08/12/2013

privacyfreeware for twitter, encrypt your tweets

CryptoTweet™ is the Encrypted version of Twitter™. It uses advanced cryptography techniques to prevent unauthorized persons to read your ETweets.

Who are you? We are a group of independent software engineers who worked on this project for nearly 2 years. Because of the #Snowden discovery we start working around the clock to get this project up and running.

Is this all? No, its not even close to what we have in mind. It's better to release a working service with less features then a whole lot of features that are not working at all.

What about the NSA or any other intelligent agency? We would rather close down the service before letting anyone in or hand over any information/data. We build this service to be different from Twitter™. And that promise we will keep. Whatever it takes!

Getting started

Step 1: Create your account by registering through Twitter™ Click here

Step 2: Go to your dashboard and authorize some friend's you want to communicate with. When you authorize friend's they will be able to read your ETweets and they will appear in the list where you can compose your ETweet when the completed the authorization process.

Step 3: Ask your friends and followers to authorize you so you are able to read they're ETweets too.

Step 4: Download your keys and certificate. You find them on the settings tab in your dashboard. If you choose to remove your private key, make sure you understand what your doing!
https://www.cryptotweet.com/about/what_is_cryptotwitter

but I am not sure if this will help you against an official demand by an official service to have all the information on your twitter accounts - it will help you against the online interception of your tweets (so long as your browser and PC aren't compromised)

Permalink | |  Print |  Facebook | | | | Pin it! |

freeware to protect your facebook account (and stop dangerous links)

  • Safe social network

    Bitdefender Safego scans the links you receive from your friends, and monitors your account privacy settings.

    Friendly advice

    With "Warn friend" option, you can warn your friends when "fishy" links are posted to their newsfeeds.

    On-Post scanning

    Surf the newsfeed and socialize without worries. Check your status in less than 60 seconds, thanks to our scanning technology.

    Friend'O'Meter

    Get an instant head-count of how many of your friends are also using Safego to keep themselves protected!
    http://www.bitdefender.com/solutions/bitdefender-safego.h...

Permalink | |  Print |  Facebook | | | | Pin it! |

freeware cloudfogger protects your online dropbox, skydrive and other cloudservices

Simple and secure privacy protection
Cloudfogger encrypts your data on the local device before it gets uploaded to the cloud. That guarantees that Dropbox and others never get access to the content of your files.
Cloudfogger protects your privacy with 256bit AES (Advanced Encryption Standard) encryption.
For Dropbox, SkyDrive, Google Drive and others

Cloudfogger uses transparent encryption, which makes daily use fast and simple: On the local system you still access your data as you always did - while all files are securely encrypted when they get uploaded to the cloud.

Manual encryption and decryption of your files is not necessary with Cloudfogger. Does it get any easier?

Secure sharing without limits

Cloudfogger-protected files can also be shared without sacrificing security. You can for example use your shared Dropbox folders securely together with others - without the need of giving them your Cloudfogger credentials.

Also, distributing files via e-mail or USB sticks is easy with the portable Cloudfogger file format.
http://www.cloudfogger.com/en/

Permalink | |  Print |  Facebook | | | | Pin it! |

piratebrowser makes national internetblocking inefficient

we are not talking about the blocking in internal network which should be standard by now because normally you will have blocked anything that is proxy or proxycircumventing category.

we are talking about the blocking of a string of domainnames at the national level (something the prime minister in the UK wants to do with porn)

"PirateBrowser is a bundle package of the Tor client (Vidalia), FireFox Portable browser (with foxyproxy addon) and some custom configs that allows you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The Netherlands, Belgium, Finland, Denmark, Italy and Ireland impose onto their citizens.

http://piratebrowser.com/

so the only thing you need is two things

* a portable application - app called now - because it doesn't install anything in the kernel of the machine and doesn't change anything in the reigstry (two things that are normally blocked in most enterprises)

if a company really wants to control what comes on the computers it will have now to install  a sandbox (so software and documents aren't in the folder but in a protected environment of the computer and/or an applicationcontrol software

* a proxy list that is daily updated

the Tor thing is not necessary but a nice one - even if it has some security difficulties and seem now to have understood that updates have to be done on a permanent basis if they want to keep up any illusion of security and privacy

it may be difficult in a network to have a Tor connection (and it isn't really something that I would advise to do viewing the many judicial problems that may bring)

