Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers, but that it has no immediate plans to fix. In a late-evening tweet, US-CERT, the division of Homeland Security tasked with reporting on major security flaws, tweeted a link to a security advisory detailing the bug, describing it as “being exploited in the wild.” Microsoft said all supported versions of Windows are affected by the flaw, including Windows 7, which after this week no longer receives security updates. The vulnerability was found in how Internet Explorer handles memory. An attacker could use the flaw to remotely run malicious code on an affected computer, such as tricking a user into opening a malicious website from a search query or a link sent by email. It’s believed to be a similar vulnerability as one disclosed by Mozilla, the maker of the Firefox browser, earlier this week. Both Microsoft and Mozilla credited Qihoo 360, a China-based security research team, with finding flaws under active attack. Earlier in the week, Qihoo 360 reportedly deleted a tweet referencing a similar flaw in Internet Explorer. Neither Qihoo, Microsoft, nor Mozilla said how attackers were exploiting the bug, who the attackers were, or who was being targeted. The U.S. government’s cybersecurity advisory unit also issued a warning about current exploitation. Microsoft told TechCrunch that it was was “aware of limited targeted attacks” and was “working on a fix,” but that it was unlikely to release a patch until its next round of monthly security fixes — scheduled for February 11. Microsoft assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released. When reached, a Microsoft spokesperson did not comment https://techcrunch.com/2020/01/18/internet-explorer-security-flaw/
Reportedly, researchers from WebARX Security have found a serious security flaw in two different WordPress plugins. Considering the extensive userbase of both plugins, the bug potentially made thousands of websites vulnerable to cyber attacks. Stating about the bug in their advisory, the researchers stated that they found an authentication bypass flaw in two plugins, the WP Time Capsule and InfiniteWP Client. Exploiting the flaw could allow an attacker to sign-in to the admin account without a password. According to the researchers, the bug remained exploitable even with a firewall.
Attribution link: https://latesthackingnews.com/2020/01/20/critical-bug-in-two-wordpress-plugins-risked-over-320k-websites/
Researchers from Kaspersky have discovered some old malware active in the wild again. Identified as Faketoken, the old Android banking trojan is now back with more malicious functionality. The malware first emerged several years ago and was among the most widespread banking trojans in 2014. At that time, Faketoken meddled with the device-messaging only once to proceed with fraudulent transactions. However, in 2016, it became more sophisticated in stealing money, as it overlaid apps to steal users’ bank account credentials. At the same time, it also served as ransomware by encrypting the device data. Whereas, in the following year, it emerged whilst impersonating popular e-wallets and mobile banking apps to bluff users. Hijacking Phone For Sending SMS Elaborating on their findings in a blog post, the researchers stated that their ‘Botnet Attack Tracking’ system recently found at least 5000 devices infected with Faketoken. They found all these devices involved in sending text messages. The researchers considered this behavior ‘unusual’ for a banking trojan. Scratching the surface revealed that the typical banking trojan has now emerged as an even more malicious virus. Faketoken now hijacks the victim devices to send messages to premium rate numbers. Whereas, in case of lack of balance, the attackers behind the malware can top up the victim mobile account through their bank account. Such messages will further cost the victim as the researchers found most messages being sent to foreign numbers. While, for now, it is unclear as to how Faketoken is targeting devices. Nonetheless, the usual precautions, which are avoiding downloads from third-party app stores, avoiding URLs received via SMS messages, reviewing app permissions, and empowering devices with robust mobile antivirus tools can help the Android users stay safe.Attribution link: https://latesthackingnews.com/2020/01/20/android-banking-trojan-faketoken-now-also-messages-premium-rate-phone-numbers/
Reportedly, Facebook has announced an update in its login feature. The new feature will now notify users while logging in to third-party apps via Facebook. Facebook believes this change will bring more control to the users on their information. The tech giant has detailed this new feature in a blog post. As revealed, the new feature, called ‘Login Notifications’, generates user alerts while signing-in to third party apps. This notification will give details to the user about the information shared with the app. It will also let the user make any changes to the shared data.Attribution link: https://latesthackingnews.com/2020/01/19/facebook-will-notify-users-when-logging-in-to-third-party-apps/
Last night we experienced approximately 12 hours of downtime between around 18:00 and 06:40 UTC, caused by a prolonged period of internet routing issues which our ISP has attributed to a failed line card in one of their routers. This was our longest period of downtime in many years and we’re very sorry for the disruption it caused. Running a large service which interfaces with the venerable IRC protocol poses a different set of challenges to most modern web services: Firstly, we have to manage a large number of outbound IRC connections while ensuring as few disconnections as possible. Secondly, IRC networks expect our users to connect from a consistent set of IP addresses, and lastly, IRCCloud is subject to a high volume of distributed denial of service (DDoS) attacks. These constraints mean that our outbound connection servers, which actually make your outbound IRC connections, have been hosted for years by a specialist DDoS-resistant hosting service provided by a major ISP. This is a costly part of our infrastructure, and it wouldn’t be economical for us to completely duplicate these servers elsewhere to mitigate against rare situations like the one last night. Switching to another ISP - even if we could find one to provide the required servers at short notice - would involve a long process of getting new IP addresses whitelisted by IRC networks. Our current architecture also restricts us to running our outbound connection servers in relatively