Backtrack Team: Guest Post

Affichage des articles dont le libellé est Guest Post. Afficher tous les articles

How To Chat With Friends On-line Without Being Tracked By The NSA

The latest scandals with Edward Snowden, news about Internet users were spied on by law enforcement agencies in a number of countries and the rumors regarding the fact that many large Internet companies leak confidential information on network users are a wake-up-call to the users who require reliable, private and state of the art security services. Any downloading software, as practice shows, can be equipped with the so-called “backdoors” for data interception. The phones also ping cell towers all the time as there's no other way for them to function. Pinging means those cell towers know the phone's location which, essentially, makes it a tracking device.

All those events made us think of searching for an alternative and safe channel of communication with friends and business partners, anonymous web surfing and file sharing solutions.

So is there any way to stay anonymous during the age of the Internet?

An obvious answer to that would sound something like this: 'Throw your phone, laptop, desktop out of the window, pay for everything with cash and don't talk to strangers'. Of course, that approach (even though it's actually the safest option) wouldn't work for most users which leaves us with extreme to-be-or-not-to-be types of choices. This article explores ways of preserving both: your digital life and your privacy.

Choose your software carefully

You may find many recommendations on-line on how to tune your PC to protect yourself from viruses and phishing scams. They all may or may not achieve the same goal but the primary question is, “can you really trust the software that you are protecting you from viruses and can you be sure it's not a major tracking virus itself?”

There's a lot of info on the web about ‘how famous software companies report all the bug-fixes to the NSA'; which sounds like a scary thought.
This, of course does not mean there's 100% assurance that all systems do not give info away. It is a fact that alternative OS's do not have as many viruses as the most popular ones. Therefore, if you're a security geek it is a good idea to consider shifting to a different OS. One great example is Qubes OS, a Linux distribution that runs its programs inside dedicated virtual machines reducing the amount of potential vulnerabilities.

Browser Wars

This time it's not about speed, it's about security. Having the concept of an OS tracking should make you avoid private web-browsing on native browsers such as Internet Explorer or Safari. The latest versions of all four major browsers including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari, were hacked at Pwn2Own Hacking Competition 2015. To save your private life online you can use alternative browsers, like the Midori Web browser, which, by the way, features the anonymous search engine 'DuckDuckGo' by default, Epic browser or open-source project Chromium. It's just so happens that Firefox started “safe internet” and still epitomizes it.

Use a VPN

Virtual Private Networks are getting more popular. The popularity of these services is justified by the level of anonymity they're able to provide. A VPN server encrypts all of your traffic. They will hide your IP address and location by giving you their own IP address. Surf securely without footprints and leave your online privacy untouched. You can choose to be a resident of South Africa, Argentina or Belize if so desire. If your VPN provider has decent encryption there's no way to track where you really are.

The conversion itself, however, can easily be logged by chat services, like Skype or Google Hangouts, so it is a good idea to review secure alternatives.

Chatting

Most chat services work by using a central server. This means that all of your text or audio words and sent files are stored on the server of the provider. If the NSA wants to gain access to this data, it will have no problem.

There are a great number of services offering secure and anonymous encrypted chat rooms.

Privatoria offers a bundle of web security and anonymity services including secure data transfer, anonymous e-mail, Proxy/VPN and of course secure chat.

The peculiarity of this service is the absence of a central server. Their chat technology is based on WebRTC; meaning there's a direct connection between browsers without transferring data or logging information on the servers unlike traditional chat solutions like Skype, Google Hangouts, etc... So, no one can access your different ways of communication.

You will be able to communicate with all of the advanced features like text messaging, voice and video calls, file transfer, etc...

Cryptochat is an app for Android users for secure chatting that allows end-to-end password-protected encryption.

CryptoCat offers group chat, file sharing and provides encryption for doing so. Extra features include Facebook integration and the ability to send photos.

Surespot is an open source mobile messaging app with 256 bit end-to-end encryption. It does not require registration and allows sending voice messages from multiple accounts on a single device.

The Choice is yours

Trying to sum it all up, we can firmly state that the world of technology is constantly evolving and that the government wants to control this process. There are no guarantees that you are not being tracked while reading this article or watching Youtube videos.

There are ways to preserve your privacy or at least give Uncle Sam a hard time when he tries to spy on you. To secure yourself you may want to try using a VPN, alternative OS's, secure chat solutions to transfer your encrypted messages or even set up your own private server machine with cloud storage, a chat server and other useful stuff.

by Malik korrich ~ mardi 31 mars 2015 0 commentaires

Creating an iOS Application Using Wordpress

With a whole lot of room for incessant innovation in Wordpress, the web development community is consistently striving to make WP spread its wings further.

