cyber attacks over the last 12 months. The proportion identifying breaches or attacks in the least year was 32 per cent, compared with 43 per cent in 2018 and 46 per cent in 2017, according to a survey of 1,566 businesses by the Department for Digital, Culture, Media and Sport (DCMS) (PDF). Those figures echo the Crime Survey for England and Wales, which found that between September 2017 and September 2018, the number of computer misuse incidents among individuals fell from 1.5 million to 1 million. This was driven, according to Office for National Statistics data, by a significant reduction in computer viruses (down by 45 per cent over the same period). However, the DCMS report said other factors could be at play such as more investment in cybersecurity, better compliance due to GDPR, or a change in attack behaviour. For example, those carrying out cyber attacks could be focusing on a narrower (though still numerous) set of businesses. This fits with another broad trend in the survey showing that, among the 32 per cent of businesses that did identify breaches or attacks, the median number they recall facing has gone up, from two attacks in 2017 to six in 2019. Of those targeted, phishing attacks were the most common, with 80 per cent having been subject to email scams, while 27 per cent said they had been hit by viruses, spyware or malware. However, Ken Munro of Pen Test Partners said there are too many variables to make the findings conclusive. "Are the number of antivirus reports down because organisations (rightly) don't consider them to be attacks/breaches or incidents? Or is it because the antivirus products aren't detecting the types of malware that are being used now?" He added: "Without analysing the quality of phishing attacks, the data is also meaningless. Are untargeted phishing attempts being filtered out upstream? "I don't think anything can be concluded from the report other than that 'cyber stuff is still happening and some businesses are taking it more seriously'.
  6. t is with great pleasure that I can now announce that and its development is now sponsored by Private Internet Access. Some people may recognise the company as they have been sponsoring and helping out the IRC community for many years, such as the Freenode network. Having already shown their interest in pushing IRC forward and making sure that core IRC projects can stay afloat, it is a well suited match as a sponsor to the Kiwi IRC project as this can benefit every IRC network and community that uses the Kiwi IRC web client. So what does this mean for the project? There are no large changes being made. and the open source project are still independent and run by volunteers. However, with the extra support, this allows me to be focusing on Kiwi IRC development much more closely and building up with new features and improvements at a faster pace. It’s not just development that’s involved in this project. Serving for an instant, always available web IRC client for any network out there has been the larger bulk of the project and has exploded in recent years, growing from hundreds to millions of users every month. This has been a personal financial drain for some time (handling IRC isn’t cheap!) since I have never wanted to start showing adverts, but we can now easily expand to be supporting the new growth and continue supporting every IRC network out there with a simple, modern IRC client for the web and mobile. What's happening next? There has been a lot of silence with progress in recent months due to the lack of time available towards this project, however with that changing now we can start to pick up the pace of development some more. Some highlights of whats currently happening: An entire re-write has been in the works with a development preview available here Amazing mobile and tablet device support The open source project and related projects has now moved into it’s own organisation, There has been some heavily requested features over time which I can now start putting resources into. I know some of these will be getting people excited so there will be another mention of these once the new release of Kiwi IRC has become generally available. More information on these will appear in the near future so be sure to be following @kiwiirc on twitter or the mailing list to be getting the updates as they happen! Or just come say hey on :) Finally, a big thanks to the new sponsor, PrivateInternetAccess, for helping not only Kiwi IRC but the IRC community as a whole. If you’re looking around for a VPN provider to keep yourself protected online, take a look at as they come highly recommended from many different sources and reviews!