close proximity to the rest of our infrastructure (which is hosted on Amazon Web Services). Over the last few months we’ve been working on a significant update of our backend software to remove this restriction - in fact, we started rolling this update out yesterday. These improvements will make it easier for us to investigate other approaches for our outbound connection servers in future, and we’ll certainly be discussing network redundancy with our ISP and future providers. If you’re an IRCCloud subscriber, we’re happy to issue you a month’s refund in compensation for this downtime - drop us an email at firstname.lastname@example.org. Tuesday January 22 2019 • posted by james Bouncer: connect with other clientsToday we’re launching one of our most requested features. Paid subscribers can now use 3rd party IRC clients to connect to the IRCCloud service, just as you would with a traditional bouncer. Open the menu for one of your IRC or Slack connections and choose the “Connect with another client…” option for details on how to connect. For IRC connections, you’ll be prompted to generate a unique server password. Backlog replayNote: backlog replay isn’t currently available for Slack connections Bouncer passwords are shown to you in the following format: bnc:xxxxxxxx… If you’d like the bouncer to replay missed messages whenever you reconnect with your client, you’ll need to change this format to include a clientid of your choosing. This is used to identify and track the messages your client has seen to make sure we only replay undelivered messages. The clientid can be anything, but can’t include spaces. Just make sure to use a different id for each client you use. Once you’ve chosen a clientid, rewrite your password in the following format: bnc@clientid:xxxxxxxx… For example, if your generated password was bnc:abcxyz and you chose laptop as a clientid, you’d connect with the following server password: bnc@laptop:abcxyz SecurityA bouncer password grants full access to the associated network connection, so make sure to keep it safe. You can revoke or regenerate a bouncer password at any time, in case you no longer need it or it becomes compromised. This will also disconnect any client currently using that password. Backlog timestampsThe latest versions of most 3rd party clients support the server-time IRCv3 feature, which the bouncer will use to provide the correct timestamp for backlog replay. However, some clients may need a little coaxing https://blog.irccloud.com
Embedding a Kiwi IRC widget into your websiteEmbedding a Kiwi IRC widget on your website can be a great way to bring your community together or host an online event. No more linking to a long kiwirc.com address - you can keep your community and users on your own website while taking advantage of the well tested kiwiirc.com servers and functionality. At the very least you must know where you want your users to connect to. This will be an IRC network and a channel name. If you don't have either of these, feel free to use irc.kiwiirc.com as the network and any channel name of your choosing (letters and numbers only but starting with a # symbol). https://kiwiirc.com/embedding
we're back in 2019 with a maintenance release for the 0.13 cycle, Quassel 0.13.1. Besides a handful of fixes and improvements over the previous release, 0.13.1 fixes a particularly annoying issue with 0.13.0 on Qt4-based systems where backlog messages would not all be fetched. I'd like to thank Janne "justJanne" Koschinski and Shane "digitalcircuit" Synan in particular for finding the cause for this problem, as well as implementing and testing the fix!
So if you happen to run Quassel 0.13.0 on a system or distro still using Qt4, be sure to upgrade (or ask your friendly distro maintainers to do so), otherwise your chat history may be spotty... Official 0.13.0 builds for Windows and OSX already use Qt5, so they're not affected. Also any recent distro release should have done the migration already, as Qt5 has been out for quite some time.
Quassel 0.13.1 also makes database schema upgrades more robust by making them resumable, and allows to configure the listen addresses for the built-in identd. Please see the ChangeLog for a full list of changes.
As always, you can find the sources, as well as precompiled binaries for Windows and OSX on the downloads page.
Just to inform people we at chainscriptz have added a blog from which i will rant about things and add things and explain things. This blog will be a way to let steam out and for others to comment or rebutle.
So Im going to Rant about people and chat server's
I've been hearing a lot of complaint pertaing to Buzzen staff and how there running it. I can remember a time when buzzen was always being flooded or being attacked. there were so many issues when Buzzen first opened and how things gradually changed over the times. There was a point in my life where i did care about the chat servers and how they were being controlled by staff and after awhile i also became staff and saw things and saw ppl being fired due to just being control freaks and banning people for stupid shit. then came the huge move where err0r,Eyecu,Fiesty,me became dedicated to the server and started working and bringing in new staff with err0r developing new clinets for us and constructing the server with eyecu to be more secure and less flooding. Also danger was a help in finding loop holes and assisting. it was great and the server became more and more popular. But then Duke realized he could sell his chat network to others and with the help of err0r bring in new servers. so as you can see Buzzen has a huge history with scripters. So now this brings me to the question is Buzzen mistreating some chatters or are theses chatters finally getting what they deserve. Ive know Eyecu for quite some years and I know that no matter what people say I believe not any woman would come between him and his knowledge of what is right and what is wrong. Now if its another staff member well thats a different story and im sure if its brought to head staffs attention it will be looked into and then dealt with in the proper manner!!
This is my opinion only.
Here you'll find IT related howtos, code snippets, random rants, and probably horribly outdated information, written by a guy born in 1964 who likes IT&tech stuff, Scripting, Chat Servers, and Music you can bang your head to, and Dogs. Enjoy your stay!
Wes & I have decided to update the site and make it a little more easy on the eyes. As we are getting older espicially me LOL
We hope you will like the New Theme.