And this is where the concept of using Wordpress to create mobile apps comes into existence. Yes, there are plugins and granted, they are great, but if you are willing to compromise control and let the third party tools dictate terms, you might as well go ahead with the likes of AppPresser and Mobiloud.

But, when being in the driver's seat is on your agenda, segue on to the following partially plugin-assisted ways to create iOS apps using Wordpress:

Build a Web Application Theme that Stays True to the Most Basic Strictures

There is a standard conceptualization (or should I say conceptual standardization?) of mobile apps – a mobile app is the one that runs and appears great on a mobile device. Though, this hardly covers the native app concepts that exist at the very fibre of mobile apps of all sorts.

What needs to be clearly understood is whether the guy who is buying your app to sell it to his customers considers the standard web app as the iOS app he is expecting you to roll out. If that indeed is the case, you have your task cut out (it hardly is a task) – just code a theme that will let your content be displayed on a Smartphone screen in a manner most clean and clutter-free.

OR, you can use PhoneGap with technologies like CSS, JavaScript and HTML to create a shell application. Accompanying it, you will need a browser that shouldn't display an address bar and something that leads to the app you have created. The final app you have through this method may not be something you would be immensely proud of, but you have just created your first mobile app using few web technologies, that alone is worth the price of admission. However, if that doesn't please you enough, there are more ways to follow:

Wordpress Will Collect Data for You. Now Input the Same to an App Generator

Here is how it goes like:

To begin with, you create a custom posts on the Wordpress CMS. The custom fields are then to be placed to where they belong. You can then move on to creating a custom plugin that would lend a sense of structure to the whole setup of data. And then, the app generators come into play. Using these app generators, you have the wherewithal to compile the apps with their own compilers. The data from Wordpress can then be fed using the URLs – which can either be done using plugins or via the Wordpress XML-RPC - and creating apps becomes a task much feasible following that.

Wordpress Will Collect Data for You. Now, Create the iPad side of things Natively

Well, if you don't have a whole lot of idea about this one, you have the option of branching out to a development company that has the expertise to blend the Wordpress strategy with the mobile technology in the most seamless and effective fashion and thus create exceptional native apps.

All said and done, there are a bunch of things that ned to be off the deck before you swing-start the development process. Coalescing data from the Wordpress URLs has to be done in a precise manner you must be appropriately equipped to handle the responses. The UI operations also have to be handled with utmost care and not to mention, do steer clear of all the possible oversights.

Author:

Sarah Parker is a veteran tech savvy content writer associated with Designs2Html Ltd, where you can opt for PSD to Wordpress conversion services. Also, in case of availing PSD to Magento Theme Conversion services, you can get in touch with her.

by Malik korrich ~ vendredi 22 août 2014 0 commentaires

Are Cisco Products Really Safe? What is Vulnerable?

In the wake of the recent Heartbleed security scares, it can be difficult to keep track of all the potential security risks along with how they might affect you. Several companies have already issued statements to customers to let them know that the vulnerability has been patched and what they can do to ensure their personal data remains un-compromised.

Others, such as Cisco, discovered that the exploit affects their hardware as well as their website which can be a much more difficult problem to solve as it requires each of the individual devices to be updated on their own. Cisco published a list of vulnerable devices, but by their own admission, they have not finished analyzing all of their equipment yet. Here are some of their more popular devices and how their vulnerability might affect you:

Routers - A router is a devices that controls the transfer of data between two or more computers. It receives data from one device and then routes it to its intended destination. It functions like an air traffic controller, directing information along it’s appropriate path. The Cisco routers that are vulnerable could allow outside access to your entire network. Your security is only as strong as your weakest link, and as a router is sort of a hub for all inter computer communication it could expose private data or security keys that are used during the transfer process.

Switches - A network switch is a device to physically connect a network of computers. Different than a hub, which broadcasts the information to be transferred across all ports, the switch is able to specifically identify each machine on the network and send data only from one specific machine to another specific machine. A hacker who gained access to the switch would not even need to be physically connected as he could gain entry via any of the computers connected to it. It would require a second vulnerable point, however, which does reduce its threat to your system’s security somewhat. Once hacked it would provide access to all networked devices and their specific identification information, along with any data being transferred between any attached device.