Permalink | |  Print |  Facebook | | | | Pin it! |

08/07/2013

new social engineering tool for individualized phishing or targeted attacks

µphisher is a tool designed to support social engineering activities. It automates the collecting and analysis of public social network data (the current version only handles Twitter), and provides an interactive assisted text input interface which provides users real time metrics on word usage, hashtag and user references, as well as word suggestion based on usage frequency on the social network source.
https://github.com/urma/microphisher

this one only works on twitter which means that it only can be used on and against your twitter account

Permalink | |  Print |  Facebook | | | | Pin it! |

download information and tools about CSRF attacks (beast and crime attack)

you will not solve the problem with beach and crime if you don't solve the CSRF attack and that is too say the fact that cookies can be send anywhere

this is the first package of documents and tools to test your code and application about how to treat CSRF problems the tools are mostly from OWASP

we will let you know when we add new stuff

Permalink | |  Print |  Facebook | | | | Pin it! |

download tools and information about Beast and Crime SSL attacks

we have put together in one folder copies of the articles about the attacks or parts of the attacks

the RFC's that are guiding the research

some old research from 2002

the new presentation

a tool to test your internal servers

and a lot of tips for apache, ngnix and other tools

because I am sure that most of you will now have a good day of work on their hands

it are about 42 files for educational purposes only so you can get your hands on it immediately

Permalink | |  Print |  Facebook | | | | Pin it! |

download tools and information about the SLAAc ATTACK

we placed some of the tools in the articles and the articles themselves together in one box so you could download the all at ease and speed - this folder will not necessarily stay online forever

but in the maintime, you could get your downloads here - we will put new info and tools in it as they become available

Permalink | |  Print |  Facebook | | | | Pin it! |

07/08/2013

still no firewall on your small network ? try this professional one for free

What Can the Essential Firewall Edition Do for My Business?

 

The Essential Firewall edition provides protection for unlimited IP addresses and the following features without any time limitations:

 

  • Networking: Internet Router, Bridging, DNS server & proxy, DynDNS, DHCP server & relay, NTP support, automatic QoS
  • Network Security: Stateful Packet Inspection Firewall & Network Address translation (DNAT/SNAT/Masquerading)
  • Remote Access: PPTP and L2TP over IPSec support (including iPhone support)
  • Logging/Reporting: Full logging on local hard drive, searching, real-time reports for hardware, network usage and network security, daily executive reports
  • Management: Web-based GUI in local languages, setup wizard, configuration backup & restore, administrator notifications, SNMP support, centralized management using the Sophos UTM Manager (also free of charge)

http://www.sophos.com/en-us/products/free-tools/sophos-ut...

two things are important

first you should start by closing everything down that is not necessarily needed and than listen to your network users to hear what should be opened for everybody or for some and considers eventual risks (doing it the other way round takes less time in the beginning but will in fact open your network far too much)

secondly you should place some monitoring rules in which you can see all the computer that try to go to Russia, China, P2P services, IRC services and other stuff that are indications of abuse or securityrisks. You should look everyday at least once at those incidents and pull computers that are hefty on this sort of traffic from your network for a securitycheck. In a bigger network you should never talk about names or people but about IP addresses and networktraffic (in fact you even never have to know who has been so stupid to try to circumvate your security, that is problem for your bosses. The only thing you have to do is to stop the connections and ask someone to clean up that computer from all the malware and adware).

Permalink | |  Print |  Facebook | | | | Pin it! |

07/06/2013

all the tools you need to be anonymous or encrypted online whatever you do

it is one of those big organized lists that are not that easy for the newbies and dummies - you still have to find all the information yourself and you still have to install some stuff yourself and for for example the OS using live distros from other operation systems is something what more complicated to do

http://prism-break.org/

Permalink | |  Print |  Facebook | | | | Pin it! |

04/16/2013

sophos free home edition (you won't find Sophos in the shops) also mobiles and macs

normally they only sells to enterprises and institutions

but hey here they launch a free edition for home users

Our Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users – no strings attached. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses. The Sophos UTM Free Home Use firewall contains its own operating system and will overwrite all data on the computer during the installation process. Therefore, a separate, dedicated computer is needed, which will change into a fully functional security appliance. Just right for the spare PC you have sitting in the corner!

 

What can Sophos UTM do for my Home Network?

 

Many things! Sophos UTM is great for providing many network tasks you might be trying to do manually, with different products, or didn’t even know were possible.

