Posted on Mar 30th, 2015 |
0 comments
(Bloomberg) — GitHub Inc., a U.S. website designed for computer programmers, has been under attack since Thursday in what may be an attempt by China to disrupt efforts to circumvent that country’s censorship policies. The San Francisco-based service, which helps programmers and tech companies share ideas for software development, has experienced its biggest-ever distributed denial of service attack, the company said on its website. “87 hours in, our mitigation is deflecting most attack traffic,” GitHub posted on its status blog shortly after 1 p.m. New York time on Sunday. “We’re aware of intermittent issues and continue to adapt our response.” About three hours later GitHub said its evolving tactics were improving performance. The Wall Street Journal, citing cybersecurity experts it didn’t identify, on Sunday reported the attack may have originated in China and routed overseas users of Baidu, China’s biggest search engine, to overwhelm two GitHub pages that linked to sites banned in China. Roland Dobbins, a senior computer-security analyst with Arbor Networks Inc., said in a telephone interview that the incident appears to be a so-called reflection attack in which traffic is redirected from other sites to overwhelm the victim. He said he doesn’t have any insight on who is behind it and that tracking down a culprit often is less important than a strong defense against the attacks. Those behind the assaults are “basically using other systems to attack” on their behalf, Dobbins...
Posted on Mar 26th, 2015 |
0 comments
When you send a text or MMS from your phone the normal way, you can’t control what happens to the information once it leaves your device. Wireless carriers are required to save messages for a certain length of time to assist authorities in criminal investigations. The recipient can save the message indefinitely, or send it to someone else without your knowledge or permission. That means those risqué photos, videos or texts you sent to your significant other could come back to haunt you in the future. There are web sites where people post pictures and messages of a private nature sent by their exes as a form of revenge. Relatively innocuous business-related messages could prove damaging if taken out of context later. Even if you don’t have a disgruntled ex or business partner, the recipient’s device could be lost or stolen, or their cloud accounts hacked. Several messaging and social media apps have sprung up in response to these security concerns. But how secure are they? Let’s examine the features you should look for in a messaging app that will keep your private messages under wraps. End-to-End Encryption Encryption uses a public and private key to encode and decode the messages. A secure messaging app should generate and store the keys on the user’s device, not on a server. The keys should only leave the device by action of the user, such as creating a backup or transmitting them to a new device. This means that even if a company is subpoenaed or required to deliver your private messages to the authorities, they technically cannot. In-Transit Encryption Encryption during transmission is important because these apps use a data connection instead of the phone connection. If you or the recipient is on WiFi, the messages could be intercepted and read by a third party. The app should also encrypt stored messages, in case the device is hacked or falls into the wrong hands. Permanent Deletion The digital storage on a smartphone works much like a PC’s hard drive. By default when you delete something, the operating system marks the space as available, but doesn’t actually remove the data until something overwrites the space. A secure messaging app should either remove the information completely, or only store the messages in RAM. Some messaging apps automatically delete the messages once they are read or after a specific length of time. User Friendliness While this isn’t a security feature in itself, it’s still important. Most secure messaging apps require both parties to be...
Posted on Mar 18th, 2015 |
0 comments
REDMOND — A company with more than 30 dental clinics serving low-income people in Oregon says it’s been hacked, and the intruders got Social Security numbers and other personal information, but not treatment or financial data. Redmond-based Advantage Dental is notifying patients and paying for an identity-theft monitoring service, The Bulletin newspaper of Bend reported Tuesday. An intruder breached its internal membership database in late February and accessed information on more than 151,000 patients, said Jeff Dover, Advantage’s compliance manager. He said malware got a username and password from an employee’s computer for access to the membership database, which is separate from the database that contains financial and treatment information. The intruder accessed the information for three days beginning Feb. 23, and then Advantage workers detected the breach. All Advantage computers are equipped with anti-virus software, but sometimes software does not detect new variations of a virus, he said. “Unfortunately this happened,” he said. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.” No patients have reported the data being used for criminal activity. Dover said Advantage made security changes, including shutting off access to its internal patient database from computers that are not within Advantage clinics or its headquarters in Redmond. — The Associated...