Access Points - An access point is generally wireless and connects via hardwire to an existing network while allowing other devices to connect to the same network using a wireless connection. All WiFi setups use an access point to give users access to the Internet. While convenient, it relies on encryption technology to restrict outside access to a network. The vulnerability could allow any hacker within physical range to enter the network and gain access to the entire network of connected devices. It would allow access to all data being transferred, as well as potentially any data stored on any connected devices as well, depending on their own individual security.

Firewalls - A firewall is essentially a software or hardware based security barrier made up of rules that decides how to handle all incoming and outgoing traffic between a secured and unsecured network, such as the Internet. It is essentially the equivalent of putting up a moat that forces all traffic to be considered and approved before being allowed to pass through the wall. Recently, it was revealed that the NSA has what is essentially a permanent backdoor into Cisco firewalls. All Cisco hardware must legally allow for the potential need for wiretapping and certain conditions are integrated into the internal software of a device, though most are never used. Though it seems that as long as these systems are in place, the NSA can upload and update their particular exploit allowing access through a normally impassible firewall.

Overall, whether you are exposed or not depends on which specific Cisco devices your company has. Some of them are not vulnerable at all to the Heartbleed exploit while others are until they are patched. Cisco may simply offer a replacement for your current device, or you may want to consider seeking alternatives in the meantime if none of the current solutions suit your needs.

Camille McClane is a writer, researcher and editor, who frequently blogs about about Cisco training and other computer repair-related subjects. Her favorite subject to focus on is emerging technology trends and its overall effect within business expansion and relations. She hopes the readers of eHacking.net enjoy this article as much as she enjoyed writing it.

Image Source

by Malik korrich ~ mardi 29 avril 2014 0 commentaires

Grey Matter: What is Ethical Hacking?

We have all heard about hackers, and if we are really unfortunate, we may have even been victims of criminal hacking activity. From stealing financial details of individuals through to theft of data from big businesses, hackers are experts at infiltrating computer systems for fraudulent purposes. It’s for this reason that “hacking” normally has many negative connotations.

But there is a flip side to the world of hacking that is altogether different. In fact, there is such a thing as an “ethical hacker”. The term may sound oxymoronic, but actually the advanced practices of hackers can be used for good as well as bad.

How so? Ethical hackers infiltrate computer systems in covert ways (just like their criminal counterparts), but instead of hacking in order to take individuals and corporations down, they hack computer systems in order to find weaknesses that need to be protected.

Who uses ethical hackers?

The skills of ethical hackers are extremely sought after. By leaning on the expertise of “white hat” hackers, organizations can identify the weaknesses within their systems, and ensure that they have robust security measures in place to protect their data. In our world of “big data”, where so much sensitive and valuable information is stored online, system security is more important than ever before.

For example, if a bank has security issues that can potentially lead to financial data being exploited, this could have extremely negative repercussions. Another instance may be if a government branch has security problems that could lead to sensitive security information being leaked; this could have major effects on civic safety. For this reason, organizations that need to protect their data and sensitive information often employ ethical hackers.

The route to ethical hacking

Because we are used to thinking about hacking in such a negative way, it can be difficult to think of hacking as a skill, but in fact, it takes a great deal of expertise, learning, and experience to be a great ethical hacker. As hacking requires such an advanced and niche skill set, ethical hackers can find themselves in great demand, but getting to a point of employability can be a long process.

Of course, as a first step, people who want to become ethical hackers should study for a relevant qualification in related fields, such as information security. But beyond this, it is experience and a solid reputation that makes ethical hackers experts in their field. Working as a network engineer and building a repertoire of security certifications is a great way for aspiring ethical hackers to prove their worth to prospective employers.

Certification

There are various certifications are available in market. For people who already have a few years of experience working in internet and network security, this certification is a great way to advance and hone hacking skills, greatly improving the chances of employability as an ethical hacker. The five-day course (which can be taken on-site or online) covers all of the ethical hacking fundamentals such as trojan horses, viruses, and system hacking.

As our world continues to migrate online, “big data” is only going to grow. As the potential or fraud rises, so will the need for people who can protect systems against that fraud. As a result, the future looks very bright for ethical hackers.