Two men have been arrested after Britain’s National Crime Agency and its international pals claimed the takedown of breached credentials-reselling website WeLeakInfo.
In a collaboration between British, Northern Irish, German, US and Dutch police agencies WeLeakInfo was taken offline yesterday with two 22-year-olds alleged to be linked to its operation being arrested at the same time.
The NCA began looking closely at the site, which is said to have offered paid access to around 12 billion items of personal data, in August 2019. In a statement the agency alleged that credentials from the site were being used in cyber attacks affecting Britain, Germany and America.
The two arrested men were said, by NCA investigators, to have made £200,000 from running the site. One hailed from Fintona, Fermanagh, Northern Ireland, while the other is from Arnhem in the Netherlands.
read more here :https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.
Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.
Obviously, this is less of a noble gesture and more of a way to keep others out of the pwned boxes.
"Upon gaining access to a vulnerable NetScaler device, this actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts," the FireEye team explained.
"But all is not as it seems, as NOTROBIN maintains backdoor access for those who know a secret passphrase. FireEye believes that this actor may be quietly collecting access to NetScaler devices for a subsequent campaign."
Read more Here: https://www.theregister.co.uk/2020/01/17/hackers_patch_citrix_vulnerability/
This is something you should decide for yourself, this is work that you will do or should i say put into it. if love scripting then you have your answer.
What is Malware?
The word Malware is short for malicious software, and is a general term used to describe all of the viruses, worms, spyware, and pretty much anything that is specifically designed to cause harm to your PC or steal your information.
Viruses Wreak Havoc On Your Files
The term computer virus is often used interchangeably with malware, though the two don't actually have the same meaning. In the strictest sense, a virus is a program that copies itself and infects a PC, spreading from one file to another, and then from one PC to another when the files are copied or shared. Image by Joffley
Most viruses attach themselves to executable files, but some can target a master boot record, autorun scripts, MS Office macros, or even in some cases, arbitrary files. Many of these viruses, like CIH, are designed to render your PC completely inoperable, while others simply delete or corrupt your files—the general point is that a virus is designed to cause havoc and break stuff.
You can protect yourself from viruses by making certain your antivirus application is always updated with the latest definitions and avoiding suspicious looking files coming through email or otherwise. Pay special attention to the filename—if the file is supposed to be an mp3, and the name ends in .mp3.exe, you're dealing with a virus.
Spyware Steals Your Information
Spyware is any software installed on your PC that collects your information without your knowledge, and sends that information back to the creator so they can use your personal information in some nefarious way. This could include keylogging to learn your passwords, watching your searching habits, changing out your browser home and search pages, adding obnoxious browser toolbars, or just stealing your passwords and credit card numbers.
Since spyware is primarily meant to make money at your expense, it doesn't usually kill your PC—in fact, many people have spyware running without even realizing it, but generally those that have one spyware application installed also have a dozen more. Once you've got that many pieces of software spying on you, your PC is going to become slow.
What many people don't realize about spyware is that not every antivirus software is designed to catch spyware. You should check with the vendor to make sure the application you are using to protect you from malware is actually checking for spyware as well. If you come across a PC that is already heavily infected, run a combination of MalwareBytes and SuperAntiSpyware to clean it thoroughly.
Scareware Holds Your PC for Ransom
Scareware is a relatively new type of attack, where a user is tricked into downloading what appears to be an antivirus application, which then proceeds to tell you that your PC is infected with hundreds of viruses, and can only be cleaned if you pay for a full license. Of course, these scareware applications are nothing more than malware that hold your PC hostage until you pay the ransom—in most cases, you can't uninstall them or even use the PC.
If you manage to come across a PC infected with one of these, your best bet is to Google the name of the virus and find specific instructions on how to remove it, but the steps are usually the same—run a combination of MalwareBytes, SuperAntiSpyware, and maybe ComboFix if you need to.
For more on scareware, including a full walk-through of how a PC actually gets infected in the first place, check out the guide I wrote on removing Internet Security 2010 and other fake antivirus malware.
Trojan Horses Install a Backdoor
Trojan horses are applications that look like they are doing something innocuous, but secretly have malicious code that does something else. In many cases, trojans will create a backdoor that allows your PC to be remotely controlled, either directly or as part of a botnet—a network of computers also infected with a trojan or other malicious software. The major difference between a virus and a trojan is that trojans don't replicate themselves—they must be installed by an unwitting user. Image by otzberg
Once your PC has been infected with the trojan, it can be used for any number of nefarious purposes, like a denial of service (DoS) attack against a web site, a proxy server for concealing attacks, or even worse—for sending out buckets of spam. Protection against trojans works the same way as viruses—make sure that your antivirus application is up to date, don't open suspicious attachments, and think long and hard before you try and use a downloaded crack for Photoshop—that's one of malware authors' favorite spots to hide a trojan.
Worms Infect Through the Network
Computer worms use the network to send copies of themselves to other PCs, usually utilizing a security hole to travel from one host to the next, often automatically without user intervention. Because they can spread so rapidly across a network, infecting every PC in their path, they tend to be the most well-known type of malware, although many users still mistakenly refer to them as viruses. Image by me and the sysop
Some of the most famous worms include the ILOVEYOU worm, transmitted as an email attachment, which cost businesses upwards of 5.5 billion dollars in damage. The Code Red worm defaced 359,000 web sites, SQL Slammer slowed down the entire internet for a brief period of time, and the Blaster worm would force your PC to reboot repeatedly.