  7. Microsoft released a new Windows 10 build to the Fast ring a little earlier than usual today, after a week with no builds. Build 18932 includes some new Eye Control improvements and notification settings, but it also comes with a pretty long list of fixes issues. Most notably, Microsoft is seemingly converging settings synchronization engines into a single platform that's more reliable and less complex. For now, that means settings syncing will be disabled in 20H1 builds, but it should be good news for future releases. Here's the full list of improvements: Read More Here
  8. The field of science communication -- the practice of informing and educating people about science-related topics -- arose just after the start of the Enlightenment when Francesco Algarotti published his first edition of Newtonianism for the Ladies in 1737. While that bit of 18th century mansplaining doesn't really hold up by today's standards, in the nearly three centuries since, the pace of scientific progress has only accelerated -- with science communication evolving alongside it. The advent of social media, in particular, is an unprecedented, powerful tool for science communicators. "It was right after the election and I noticed that there was all this energy in the community, thinking about how we could better communicate our science to the public," University of Connecticut PhD student Sarah McAnulty told Engadget. "I thought we needed some way to engage scientists, in a low time-commitment, high-impact, kind of way." The result is Skype a Scientist. Launched in 2017, it connects researchers from a broad range of fields with students, teachers and other interested groups via, well, Skype. Each meeting lasts 30 minutes to an hour and operates as an informal Q&A session. "Typically it is structured as question and answer sessions, because we want people to feel as though they've really met a scientist, not just got lectured," McAnulty continued. "We want people to get answers to what they actually want to know about. That's really important." The operation itself is fairly straightforward. Teachers and interested parties fill out a Google form with their schedule availability while researchers and scientists fill out a similar form of their own. Then, a sorting algorithm designed by bioinformatician David Jenkins, a PhD student at Boston University, matches up the two groups for a session. "It's free," McAnulty points out. "As long as you have an internet connection, you're good to go." Before the advent of the internet, this sort of interaction simply wouldn't be feasible. Similar programs do exist, such as Letters to a Pre-Scientist, but nothing on this scale. In the last two and a half years, Skype a Scientist has served 15,000 classrooms and signed up 6,000 individual researchers to participate. "I basically did this whole thing via Twitter, I tweeted about it," McAnulty said. "And then the word of mouth spread extraordinarily quickly. Without that social media aspect of scientists talking to each other on Twitter, I can't imagine I would have gotten this many teachers or scientists." Before Skype a Scientist, McAnulty launched the Squid Scientists Tumblr page in 2014. "Originally, it was just I wanted to see what what if it was possible because Tumblr, generally speaking, wasn't a place where science communication was happening too much." Still, McAnulty found Tumblr to be less hostile to women than Reddit and that it skewed towards further a younger audience than Twitter. "I get more questions from Tumblr from young women who are thinking about being a scientist or just want to know more before they make a choice about what kind of careers they think they could see themselves in," she said. "So Tumblr has been really powerful for that." Indeed, the elimination of communication barriers and the waning influence of traditional "gatekeepers" to the scientific community has enabled female, PoC, LGBTQ+, and non-binary researches a direct line to an interested public. And given that a 2018 study found that only around 30 percent of studies published in the Nature Index journals were penned by female researchers, that ability to connect with not just the public but other researchers as well, could help reduce that discrepancy. McAnulty notes that mainstream science media outlets like the Discovery Channel or NatGeo will cast their scientist hosts based on who will return the best ratings. "In the process, they are choosing scientists that they think people will view as scientists," she said, "It's a positive feedback loop of sexism." However, with the rise of social media, especially Twitter, Instagram and YouTube, researchers from underrepresented groups don't have to wait for NatGeo to come knocking. They can produce their own content, cultivate their own audiences and share their passion for science directly. "The more that we're engaging with the public -- and even engaging in our own communities -- the more representation you have of everybody, the better and the stronger our scientific community will be," McAnulty said. The podcasting community has also become a hotbed for science communication. Take This Week In Science, for example. Originally a live radio show broadcast from KDVS on the University of California, Davis campus, it now reaches listeners in 60 countries as a weekly podcast. Neurophysiologist and science communicator, Dr. Kirsten "Kiki" Sanford, founded the show in 2000. "I was a graduate student when I started it and was really interested in the idea of talking with people about the stuff I was learning," she explained to Engadget. "I would hang out with my neighbors and we would talk about things that we had learned recently, things that were cutting edge research, and just how exciting they were." She quickly realized that there wasn't much of that sort of content available. "The only radio show at the time in the area that I lived, was Science Friday, which was great, but that was it," Sanford said. "And so we approached the local college radio station to see if they wanted to have a science show." In the 19 years (and 500-plus episodes) since, TWIS has held a number of live tapings at local clubs and science festivals. "I enjoy doing live shows, because there's that instant feedback," Sanford said. "You can see people's faces, whether or not they're engaged in what you're talking about whether or not they're bored. I can up-regulate what I'm saying, I can shift the way that I'm explaining it, I can ask the audience a question and you know, get a show of hands or get a response right then and there." Sanford and her team are expanding into other areas of social media, such as their recently-launched monthly newsletter. "I'd like to be able to get the show to stable financial basis, where we can put more time into doing shorter content for YouTube, or maybe a daily show" Sanford continued. "One fun idea that have been bounced around recently: I have an eight year old son and he's getting interested in [science]. So we've been talking about having a Twitch Junior program." These sorts of conversations wouldn't have occurred without the rise of these platforms. "With the access that people have, especially social media, I am seeing so many more scientists, talking to people not just to each other, but to people who are just like, 'Oh, what is this thing you study?'' Sanford noted. "And suddenly there's a conversation happening. That didn't happen before." Science communication is having an outsized effect on the scientific job market as well, Sanford points out, with people carving out careers in a field that didn't exist a decade ago. "You had science writers, you had science journalists, but to the idea of a science communicator?" Sanford quipped, "Now people are calling themselves science communicators all over the place. It's amazing." Though social media's open access regularly serves as a double-edged sword, with conspiracy theorists intentionally spreading misinformation online, both McAnulty and Sanford remain optimistic that the scientific community will be able to minimize the damage those bad-faith actors might cause. "That's social media's equality, and that is a blessing and a curse," McAnulty said. "I guess one of the goals for my science communication, and my career, is to help people connect with sources of information that they can trust."