 

  • Increase your Internet Bandwidth - You can make easy use of multiple Internet connections at the same time, giving your home more bandwidth.
  • Protect your Kids Web Surfing Habits - Use Web Filtering to stop sites from infecting you with viruses and spyware, keep your kids from surfing to bad sites, and get full reporting on the activity in your home.
  • Solve your Spam Mail Problems - Use Mail Filtering to clean up your inbox and reduce the amount of spam you have to sift through using any POP3 or SMTP setup.
  • Access your Home Network from Anywhere - Dial in using Roadwarrior VPN access to securely use Remote Desktop, transfer files, and even print, from anywhere in the world, even from your iPhone.
  • Connect to Work or Friends - Create a permanent tunnel to other Unified devices, linking you with a friends network, or having the perfect encrypted link to your office Astaro to work from home!
  • Stop Viruses in Web and Email - Dual Scanning Engines stop viruses in file downloads, email attachments, and embedded in web sites. Sophos catches them at the gateway, before they can get in to assault your computers.
  • And a lot more...

more at this link
http://www.sophos.com/en-us/products/free-tools/sophos-ut...

and this is for mobiles

http://www.sophos.com/en-us/products/free-tools/sophos-mo...

and this is a free antivirus for macs

http://www.sophos.com/en-us/products/free-tools/sophos-an...

Permalink | |  Print |  Facebook | | | | Pin it! |

03/19/2013

rapidshare users should migrate (Mega.co.nz is really cool) before they lose files

This is how it works. If you have a free account at RapidShare with currently unlimited storage, from this Wednesday you will only be allowed to store a total of 5GB. If you do nothing then all your files stored at RapidShare over the 5GB limit will be deleted April 3. Just to be crystal clear – if you currently have 20GB of files, 15GB will be deleted.

 

“If you exceed your storage space limit, you will receive a warning email that files will be deleted,” RapidShare warns. “If you don’t add storage space within the next 24 hours or delete some of your files, we will delete files. That happens at midnight 24:00 CET.”
http://torrentfreak.com/rapidshare-prepares-to-mass-delet...

mega.co.nz is so fast and you have much more free space and it is encrypted and your visitors - downloaders don't have all those nagscreens, time-limits and other stuff that makes downloading from rapidshare more a harassment than a service you do

Permalink | |  Print |  Facebook | | | | Pin it! |

02/19/2013

a open platform to share (mostly Chinese) targeted attackinformation

the more we know, the lesser they can know

"In the current threat environment, rapid communication of pertinent threat information is the key to quickly detecting, responding and containing targeted attacks. OpenIOC is designed to fill a void that currently exists for organizations that want to share threat information both internally and externally in a machine-digestible format. OpenIOC is an extensible XML schema that enables you to describe the technical characteristics that identify a known threat, an attacker’s methodology, or other evidence of compromise.

OpenIOC was originally designed to enable MANDIANT’s products to codify intelligence in order to rapidly search for potential security breaches. Now, in response to requests from across the user community, MANDIANT has standardized and open sourced the OpenIOC schema and is releasing tools and utilities to allow communication of threat information at machine speed."
http://www.openioc.org

and the tools to use and make and control all those indicators are for free available here, but you can also install a commercial version if your network is too great, the information to valuable or the number of specific attacks to great to deal with manually

http://www.mandiant.com/resources/downloads/

and you should read much more on that site, especially the new report with indicators of chinese APT

but do not forget, this is mostly chinese and they are not the only one who have installed hacker-intelligence groups inside their intelligence services (even friends you wouldn't expect it from ....)

Permalink | |  Print |  Facebook | | | | Pin it! |

02/02/2013

VMware is not secure an sich - look at this tool

It is always possible to bypass certain security measures on local system, authentication to guest operating system can be manipulated and bypassed in VMware workstation using VMInjector.

 

This small python based tool can be used during penetration testing or to recover the operating system password, all new modern organization are relying on virtual environment which makes such tool important to evaluate overall security.

 

As well known that VMware handle all information and resources within the guest operating system.  VMInjector injects a DLL library into the VMWare process to manipulate the RAM files and patching the function in charge of the authentication.

 

 VMinjector

 

Click on the image to enlarge

 

You can use this tool and then change your password to recover it or make it as a PoC during your pentest operation. to read more about this tool you can visit the official website : https://github.com/batistam/VMInjector
http://www.sectechno.com/2013/02/02/vminjector-tool-to-un...