Because worms often exploit a network vulnerability, they are the one type of malware that can be partially prevented by making sure your firewall is enabled and locked down—you'll still need an updated antivirus software, of course.
Should I Quit Facebook Altogether?We've all had that one friend who deactivated his/her Facebook and was never seen again, because no one could establish contact. As if the telephone, email, and IM were never invented, many people are at a loss as to how to contact you if your Facebook isn't an easy click away. Even if the situation isn't quite that dire, Facebook is still how a lot of people keep connected, and severing that connection completely is a big deal. But now, privacy-minded folks have many legitimate reasons you should quit Facebook (or reasons you should but can't go through with it), the same thing is on everyone's mind: Is the grief of quitting worth avoiding future privacy breaches? Top Ten Reasons You Should Quit FacebookFacebook privacy policies keep going down the drain. That's enough reason for many to abandon it.… Read moreThe Less Extreme AlternativeLuckily, there is another, more middle-of-the-road option. That's not to say this isn't still extreme—this isn't for the faint of heart. It isn't a tutorial about how to change your privacy settings. This is a tutorial on how to create the most minimalist Facebook profile possible, with as little information on yourself as possible, to be used only for communication between you and your friends. You won't be able to do much on the site; you probably won't even visit the site that often. This is not for people who want to continue using Facebook; it is for the people who are ready to up and quit tomorrow, but don't want to miss out on the next party just because they care about their privacy. So if you're really ready to give up wall posts, comments, Farmville, and fan pages, here's how to proceed without falling off the face of the Earth. Create a Disposable Email Address for Your AccountWe've talked about disposable email addresses before, and most people probably already have one. (The idea being that if you create a second email address for free and sign up for the sketchy sites with it, you won't have to deal with spam in your main account later on.) With all the bugs and privacy gaffes surrounding Facebook, it has certainly become one of those sites you could call sketchy. With this email address, you can also set up notifications for messages and event invites and get all that by email (so you don't ever have to actually "check" Facebook), and even forward it to your main email account. That way, you won't have to check this separate one, but if something ever happens (like Facebook making your email public for 30 minutes), you can delete the disposable address, make a new one, link it with Facebook, and not have to deal with the spam forever. You can use any service to do this, but I'd personally just make a new Gmail address separate from my regular Google account, sign into it using Private Browsing mode (so you don't sign yourself out of your regular Gmail), set up the forwarding filters, and forget it. (To set up forwarding, just log into your disposable account, click Create Filter, and set the filter to forward any email From:facebook to your real account. If things get ugly, you can always turn the filter off.) Email Addresses Briefly Made Public on FacebookFrom the files of the Facebook's Tenuous Grasp on Privacy Dept.: Numerous users saw their email… Read moreCreate a New Account and Transfer Your FriendsTechnically, this part is optional, but I also think it has the biggest impact on how the rest of your experience will pan out. You could just edit all the information on your current account, but if you make a new one and delete the old one you'll have a completely clean slate. You won't have any posts lingering around anywhere, no personal information for the taking and no photos tagged of you. Plus, this is prime time to get rid of all your friends that you don't need. Do you really still need to be Facebook friends with that girl you met at that party that time? Didn't think so. This process is actually quite simple, especially because you have a new email address as created in step one. Log out of Facebook and create a new account using that email address. Don't enter any information, and for now, don't make any new friends except with yourself (you'll need to friend your old account for this to work smoothly). Bask in the glory of that clean, privacy-filled profile, and then log back into your old account and accept the friend request to your new one. Alternatively, open up a second browser and use one for your old account and one for your new account, just for this process—you'll be switching back and forth a lot. Conveniently, Facebook will then ask you to suggest friends for your new account (if not, you can do so by visiting your new account's profile page from your old account). This is the part of the process in which you'll transfer over the friends you actually want with one fell swoop—no spending hours searching each and every one of them out. Go through the entire list of your friends and check off the ones you want to keep. It won't take nearly as long as you think it will, I promise. Click Send and then move over to your new account. All those suggestions will be pending friend requests that you can run through quickly and add each as a friend (again, it looks like a tedious process, but shouldn't take too long) and you'll have all the friends you need. If you want to hold on to your old account during the transition, that's fine, but the point of making a new one is to delete all the old stuff, so when you're ready, go ahead and delete (not just deactivate) that old account. It'll try to tempt you into staying by showing you pictures of your friends, but you can press continue without guilt knowing you're still going to (mostly) be around. Turn Off the Wall on Your ProfileThere are a few privacy settings we need to tweak on the new account, so hit "Account" in the upper left hand corner of your window and click Privacy Settings. The first area we'll venture into is "Personal Information and Posts" to turn off the wall. This way, you won't have your profile covered with the stupid things your friends say; it'll just be your very barren news feed. Everything else here can stay the same; you don't need to make anything else private. You aren't going to be making any posts, you aren't going to be filling out information, and you aren't going to be