Camille McClane is an online journalist with a passion for developing technology for business. As a contributor to 1800-Number.com’s blog, she also enjoys covering the topics of globalization and corporate telecommunications.

by Malik korrich ~ mardi 22 avril 2014 0 commentaires

Social Media Monitoring Tool as an OSINT Platform for Intelligence

http://www.ehacking.net/2014/02/social-media-monitoring-tool-as-osint.html

Conducting OSINT for wider intelligence, counter-terrorism and risk management work has become a complex and increasingly resource intensive task for both Government and Defence Intelligence agencies and the commercial risk management sector alike. The paper share by talkwalker to ehacking covers some of the challenges involved in the collection and processing of OSINT and how a social media monitoring tool can exponentially enhance those processes when implemented as an OSINT platform.

by Malik korrich ~ mardi 25 février 2014 0 commentaires

8 Ways to Prevent SQL Injection

SQL injection targets the back-end database, allowing hackers to create, delete, modify or read sensitive data. The consequences of such a breach are varied, depending on the motivation behind the attack. Regardless of whether a hacker is attempting to expose sensitive data or on a mission to cause serious consequences, enterprises want to avoid being vulnerable to SQL injection.

SQL injection is one of the most common methods used by hackers to gain unauthorized access to sensitive information. Even major brands such as Sony Pictures, Microsoft, Yahoo, LinkedIn—even the CIA—have been breached using SQL injection. Here are a few tips for protecting against this vulnerability.

Escaping and Filtering

Areas of user input, such as login screens and form fields, are often vulnerable to SQL injection. One way to protect against it is to properly escape and filter user input and special characters.

Avoid Displaying Syntax Errors and Other Database Information to Users

Error notifications often reveal sensitive database information to users. Avoiding the display of syntax errors and similar messaging protects the information stored in the database from outside or unauthorized access.

Limit Database Privileges

Create numerous user accounts with varying levels of database access, limiting user types to only the access necessary for functionality—not more. Giving users access to areas of a database they don’t require broadens the playing field for hackers in the event of an attack.

Avoid Executing Multiple Queries in One Statement

Each statement should execute a single query. Allowing multiple executions in a single statement leaves the door open for injections, adding complexity to the validation process.

Secure Input Validations

Input validation techniques which authenticate user input against pre-defined rules helps prevent the injection of unauthorized snippets. Validate input data for length, type, and syntax, as well as against your business rules.

Never Trust User Input

In addition to escaping and filtering, you should maintain a high level of distrust of any user-entered data. Not because you think all your users have malicious intent, but because you don’t know that malicious users aren’t masquerading as innocent users. Don’t allow inappropriate characters to be input for a phone number, for instance, or non-practical input for email addresses or user names. Sanitizing based on practical rules provides maximum protection against SQL injection.

Eliminate Unnecessary Database Functionality

Maintaining the existence of database functions that you don’t really need only broadens opportunities for SQL injection. Minimize your database usage to what you need to run your applications adequately.

Use a Web Application Firewall

Web application firewalls can be useful tools for detecting and blocking attempts to push SQL through web channels. Blocking SQL attempts at the firewall level even eliminates the limited hacks that can break through and access only a portion of your database if you’re using limited database privileges based on user context.

These eight tactics will help prevent your applications, and your users, from falling victim to potentially devastating SQL injection attacks. There are dozens of rules for maximizing your protection against SQL injection, but these eight rules serve as foundational principles that will help ensure security at the most basic application level.

Author Bio

Fergal Glynn is the Director of Product Marketing at Veracode, an award-winning application security company specializing in how to prevent a SQL injectionand other security breaches with effective risk assessment tools

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.

by Malik korrich ~ jeudi 21 novembre 2013 0 commentaires

6 Ways Your Data is Vulnerable to XSS

Cross scripting (XSS) vulnerabilities leave your database open to exploitation. Once I hacker has gained entry they can add information, remove information or download that information for their own use. Companies need to audit their web applications in order to make sure that their data is invulnerable to XSS. Six ways that your data may be vulnerable include: cookies, and SSL connection, forums, user issues, special characters and limited security.

Cookies

In terms of online activity, cookies are not a treat. Their purpose is to help users access information that they once viewed on a website. It also helps the owner of the website with analytics. Hackers also love cookies, however and the way they use them as to help gain access into a website or into a personal computer.

Personal computer security tips include routinely cleaning out cookies. Users can even create a setting that does not allow third-party cookies when they surf online. Many users do not follow these security tips and when they don’t it allows for Issues for both the surfer and the commercial site they visit.

SSL Connection

Users and businesses both believe that if information is viewed through an SSL connection they are safe from attack. This is not true in terms of XSS vulnerabilities. The code that is being used is only exploiting a vulnerability that already exists. Just like firewalls cannot protect from certain hacker attacks, you can’t rely on an SSL connection to protect you from Cross scripting vulnerabilities.