  9. Self-driving venture Waymo has been given permission by California authorities to transport people in its robotaxis. According to TechCrunch, the California Public Utilities Commission (CPUC) gave Waymo the green light this week, issuing a permit that will allow the company to participate in the state's Autonomous Vehicle Passenger Service pilot. This means that Waymo employees will be able to hail a self-driving vehicle and take guests on rides within the company's South Bay territory. There are some restrictions, of course. Waymo can't charge for these rides, and every vehicle must have a safety driver behind the wheel. Interestingly, the CPUC will allow Waymo to contract out its safety driver operations to a third party -- a decision prompted by Waymo's assessment that operating and scaling a "meaningful pilot" requires a large group of drivers who are "more efficiently engaged." They will still go through Waymo's proprietary driver training program. This isn't the first milestone for Waymo in its bid to roll out a nationwide service -- the company launched its first commercial ride-hailing offeringlast year in Arizona, where there's less regulatory red tape for companies to deal with. Nor is this the first permit of its kind to be issued in California -- Zoox scored that accolade in December last year. Nonetheless, the news represents an important advance for Waymo's efforts in the state, where the race is perpetually on to achieve firsts in what is essentially the tech capital of America. More Here
  10. Hitman 2 has had its share of unusual updates and events, but its latest may be particularly appealing if you're music-minded. IO Interactive has outlined a July roadmap with a string of music-themed activities, most notably the "I'm With the Band" Challenge Pack arriving on July 11th. Finish five band-related tasks on the Santa Fortuna map and you'll unlock a violin -- you could literally bludgeon someone with your musical tastes. The rest of July shares a similar vibe. As of July 4th, there's an Escalation mission on the Isle of Sgail that has you taking out musicians through creative methods. On July 18th, Featured Contracts will revolve around the concept of "tone death." The Badboy Elusive Target returns to Sapienza a day later on July 19th for Legacy Pack owners. And on July 25th, another Escalation mission in Santa Fortuna will involve making some noise with explosives. And don't worry if you're sick of music by the end of the month. IO is giving expansion pass owners a second Sniper Assassin map, the Siberia-based Prison, on July 30th. More details are coming in the weeks ahead. For now, though, it's evident that IO has found a way to keep players busy after the novelty of the New York map has worn off.