Posted on Mar 16th, 2015 |
0 comments
Hello there, in this post I am going to write the upgrade procedures for Kali Linux to the latest version as I did in my lab environment. I would like to inform you that these steps may change according to your environment. In my case, I upgraded from 1.0.7 x64 version to 1.1.0 x64. Let us start; Backup the current apt source list file as follow. Kali Linux Shell cp /etc/apt/sources.list /etc/apt/sources.list.backup 1 cp /etc/apt/sources.list /etc/apt/sources.list.backup Open the current apt source list file with an editor (nano, pico, vi, vim etc.) (I use vim editor) as follow. Kali Linux Shell vim /etc/apt/sources.list 1 vim /etc/apt/sources.list Delete all lines in the source list, in other words, empty file content. Then add the following lines into the file (/etc/apt/sources.list) as shown. Kali Linux Shell deb http://http.kali.org/kali kali main non-free contrib deb http://security.kali.org/kali-security kali/updates main contrib non-free deb-src http://http.kali.org/kali kali main non-free contrib deb-src http://security.kali.org/kali-security kali/updates main contrib non-free 12345 deb http://http.kali.org/kali kali main non-free contribdeb http://security.kali.org/kali-security kali/updates main contrib non-free deb-src http://http.kali.org/kali kali main non-free contribdeb-src http://security.kali.org/kali-security kali/updates main contrib non-free Update the system and install kali-archive-keyring package by using apt-get or aptitude as follow. Kali Linux Shell apt-get update && apt-get install kali-archive-keyring 1 apt-get update && apt-get install kali-archive-keyring or Kali Linux Shell aptitude update && aptitude install kali-archive-keyring 1 aptitude update && aptitude install kali-archive-keyring Upgrade the system by using apt-get or aptitude as follow. It will take some time to fully upgrade the system. Kali Linux Shell apt-get dist-upgrade 1 apt-get dist-upgrade or Kali Linux Shell aptitude full-upgrade 1 aptitude full-upgrade After fully upgraded has been done successfully, you can check the new Kali Linux version as follow. Kali Linux Shell root@kali:~# lsb_release -a No LSB modules are available. Distributor ID: Kali Description: Kali GNU/Linux 1.1.0 Release: 1.1.0 Codename: moto 123456 root@kali:~# lsb_release -aNo LSB modules are available.Distributor ID: KaliDescription: Kali GNU/Linux 1.1.0Release: 1.1.0Codename: moto or Kali Linux Shell root@kali:~# cat /etc/debian_version Kali Linux 1.1.0 12 root@kali:~# cat /etc/debian_version Kali Linux 1.1.0 Finally, you are done. Thanks for reading this post. Please do not hesitate contact me if you need help. Have a great...
Posted on Mar 12th, 2015 |
0 comments
OVERVIEW Computer service centers encounter failed hard drives. Data recovery can be arevenue source, but it must be wisely and carefully done. Well-intentioned but ill-informed efforts and practices can reduce or even ruin the prospects for successful recovery, and they can even expose the provider to legal liability. As in medicine, the main precept of data recovery is “first, do no harm.” The purpose of this article is to share basic data recovery practices intended to minimize the chances of harming a drive during the initial diagnostic and imaging (or copying) phases of the data recovery process. The article will present general principles as well as specific examples. THE LEARNING CURVE Gaining expertise in data recovery is neither a quick nor easy process. There are many different drive makes and models; what works for one brand may not apply to another. Models from the same manufacturer can be markedly different in construction and operation. A huge amount of technical information and details must be absorbed and mastered to become even modestly adept. Hard drive manufacturers are frugal about releasing technical details of their products because they want to safeguard their intellectual property and trade secrets. Good drive diagnostic and firmware tools are expensive. Comprehensive training on how to use them is also generally expensive, when available. Most third-party data recovery training classes provide only a cursory introduction; there is no substitute for hours of hands-on experience. Although much of what data recovery technicians learn and use comes from trial and error, it is important not to get one’s education at the client’s expense. We receive a lot of drives that have been worked on by other technicians. A fair number of those have been damaged or ruined – along with the chances of recovery – by mistake. Incorporating a set of best practices for hard drive data recovery can improve the outcomes and be beneficial to all concerned. GENERAL PRINCIPLES Recognize your own limitations. A customer’s best interests should be top priority. Resist the temptation to experiment or gamble with a client’s data – you can make things much worse! If you don’t have the knowledge, equipment, experience and confidence to tackle a particular recovery job, then simply stop. It is better to pass on a service opportunity than to ruin forever a client’s chances of getting back data. Note that recovery pros sometimes sub out difficult jobs to others with specialized expertise, if it will ultimately benefit the client. Proper diagnosis is essential. You can’t fix the problem unless you are...
IT Specialist, Web Developer, System and Network Administrator, Security Expert, Mobile Programmer...