Forums

When the company allows users to enter information directly into a database or add information to a forum they are leaving themselves open for a possible Cross scripting attack. Once a hacker is in a forum and is entered information they then can start entering code that will exploit any existing vulnerabilities and allow them to gain access to the inner workings of the website.

User Issues

The way that a user inputs information can leave commercial websites and web applications vulnerable. One way that user input can allow hackers access to web applications is when they request a lost username or password. If the company does not have proper safety protocols in place to verify the authenticity of the request, then a hacker can game the information they need to enter a website.

This is because users are often not careful in terms of creating usernames and passwords. If the hacker can gain access to one, then they can make a request from the company website to obtain the other. Users also do not often have proper security software on their computing devices. If a hacker has been able to gain access to the individual’s computer they may be able to either obtain usernames and passwords for specific sites or no the sites that they visit and how they gain access.

Special Characters

Some companies try to eliminate the ability of hackers to guess passwords or usernames by allowing special characters. While this can make a password more complex, it can leave a company’s data vulnerable to XSS attacks. If a company is going to use special characters to help end-users create usernames or passwords, there should be special parameters in place to help make the company’s web applications less vulnerable.

Limited Security

Another way your data may be vulnerable to XSS is due to lack security measures. If your company does not audit your web applications and e-commerce sites for potential vulnerabilities you may not be aware of problems that already exist. If your company has limited security or does not have a routine in place for monitoring and protecting online applications, then you may be vulnerable to an attack and not be aware that it has occurred.

Your company needs to create and maintain a strict security schedule in order to protect data from Cross scripting and other attacks. Limit the use of cookies, don’t rely on an SSL connection and make sure that the use of forums does not expose the company to unnecessary risk. Limit special characters and create routine audits of rope applications to help protect your company’s data as well as to find and eliminate any potential XSS vulnerabilities.

Author Bio:

Fergal Glynn is the Director of Product Marketing at Veracode, an award-winning application security company specializing in secure SDLC, prevent XSS with Veracode.com, and other security breaches with effective risk assessment tools

by Malik korrich ~ vendredi 15 novembre 2013 0 commentaires

3 Tools to Aware Of That Exploit Android Security Vulnerability

Android is slowly becoming a popular target for hackers and other cyber-criminals world wide. Malware developers are now exploiting the security vulnerabilities found in Android with specific tools that can be modified to “trojanize” any legitimate app. Many of these tools are remote administration tools or RATs that allow the attacker to remotely control the device remotely with a user friendly interface.

AndroRat

AndroRat is a free and open source remote administration tool designed for Android. This tool allows the attacker to control a wide variety of features within the infected smartphone. Some of the AndroRat's innovative features include the ability to make phone calls, send messages from the infected phone, access the GPS coordinated of the phone, activate the microphone, access stored data and much more.

AndroRat APK Binder

AndroRat APK Binder is a malware tool that allows you to bind AndroRat directly to an app. The APK Binder is currently being sold at about $37 through various underground forums. The tool AndroRat is available in the APK format and when combined with the APK builder will allow any user with minimum expertise to infect a legitimate app and trojanize it. When a user installs the trojanized app, they also install AndroRat unknowingly. The attacker can now access the infected phone remotely and use it for their benefit.

Adwind

On similar lines as the AndroRat, a Java based RAT that has been named as Adwind is also making rounds on the Internet. This tool can be used in multiple OSes as it is a Java based tool. This tool too can assume control of an infected device remotely. However, it is not yet known if the tool has been bound to any of the legitimate APKs.

Cases of infection

So far, there have been over 20 cases of legitimate apps being infected by AndroRat. In addition to this, over a few hundred cases of infected devices have already been reported world wide with a majority of the infections talking place in Turkey and the U.S. The number of infections is also on the rise and is bound to continue as the malware tool gets refined with new features and options. The open source nature of the tool has made it gain quick popularity. As a result, the tool may also evolve and grow to become a greater threat than it already is.

About the Author

Seth Williams has been writing with Firebox Training, since July, 2011. He writes on many topics across IT programming, Firebox Oracle ADF training and developments in the industry. Through spreading wisdom across forums and tech blogs, Seth has realized an open source approach to training professionals across the globe is the way to go.

by Malik korrich ~ jeudi 17 octobre 2013 0 commentaires

Windows Malware is Creating New Virtual Pirates

The most commonly used desktop operating systems (OS) today are Windows, by Microsoft. Apple’s iOS and several other outlying operating systems created by competitive software types including Ubuntu. All of these operating systems are in a fierce battle for market share and all want to be most user-friendly. Ubuntu has one advantage because the number of users is much less when compared to Windows and iOS, which is why hardly anyone tries to hack into the system. There is little hacking gratification from cracking software that is used by a smaller population which is why the more popular your OS is the more likely you are to be hacked; the wider the use, the higher the risk of hacking.