  11. Updated YouTube, under fire since inception for building a business on other people's copyrights and in recent years for its vacillating policies on irredeemable content, recently decided it no longer wants to host instructional hacking videos. The written policy first appears in the Internet Wayback Machine's archive of web history in an April 5, 2019 snapshot. It forbids: "Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data." Lack of clarity about the permissibility of cybersecurity-related content has been an issue for years. In the past, hacking videos in years past could be removed if enough viewers submitted reports objecting to themor if moderators found the videos violated other articulated policies. Now that there's a written rule, there's renewed concern about how the policy is being applied. Kody Kinzie, a security researcher and educator who posts hacking videos to YouTube's Null Byte channel, on Tuesday said a video created for the US July 4th holiday to demonstrate launching fireworks over Wi-Fi has been removed because of the rule. "I'm worried for everyone that teaches about infosec and tries to fill in the gaps for people who are learning," he said via Twitter. "It is hard, often boring, and expensive to learn cybersecurity." The Register asked Google's YouTube for comment but we've not heard back. Security professionals find the policy questionable. "Very simply, hacking is not a derogatory term and shouldn’t be used in a policy about what content is acceptable," said Tim Erlin, VP of product management and strategy at cybersecurity biz Tripwire, in an email to The Register. "Google’s intention here might be laudable, but the result is likely to stifle valuable information sharing in the information security community." Erlin said that while it may be reasonable to block content that shows actual illegal activities, like breaking into a specific organization's systems, instructional videos play an important role in cybersecurity education. "In cybersecurity, we improve our defenses by understanding how attacks actually work," said Erlin. "Theoretical explanations are often not the most effective tools, and forcing content creators onto platforms restricted in distribution, like a paid training course, simply creates roadblocks to the industry. Sharing real world examples brings more people to the industry, rather than creating more criminals." Tyler Reguly, manager of security R&D at Tripwire, said censorship has been a concern among YouTube video makers for some time. In an email to The Register, he expressed sympathy for the challenge YouTube faces as a business. "If YouTube wants advertisers to pay, they need to be aware of the content they are allowing," he said. "We tend to forget that these websites exist to make money, not for the betterment of society." But he noted that YouTube's policies aren't easy to interpret and there may be reasons Kinze's video got flagged, such as the fact that it deals with fireworks. "The YouTube system, based on reports that I’ve seen in the past, is quite arbitrary and difficult to understand, even as a YouTuber working directly with the company, nothing is as straightforward as it seems," he said. Dale Ruane, a hacker and penetration tester who runs a YouTube channel called DemmSec, told The Register via email that he believes this policy has always existed in some form. "But recently I've personally noticed a lot more people having issues where videos are being taken down," he said. Read more here
  12. The security expert Barak Tawily demonstrated that opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a 17-year-old known bug in the browser. The researcher published the details of the attack through TheHackerNews website and demonstrated that his technique works against the latest version of Firefox. “Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.” reported TheHackerNews. The expert was analyzing the implementation of the Same Origin Policy in Firefox when discovered that it is vulnerable to local files theft attack. “Recently, I was performing a research on Same Origin Policy attacks, I managed to realize that the la version of Firefox (currently 67) is vulnerable to local files theft attack (on any supported OS), due to improper implementation of Same Origin Policy for file scheme URIs. Let’s go over the PoC details then I will provide an explanation of why its not patched yet.” wrote the expert. According to Tawily, Firefox didn’t fix the flawed implementation of the Same Origin Policy (SOP) for File URI Scheme over the years. The expert also shared details of its PoC and a video PoC of the attack. Tawily explained how an attacker can easily steal secret SSH keys of Linux victims if they save downloaded files in the user-directory that includes SSH keys in its subfolder. Attacker sends email to victim with attachment file to be downloaded / Victim browse to malicious website and download file The victim opens the HTML malicious file The file loading the containing folder in an iframe (so my file path is file:///home/user/-malicious.html, and the iframe source will be file:///home/user/) The victim thinks he clicks on a button on the malicious HTML, but in fact he is clicking on the malicious file html inside the iframe’s directory listing (using ClickJacking technique, in order to apply the “context switching bug” which allows me access the directory listing of my containing folder) The malicious iframe now have escalated privileges and is be able to read any file on the folder contains the malicious file, (in most cases downloads folder, in my case is file:///home/user/). The malicious file is able to read any file on it’s containing folder (file:///home/user/), such as SSH private key by simply fetching the URL file:///home/user/.ssh/ida_rsa and stealing any file by 1 more fetch request to the attacker’s malicious website with the files’ content. The attacker gains all files in the folder containing the malicious file exploit this vulnerability An attacker could successfully carry out the attack by tricking victims into downloading and opening a malicious HTML file on the Firefox web browser and into clicking on a fake button to trigger the exploit. “Tawily told The Hacker News that all the above-mentioned actions could secretly happen in the background within seconds without the knowledge of victims, as soon as they click the button place carefully on the malicious HTML page.” continues The Hacker News The expert reported the flaw to Mozilla, but the company seems to have no intention to fix the issue soon. “Our implementation of the Same Origin Policy allows every file:// URL to get access to files in the same folder and subfolders.” reads the reply from Mozilla.