uploading photos, so no need to cover them up. Again, keep in mind—this isn't about changing privacy, this is about quitting unnecessary Facebook activity, so it doesn't matter what these privacy settings are. They're just going to go public again after the next redesign, so why mess with them now? Hide Your Email AddressNext, head back to your Privacy settings and go to "Contact Information". You could add more info here, like your phone number, if you want your friends to have easy access, but we've already seen how Facebook can make information public, even unintentionally. That's why we created the junk email address back at the beginning of this process. I'd just leave it all blank. Down next to your registered email address is the privacy setting for who can see it. Click on it and hit customize. In the dropdown at the top of the popup window, choose "only me" and click save. Your email address is now hidden from everyone, including your friends. If you want to make it visible to them, you can—sometimes people get in a bind and may want to contact you via email with something that physically can't be sent via Facebook message—but again, it's just a junk email address. You don't want your friends actually thinking that's your address, because then you have a lot more work to do if you ever have to trash it and get a new one as mentioned above. Just keep it a secret. Hide Media Tagged With Your NameAs of right now, you can only keep tagged photos and videos out of search results and off your profile. There is currently no way to actually prevent people from tagging photos of you. With this setting, people won't be able to see photos of you from your profile page, but if they get to the picture by other means (by, say, looking at the actual album or linking to it from the profile of someone else tagged in it) they will still see your name on the photo. Yes, it's a glaring omission from the privacy features in Facebook, but it also doesn't matter much. Unfortunately, the responsibility does and will always have to lie with your friends that are uploading pictures. Facebook will never be able to stop them from uploading a picture of you, and they'll never be able to stop that person from tagging that photo with a name, any name (including yours), whether or not it is linked to a profile. But even if it does, your profile is completely empty. What's the difference between it linking to your empty profile and being unclickable text? The only fool-proof solution to the photo tagging problem is to kick your friends in the shin if they post embarrassing pictures of you. Or, you know, get some more mature friends. To stop tagged photos from showing up on your profile, though, go back to Privacy Settings and hit "Friends, Tags, & Connections". Edit the "Photos and Videos of Me" setting just like you did in the last step so only you can see the tags, and save the settings. This will delete the link to "photos of you" under your profile picture. Hide Yourself from Facebook and Google SearchesYou can tweak this next step to your liking. You probably don't want your profile showing up in Google, but if you want people to find you on Facebook you might want to stay in those search results (since people won't be able to find you through activity on your friends' walls, because there won't be any). At the same time, you may wish to have complete control over who you become Facebook friends with, and that's fine too. In Privacy Settings, hit up the "Search" section and uncheck Public Search Results. Set your Facebook Search Results to whatever you want the same way you did for photos. Lock Down Applications (Just In Case)This is the one area where I would just make everything as private as possible. You never know what those darned applications are going to do, and while you're not going to be running around Facebook installing anything, you can never be too careful. I wouldn't even recommend you stay logged into Facebook while you browse the web, since we've all seen they're always watching you. Under Privacy Settings, head to Applications and Websites and go nuts. Edit what your friends can share about you and what you can share about your friends down to nothing, and set your activity visible only to you. Again, keep in mind that even if applications were to share your information—you don't really have any information to share, so you're probably safe. The darned things are just so annoying that I'd like to lock them down as much as possible. I'd also go into notification settings (under Account > Account Settings > Notifications) and turn off any notifications having to do with applications. In fact, while you're there, you might as well turn everything else off except for messages, event invitations, and (if you want) photo tagging, because you won't be doing much else on Facebook, so there's no reason to clutter up your inbox. Every once in a while, it's probably a good idea to log in and clear all your unnecessary notifications, but other than that, you should be able to get the few necessary features to notify you via email. While I'd like to say you won't have to pay attention to Facebook's privacy gaffes ever again, that just isn't the case. With each redesign, you'll want to do a quick scan of either the privacy settings, policy, or just the blogosphere to see what fresh new hell Facebook unleashes, but in general, no matter how much of your information they try to share, there isn't much on this minimal profile that can get out there. There are a few things Facebook will always have on you, such as your email address and list of friends, so these are the important things to check up on. But if you don't have anything else on your profile, it's hard to see how applications taking information from your profile is going to be a big disadvantage if there isn't anything on it to take. Your life won't be completely free of Facebook drama, but it will be significantly easier since you won't have to pour through how-tos (like this one) trying to figure out how to get everything set straight again. It should be a pretty easy process from now on. And, best of all, your friends can't complain about you being "hard to get a hold of", and you won't miss out on the next gathering just because the invitation went out on Facebook. To be perfectly clear, though: I'm not saying this is what everybody should do. If you're not violently furious with Facebook (I'm personally not), let it go. But, if you are seriously thinking about quitting, I think this is a set-up to consider, if you haven't already. If you have, be sure to share your tips for a minimalist Facebook in the comments READ More Here https://lifehacker.com/how-to-quit-facebook-without-actually-quitting-facebook-5538697 Share