I hear often that there is no problem because they use VMware as if this is the only thing to do to secure a site while it is just software and instructions, there is nothing magical about it

Permalink | |  Print |  Facebook | | | | Pin it! |

01/21/2013

5 security applications for your android

1.) Lookout Security & Antivirus: Lookout Security & Antivirus is arguably the most popular security and anti-virus for Android around. A free account lets you scan your phone for malware, back up and restore your data online, and use GPS to locate your phone should it ever get lost or stolen. [Get This]

 

2.) Avast Free Mobile Security: Avast Free Mobile Security supports a number of features that are usually available only in paid-for Android security software. These include privacy reports, call and SMS filtering, SIM-card change notifications, firewall and application management. [Get This]

 

3.) Kaspersky Mobile Security: Kaspersky Lab released a free security application to keep your contacts, email and banking information from falling into the wrong hands. Kaspersky Mobile Security Lite can also remotely delete all personal data from the device including contacts, addresses, calendars, text messages and email preventing sensitive information from being illegally used or stolen. [Get This]

 

4.) Norton Mobile Security Beta: Norton lends its anti-malware, anti virus, and security expertise to mobile. Smartphones hold a lot of valuable data: Text messages, e-mail, and even credit card numbers can reside on the device, where they're easily accessed. [Get This]

 

5.) AVG AntiVirus: This app originated from Windows and the PC. For Android users it comes the free app and a premium PRO versions. Users need to start the first scan manually, showing red warning indicators until you run it. AVG also has a task killer, a battery optimizer real time protection from unsafe websites as well as antitheft and phone location services. [Get This]

http://thehackernews.com/2012/01/your-android-really-need...

Permalink | |  Print |  Facebook | | | | Pin it! |

01/09/2013

why you should set firefox in auto-update

Firefox 18 has been released.

 

This month, there were 2917 bugs patched, with 21 security fixes.

 

Twelve of the security fixes were deemed critical.

 

There's also a brand-new JavaScript compiler (though it augments, rather than replaces, the old one), and full-on support for Retina displays on the groovier sorts of Mac
http://nakedsecurity.sophos.com/2013/01/09/firefox-18-bri...

imagine that each time you would have to update your firefox manually

but the other question and in fact something annoying is that developers of the plugins can't follow anymore and if you have started with 10 a few months ago there will be very few that will still be functional. The danger for firefox and its users is that you will have to keep an older version if you have really become fond of a new functionality.

Firefox should integrate the most popular and most interesting plugins in its core. For the security and for its users. They have already voted which functions were not developed or were better developed elsewhere.

Permalink | |  Print |  Facebook | | | | Pin it! |

01/05/2013

will facebook become the next new p2P platform

Despite increasing amounts of photos, videos, music, and documents one wants to share with family and friends there still has yet to be a convenient method for doing so.

 

Enter BeamItOver.

 

BeamItOver is the latest and greatest project from the BitTorrent Torque Labs, and it doesn’t disappoint.

 

“It has the same functionality as some other Torque Labs projects, but it has been designed from the ground up to bring the inherently social activity of sharing files to where the people are,” says the company in a blog post. “It?s a Facebook app that aims to make sharing your files as simple as sharing anything else.”

 

What BeamItOver does is allow users to finally share unlimited-sized files with friends and family right inside of Facebook. The desktop app makes it more convenient than ever before to share those family videos, photo albums, music, and data for which current methods can be exasperatingly difficult, especially when dealing with those that are less than tech-savvy.
http://www.zeropaid.com/news/103008/beamitover-unlimited-...

or will they block it

Permalink | |  Print |  Facebook | | | | Pin it! |

10/31/2012

FREE make your own adapted windows8 look for your users for free

Classic Start Menu is a clone of the original start menu, which you can find in all versions of Windows from 95 to Vista. It has a variety of advanced features:

  • Drag and drop to let you organize your applications
  • Options to show Favorites, expand Control Panel, etc
  • Shows recently used documents. The number of documents to display is customizable
  • Translated in 35 languages, including Right-to-left support for Arabic and Hebrew
  • Does not disable the original start menu in Windows. You can access it by Shift+Click on the start button
  • Right-click on an item in the menu to delete, rename, sort, or perform other tasks
  • The search box helps you find your programs without getting in the way of your keyboard shortcuts
  • Supports jumplists for easy access to recent documents and common tasks
  • Available for 32 and 64-bit operating systems
  • Has support for skins, including additional 3rd party skins
  • Fully customizable in both looks and functionality
  • Support for Microsoft’s Active Accessibility
  • Converts the “All Programs” button in the Windows menu into a cascading menu (Vista and Windows 7)
  • Implements a customizable Start button (Windows 7 and 8)
  • Can show, search and launch Windows Store apps (Windows 8)

http://classicshell.sourceforge.net/features.html

So you don't need expensive consultants to do that for you and there is no excuse not to start with planning and playing around with the images and bundles you would need for your network

especially if you are a smaller network and you don't have the money to invest in AD, PKI, application control and all that it would even be simpler with your environment and it would send you lightyears ahead in security (even if most of your workers are working also or primarily from a distance)

Permalink | |  Print |  Facebook | | | | Pin it! |

10/30/2012

what is a book sprint

A Book Sprint brings together a group to produce a book in 3-5 days. There is no pre-production and the group is guided by a facilitator from zero to published book. The books produced are high quality content and are made available immediately at the end of the sprint via print-on-demand services and e-book formats.