  13. A Georgia state agency confirmed that a cyberattack has brought offline some court websites. According to local media, hackers infected the systems of the Georgia Administrative Office of the Courts with ransomware, “News outlets report hackers demanding a ransom infected computers with malware at the Georgia Administrative Office of the Courts.” reported the Associated Press. “Agency spokesman Bruce Shaw said Monday that officials have “quarantined our servers and shut off our network to the outside.” The Georgia Administrative Office of the Courts provides services to some local probate and municipal courts. The website of the agency ( was offline earlier this week, while the websites for the Georgia Supreme Court and court clerks in the larger counties of the state were up and running. “Hackers have infected computers at a Georgia courts agency, demanding a ransom payment and causing officials to shut down court websites.” reported the AJC website. “The Administrative Office of the Courts was offline Monday as the state government tried to contain the hack.” At the time of writing, it wasn’t clear the extent of the attack in term of impacted Georgia courts and interference with ordinary operations. Agency spokesman Bruce Shaw pointed out that users’ data were not exposed because the Georgia Administrative Office of the Courts doesn’t users details apart from information in public court documents. “Personal information wasn’t compromised because the agency doesn’t keep that information, said Michelle Barclay, a division director for the Administrative Office of the Courts.” concludes the AJC website. “Everything is shut down until they tell us to turn it on,” Barclay said. “We’re definitely inconveniencing folks who rely on our applications.” The attack was discovered during the weekend, experts believe it was launched from a foreign country. The attackers sent an email to the agency with instructions to contact them, the message didn’t specify a ransom amount. This incident follows other similar attacks on government systems, such as the one that hit the city of Atlanta and the Georgia Department of Agriculture. County and state courts were operational, but they were unable to access information provided by the Administrative Office of the Courts, Allen said. He didn’t know how long it will take to recover from the attack.
  14. The government of Singapore has announced its third bug bounty program aimed at assessing the level of security implemented for government systems exposed online. The bug bounty program sees the involvement of the Cyber Security Agency of Singapore (CSA) and the Government Technology Agency of Singapore (GovTech). Like previous programs, this bug bounty initiative program will be operated through the HackerOne platform. The bug bounty program will run from July to August and will see the participation of 200 international hackers and 100 local hackers. The organization will offer payouts between $250 and $10,000 for each vulnerability reported by the experts. The Government will present the results of the program in September. “The Singapore Government’s latest bug bounty program is part of a strategic initiative and commitment to build a secure and resilient Smart Nation by strengthening collaboration with the cybersecurity industry and community.” reads the press release. “GovTech’s bug bounty program will run from July to August 2019 and will cover nine Internet-facing government digital services and information and communication technology systems with high user interaction.” In December 2017, Singapore’s Ministry of Defence (MINDEF) invited roughly 300 white hat hackers from around the world to participate its first bug bounty program. The hackers found 35 vulnerabilities that were paid a total of $15,000. The second program run earlier in 2019 and resulted in the discovery of 26 security flaws that were paid a total of $12,000.
  15. Government officials from Germany and the Netherlands signed an agreement for the building of the first-ever joint military Internet, so-called TEN (Tactical Edge Networking). The agreement was signed this week in Brussels, during a meeting of NATO defense ministers. “The accord was signed on Wednesday in Brussels, Belgium, where NATO defense ministers met this week.” reads the post of ZDnet that first reported the news. “The name of this new Dutch-German military internet is the Tactical Edge Networking, or TEN, for short.” The Tactical Edge Networking (TEN), is the first-ever project that allows states to merge their military networks. Military and defense analysts believe that in the future, the NATO alliance will create for all its members a unique military network. The TEN will be located in Koblenz, Germany, while a design and prototype center will be located at the Bernard Barracks in Amersfoort, the Netherlands. In the first phase of the project, TEN will unify communications between the German army’s (Bundeswehr) land-based operations (D-LBO) and the Dutch Ministry of Defence’s ‘FOXTROT’ tactical communications program. Under the TEN project, soldiers from both governments will use the same equipment (i.e. Computers, radios, tablets, and telephones). The cost for the overall project will be very high, analysts believe it will reach millions of euros. TEN’s deployment is expected to cost the two countries millions of euros in costs to re-equip tens of thousands of soldiers and vehicles with new compatible equipment. According to German newspaper Handelsblatt, both governments aim at a full integration of the defense netwotks. “The digitization of their land forces will tackle the Netherlands and Germany together. The goal: At the latest in the 2030s, the armies of both countries should be networked at all levels and communicate with each other electronically without any restrictions.” reported the Handelsblatt “It’s a really big step, we’ve never done so before,” said Dutch Defense Minister Ank Bijleveld-Schouten on Tuesday to Handelsblatt on the sidelines of the meeting of the Nordic NATO defense ministers in Berlin.” Even if Dutch and German army have already conducted joint foreign missions, they have never exchanged information across national borders. “Today we cannot even communicate across borders with our radios,” said Bijleveld-Schouten.