Facebook on Monday rejected a request from the United States, the United Kingdom and Australia for a "backdoor" in its end-to-end encrypted messenger apps to help law enforcement agencies combat crime and terrorism. "Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere," WhatsApp head Will Cathcart and Facebook Messenger head Stan Chudnovsky wrote in a letter to U.S. Atty. Gen. William Barr, Acting U.S. Homeland Security Sec. Chad Wolf, UK Home Office Sec. Priti Patel, and Australian Minister of Home Affairs Peter Dutton. "The 'backdoor' access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm," the Facebook executives maintained. "It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it," they noted. "People's private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do." Facebook's staunch stand against weakening the encryption of its messenger apps should polish its public image. "It's really good publicity for them," said Karen North, director of the Annenberg Program on Online Communities at the University of Southern California in Los Angeles. "This is a good thing for Facebook because it's an announcement that Facebook values our privacy, that it's willing to go to the mat to protect the privacy of each and every one of us," she told TechNewsWorld. "It's also an announcement that the government can't infiltrate Facebook's encryption," North added, "because if they could, why would they ask for a backdoor?" Pandora's DoorIn theory, a backdoor accessible only to a specific authorized party, like a law enforcement agency, is possible, said Julian Sanchez, a senior fellow with the Cato Institute, a public policy think tank in Washington, D.C. "As a practical matter, though, Facebook is right," he told TechNewsWorld. "Implementing secure communications is a hard problem under the best of circumstances, and deliberately designing in functionality for surreptitious interception inherently creates an additional vulnerability that makes an attractive attack surface," Sanchez explained. "It increases both the risk of technical exploits that malicious hackers might take advantage of," he continued, "and of what we might call 'legal exploits' -- because once such a capability is designed, it will be virtually impossible to make it available to nice democratic governments that respect human rights, while denying it to repressive regimes that criminalize political dissent." Backdoors affect more than individual privacy. "When it comes to backdoors, you're talking about a privacy issue, but you're also talking about an infrastructure issue that has really far-reaching implications," said Liz Miller, principal analyst at Constellation Research, a technology research and advisory firm in Cupertino, California. "We live in a world where people are looking for exploits and ways into the infrastructure of systems every day," she told TechNewsWorld. "If we start to weaken that infrastructure, it's not just the privacy of an individual message that's at risk, it's the privacy of the entire network." Legislation NeededGovernment and law enforcement officials maintain the tech sector is overstating the danger of weakening encryption. "The single most important criminal justice challenge in the last 10 years is, in my opinion, the use of mobile devices by bad actors to plan, execute, and communicate about crimes," said New York County District Attorney Cyrus R. Vance Jr. in written testimony submitted to the U.S. Senate Judiciary Committee at a hearing on encryption and lawful access held Tuesday. "Just as ordinary citizens rely on digital communication, so do people involved in terrorism, cyber fraud, murder, rape, robbery, and child sexual assault," he continued. His office is not anti-encryption, Vance maintained. "That does not mean encrypted material should be beyond the law when a judge signs a search warrant -- especially when we're talking about evidence tied to a child sex abuse case or a potential terrorist attack," he argued. It is "unconscionable that smartphone manufacturers, rather than working with government to address public safety concerns, have dug in their heels and mounted a campaign to convince their customers that government is wrong and that privacy is at risk," Vance said. "Because Apple and Google refuse to reconsider their approach, I believe the only answer is federal legislation ensuring lawful access," he added. "Tech goliaths have shown time and again they have no business policing themselves." Downside of Lawful AccessThere can be hangups, however, with the "lawful access" Vance and others seek. "The U.S. government can require an American company to install backdoors, but they can't require people to use those backdoored services," the Cato Institute's Sanchez pointed out. "There are already widely available open source encryption tools with no backdoors, which sophisticated users can switch to if they no longer trust compromised encryption," he continued, "and competing tech companies outside U.S. jurisdiction are sure to eagerly promote their products as an uncompromised, more secure alternative." In either case, the big loser would be Facebook. "People utilize WhatsApp because of the encryption," Constellation's Miller observed. "If you take that away, a lot of people will leave the platform, and they'll begin to question whether they want to do business with Facebook." Support of encryption backdoors by global governments has the security community concerned, observed Kevin Bocek, vice president for security strategy and threat intelligence at Salt Lake City-based Venafi, maker of a platform to protect digital keys and certificates. "This is not rocket science. Backdoors inevitably create vulnerabilities that can be exploited by cyberattackers. It's understandable that so many security and privacy professionals are concerned. Backdoors are especially appealing to hostile and abusive attackers," he told TechNewsWorld. "This is a tense moment for technology professionals because they know backdoors make our critical infrastructure and devices more vulnerable. We know that attackers don't abide by restrictions. They don't follow the rules or buy products in controlled markets," Bocek continued. "Countries that enact these restrictions harm law-abiding businesses and court economic damage," he warned, "as well as intrusions focused on sovereign government processes."