Zero to book in 5 days. Seem impossible? Its not, its very possible, fun, and extremely rewarding.

There are three common reasons to do Book Sprints:

  1. Produce a book : at the end of the process, we obtain results in a book.
  2. Producing and sharing knowledge : the contents are published and shared under free distribution license.
  3. Experiencing other ways to work together : to enjoy and learn from a process of collective creation.

http://www.booksprints.net/about/

Permalink | |  Print |  Facebook | | | | Pin it! |

10/29/2012

Cheap 3D printing and how to keep it cheap (and not locked in)

Julie Samuels EFF

 

Thanks to the open hardware community, you can now have a 3D printer in your home for just a few hundred dollars, with dozens of printer models to choose from and build upon. Community-designed printers already outclass proprietary printers costing 30 times as much. This incredible innovation is possible because the core patents covering 3D printing technologies started expiring several years ago, allowing projects such asRepRap to prove what we already knew—that openness often outperforms the patent system at spurring innovation.

 

Open hardware printers have been used for rapid prototyping of new inventions, to print replacement parts for household objects and appliances, by DIY scientists to turn a power drill into a centrifuge, for a game in which you can engineer your own pieces, and for thousands of other purposes by makers of all stripes. Projects like MakerBot and Solidoodle have made 3D printers accessible on a plug-and-play basis, so you don’t even need a soldering iron to start manufacturing objects you designed or downloaded from the Internet. As additional patents expire, the open hardware community will be able to unleash its creative spirit on new technologies, technologies that have already been used to design custom prosthetics, guitars, shoes, and more. The possibilities are limitless.

 

The Problem 

 

While many core patents restricting 3D printing have expired or will soon expire, there is a risk that “creative” patent drafting will continue to lock up ideas beyond the 20-year terms of those initial patents or that patents will restrict further advances made by the open hardware community. The incremental nature of innovation in 3D printing makes it particularly unsuitable for patenting, as history has shown.

 

The Project 

 

We’ve said before that the America Invents Act failed to address many of the patent system’s worst problems. Despite that, it does include at least one provision we think could be helpful: the newly implemented Preissuance Submission procedure. That procedure allows third parties to participate in the patent application process by creating a vehicle to provide patent examiners with prior art. We’re glad to see the Patent Office open up the process to those who might not be filing patents themselves, but who are affected by the patent system everyday. We’re also glad that this new process may help stem the tide of improvidently-granted patents.

 

EFF and the Cyberlaw Clinic at Harvard’s Berkman Center for Internet and Society are working together to use this new process to challenge patent applications that particularly threaten growing 3D printing technologies. As a first step, we are evaluating 3D printing patent applications currently pending before the Patent Office to identify potential target applications. We need your help! If you know of any applications covering 3D printing technology that you think should be challenged, please let us know by emailing 3Dprinting@eff.org (and also point us to any relevant prior art you might know about).

 

To get involved with the search, go to the USPTO’s application search toolPAIR, and/or Google Patents. Each of these sources contains valuable details about the applications currently pending before the USPTO.

 

Here’s the thing: under the current rules, a patent application may only be challenged by a Preissuance Submission within six months of its publication (or before the date of the first rejection, if that comes later).
This means the clock is already ticking on the current crop of patent applications.

 

Once target applications are identified, we will seek out relevant prior art. We’ll be asking for your help again then, so please watch this space.

 

Any document that was publicly available before an application was filed is considered prior art; this can include emails to public lists, websites, and even doctoral theses. Because of the time limit, once we identify the target applications, we must complete the prior art search quickly.

 

We’re glad there’s a new way to to challenge dangerous patent applications before they become dangerous patents. But the America Invents Act and the search capabilities of the Patent Office’s website won’t make this job easy. We need your help to get this done, so please do what you can to help protect the 3D printing community from overbroad patents that can threaten exciting innovation.
http://www.trueactivist.com/join-the-movement-to-keep-3d-...

Permalink | |  Print |  Facebook | | | | Pin it! |