Ransomware tops the list of cybersecurity threats for 2020. While there have been efforts to convince individuals, corporations and municipalities not to pay ransoms, the simple fact is that whenever one is paid, the attack becomes a success that encourages cyberthieves to try again. Ransomware attacks increased 18 percent in 2019, up from an average 12 percent increase over the past five years, according to research from cyber risk insurance firm Chubb. It accounted for 40 percent of all manufacturers' cyber claims, and for 23 percent of cyber claims for smaller businesses last year. "Ransomware has not only continued to grow over the years, but it has also attracted more organized criminals who have begun targeting specific industries," said Javvad Malik, security awareness advocate at KnowBe4. That "has not only increased successful infections, but has also made criminals more brazen in the demands they've been making," he told TechNewsWorld. Easy PreventionOne irony of ransomware is that it remains among the easiest threats to control. Prevention would be effective if users would refrain from going to untrusted websites or from opening suspicious email attachments. "Ransomware will continue to be an issue until such time that a preventative measure can be found or every user can be educated well enough to not open files from unknown sources," said Tom Thomas, adjunct faculty member in Tulane University's Online Master of Professional Studies in Cybersecurity Management program. Ransomware is particularly nefarious because of its broad targets: individuals, businesses, government agencies and cities. The number of ransomware attacks increased in 2019 -- but worse, 22 of those cyberattacks shut down city, county and even state government computer systems. If it can't be stopped, the next best option is to make it less profitable. As a result of the attacks on municipalities, more than 225 U.S. mayors last summer signed a resolution at the U.S. Conference of Mayors, pledging not to pay the hackers. "Ransomware does not judge nor care if you are an individual, government or organization. It's about greed -- and let's be honest, organizations have more money than individuals," Thomas told TechNewsWorld. "The mayors' pledge is so much political maneuvering and sound bites. Their pledge means nothing to threat actors and criminals," he added. Those pledges are not the end of the story -- they are just the beginning, said KnowBe4's Malik. "Like an animal that acquires the taste of human flesh after its first kill, the rise and success of ransomware has given cybercriminals the taste of data," he remarked. A pressing concern is what those criminals might do with the data. "It will be common to see ransomware coupled with threats of data exposure as ransomware strains developers and expands on new methods to demand payment," predicted Erich Kron, security awareness advocate at KnowBe4. "We have seen these threats for years; however, data exposure has already happened late in 2019 and will become a common practice in 2020 for those who don't pay," he told TechNewsWorld. A King's RansomCity leaders may have more leverage in deciding not to pay a ransom than businesses, many of which have succumbed. For some companies, ransomware payouts now are factored in as an added cost of doing business. "From the perspective of a business owner of any size, ransomware is a frightening proposition. Imagine all of the endpoints in an organization failing in a few hours," warned Jason Kent, hacker in residence at Cequence Security. "Given that most organizations have difficulty doing the basics, knowing their assets, knowing if these assets are secured and patched, backing up data, etc. -- the rise of ransomware in the next few years will be most likely a foregone conclusion," he told TechNewsWorld. "If we look at the organizations that have been hit with ransomware, the recovery process was painful and took huge amounts of effort to get back online," Kent added. "If we are to make it through 2020 with our systems intact, we have to watch out for the ever-changing threat landscape." Wipe OutAlthough not new, the very sinister "wiper worms" threat, which first appeared as a new form of malware in spring of 2018, could be on the rise. Wiper worms, which can be very sophisticated programs, generally have three targets: files/data, the boot section of a computer's operating system; and system and data backups. "While not as common as ransomware, this type of malware is a major risk because of the devastating outcomes of such attacks," said Yaron Kassner, CTO of security firm Silverfort. One significant concern is that a wiper could be deployed on a network, and instead of merely locking out a user, it could be function much like an even more insidious form of ransomware. "I see wiper worms as one of the top cyberthreats for 2020," Kassner told TechNewsWorld. Those hit by such an infection may not even be able to rely on backups, which also are infected. If users restore data compromised by the worm, that doesn't resolve the problem, as each resoration attempt only replicates the problem. "Once attackers have a foothold, it's easier for them to encrypt data for ransom than to exfiltrate data to sell on the dark Web," noted Willy Leichter, vice president at Virsec. "Cryptocurrencies now make it easy for criminals to monetize attacks anonymously," he told TechNewsWorld. "Recent attacks have encrypted data and threatened to expose it publicly if the victim doesn't pay up. While this is probably a bluff, it raises the perceived stakes for victims, increasing their desperation and willingness to pay." Recovering Efforts LackingAnother troubling component of ransomware and wiperware is the effort required to recover from such an attack. Few businesses have a strategy in place should such an attack occur. "According to a recent Forrester report, most businesses are in denial about their ability to recover from such an attack," said Sean Beuby, chief architect at Semperis. "Seventy-seven percent are confident or very confident, but only 21 percent have contingency plans in place, and less than half that -- 11 percent -- believed they could recover within three days of an attack," he told TechNewsWorld. "Organizations must take a clear-eyed, hard look at how unprepared they are for a denial-of-availability malware attack and reshuffle their priorities accordingly," Beuby added. "Ransomware and other wiperware is unprecedented in its ability to lay waste to a corporate network without regard to physical location: NotPetya permanently encrypted 55,000 Maersk servers and other devices around the world in 7 minutes."
I hearing that Paige has been creating a lot of scripts for various Networks.keep it up sis and continue doing what you do Best.
Google has seemingly taken another step to sanitize the browsing environment for users. Allegedly, the tech giant is now planning to regularize advertisements for optimal loading. Consequently, in the days to come, Google Chrome will block heavy ads for seamless browsing. Chrome To Block Heavy AdsAs evident from the Chrome commit, Google has made plans to block heavy ads from loading. It will supposedly filter out those ads that consume more resources. This will, in turn, facilitate users for smooth browsing experience. First caught up by 9to5Google, the report reveals about some ongoing work towards achieving fast and smooth browsing. As mentioned in Chrome commit by John Delaney, Google is working on implementing ‘Heavy Ad Intervention’. The idea is to unload ad iframes that Google identifies for higher resource consumption. https://latesthackingnews.com/2019/07/06/google-chrome-will-block-heavy-ads-from-loading-in-future/
Cyber attack methods have evolved aggressively to become more targeted, more sophisticated, and more frequent. For this webinar we have distilled 5 of the most common and urgent problems that enterprises face, and will share our analysis of the issues and practical recommendations for addressing them within your own security program. Join Jack Danahy, SVP, Security, as he outlines steps to: Track and combat the evolving threat landscapeIncrease visibility and resistance at the attack surfaceBattle alert fatigue and the security talent shortageDefine a cyber-risk baseline and process for your security programhttps://www.alertlogic.com/resources/webinars/post-rsa-insights-five-recommendations-to-strengthen-your-security-program/?utm_medium=external&utm_source=The_Hacker_News&utm_campaign=5_Recommendations_to_Strengthen_Your_Security_Program_Webinar&utm_content=On_Demand_Promo
Looking for a good place to read up on the latest tech gadgets and tech updates.Look no further check this site out!! https://soniz-web.com/category/blog/
Your Independence Day visits to r/technology will be short indeed -- Reddit's tech subreddit is offline as part of a stand against social media. Wikipedia cofounder Larry Sangler led the push to "demand that giant, manipulative corporations give us back control over our data, privacy, and user experience."
"Following on from the announcement by Larry Sangler of a Social Media Strike," the notice reads. "/r/technology is joining the #SocialMediaStrike Click the links above for more info. Normal service will resume on the 5th."
UK businesses have reported a significant fall in cyber attacks over the last 12 months. The proportion identifying breaches or attacks in the least year was 32 per cent, compared with 43 per cent in 2018 and 46 per cent in 2017, according to a survey of 1,566 businesses by the Department for Digital, Culture, Media and Sport (DCMS) (PDF). Those figures echo the Crime Survey for England and Wales, which found that between September 2017 and September 2018, the number of computer misuse incidents among individuals fell from 1.5 million to 1 million. This was driven, according to Office for National Statistics data, by a significant reduction in computer viruses (down by 45 per cent over the same period). However, the DCMS report said other factors could be at play such as more investment in cybersecurity, better compliance due to GDPR, or a change in attack behaviour. For example, those carrying out cyber attacks could be focusing on a narrower (though still numerous) set of businesses. This fits with another broad trend in the survey showing that, among the 32 per cent of businesses that did identify breaches or attacks, the median number they recall facing has gone up, from two attacks in 2017 to six in 2019. Of those targeted, phishing attacks were the most common, with 80 per cent having been subject to email scams, while 27 per cent said they had been hit by viruses, spyware or malware. However, Ken Munro of Pen Test Partners said there are too many variables to make the findings conclusive. "Are the number of antivirus reports down because organisations (rightly) don't consider them to be attacks/breaches or incidents? Or is it because the antivirus products aren't detecting the types of malware that are being used now?" He added: "Without analysing the quality of phishing attacks, the data is also meaningless. Are untargeted phishing attempts being filtered out upstream? "I don't think anything can be concluded from the report other than that 'cyber stuff is still happening and some businesses are taking it more seriously'.
t is with great pleasure that I can now announce that kiwiirc.com and its development is now sponsored by Private Internet Access.
Some people may recognise the company as they have been sponsoring and helping out the IRC community for many years, such as the Freenode network. Having already shown their interest in pushing IRC forward and making sure that core IRC projects can stay afloat, it is a well suited match as a sponsor to the Kiwi IRC project as this can benefit every IRC network and community that uses the Kiwi IRC web client.
So what does this mean for the project?
There are no large changes being made. Kiwiirc.com and the open source project are still independent and run by volunteers. However, with the extra support, this allows me to be focusing on Kiwi IRC development much more closely and building up kiwiirc.com with new features and improvements at a faster pace.
It’s not just development that’s involved in this project. Serving kiwiirc.com for an instant, always available web IRC client for any network out there has been the larger bulk of the project and has exploded in recent years, growing from hundreds to millions of users every month. This has been a personal financial drain for some time (handling IRC isn’t cheap!) since I have never wanted to start showing adverts, but we can now easily expand to be supporting the new growth and continue supporting every IRC network out there with a simple, modern IRC client for the web and mobile.
What's happening next?
There has been a lot of silence with progress in recent months due to the lack of time available towards this project, however with that changing now we can start to pick up the pace of development some more.
Some highlights of whats currently happening:
An entire re-write has been in the works with a development preview available here
Amazing mobile and tablet device support
The open source project and related projects has now moved into it’s own organisation, https://github.com/kiwiirc
There has been some heavily requested features over time which I can now start putting resources into. I know some of these will be getting people excited so there will be another mention of these once the new release of Kiwi IRC has become generally available.
More information on these will appear in the near future so be sure to be following @kiwiirc on twitter or the mailing list to be getting the updates as they happen! Or just come say hey on irc.freenode.net/#kiwiirc :)
Finally, a big thanks to the new sponsor, PrivateInternetAccess, for helping not only Kiwi IRC but the IRC community as a whole. If you’re looking around for a VPN provider to keep yourself protected online, take a look at privateinternetaccess.com as they come highly recommended from many different sources and reviews!