The Issue of Hacking and Ransom Calls

The serious issue at hand is that because Microsoft is leading the OS industry, it faces the greatest threat of thousands of hackers trying to bypass firewalls and security almost daily. The hackers have the simple but inexplicable motive of causing havoc among the masses. Some have a more specific cause, such as wanting to bring down the organization for some personal gain or vendetta. Sadly many hackers today are unofficially employed by competing firms so that they can take advantage of the security weakness of one company’s software. The latest versions of Windows, and Windows 8, are in fact a very efficient OS’ and have excellent retooled security.

However, a Germany based spam malware is now being distributed via email and other download sources that might be able to infect the boot record of computers running on Windows. If the hack is successful in doing so, then it is possible that the hacker will have the ability to access your computer. There have already been a few cases where hackers have managed to see this process through and have asked for a ransom before unlocking the user’s computer once more. These are the new pirates and the new realities of our virtual world.

How the Malware Gets into Your System

The idea of millions of people in the world having to pay a ransom to use a system is quite scary, and worse than that is the possibility of external people viewing private or confidential information stored as soft copies on a Windows based computer.

The malware that is being discussed here is being sent through emails as spam in German. It is possible that the choice of the language is to throw off security and cause them to look for sources in Germany. The origin of the malware has not yet been discovered, however, Microsoft is currently working on how to prevent this virus from infecting systems. Lets hope they figure it out before this gets out of hand.

The malware was first found by Trend Micro, a small company that is into the tech business, and the code name that has been discovered is BKDR_MATSNU.MCB. As always, it is best to be weary of spam emails that come from unknown sources. The malware works only if you download the attachment sent in the mail. Although most people generally avoid such downloads, the mail has a subject and body that mentions that the person receiving the email has to pay up a certain amount of money, and that the details of the recipient are found in the attachments. This part generally has the effect of coaxing people to check the mail just to make sure.

Don’t do it! If you get a bill from someone as an attachment you don’t know, do not open any attachments. If you have a valid concern or curiosity, find an alternative way to validate the claim. Do a web search for the company or try to find a phone number. If you cannot locate a legitimate source online, you can assume it was an attempted hack.

About the Author:

Seth Williams has been writing with Firebox Training, since July, 2011. He writes on many topics across IT programming, training and developments in the industry. Through spreading wisdom across forums and tech blogs, Seth has realized an open source approach to training professionals across the globe is the way to go.

by Malik korrich ~ mardi 15 octobre 2013 0 commentaires

Security Guard. Tips and Tricks for Windows 7 Protection

There are several obvious actions which can help you to protect your PC. You should install the newest patches for the OS and apps. Besides, buy the newest anti-virus software and use complex passwords. Here you will find some recommendations which can help you to use all the protection capabilities in Windows 7.

Using BitLocker

BitLocker is one of the most popular and improved securities in Win 7. This hard disk and encryption technology and protecting the integrity of the boot medium first appeared in Windows Vista. We can find BitLocker in several Ultimate and Enterprise edition of Win 7. This program does not allow an attacker to extract data from the hard disk of stolen notebook if it was off at the time of the theft.

But there is one problem with BitLocker. It is difficult to restore data after hardware failure if protected volumes were blocked. That’s why although this technology can provide a great protection many of IT-specialists say that it is a problematic thing, because they face with it when it is necessary to make a data recovery.

In order to restore your data you need an access to keys or password of Bitlocker (which relate to blocked volumes). If there are not many computers it is easy to watch passwords and keys, but if the bill goes to the hundreds of them this task is really difficult.

Group policy allows IT-experts to configure BitLocker so, that encryption activates only after the successful creation of the keys and passwords’ back-up copies in Active Directory. Restoring of the encrypted data became really easy because of the changes in equipment of “Active Directory – users and computers” in Windows Server 2008 R2 and appearing of Remote Server Administration Tools for Win 7. Keys and password search became easier than in the same facilities of Win Vista.

Instead of uploading, installing and configuring special options you just need to refer to the keys and recovery passwords of BitLocker using “BitLocker Recovery” (you can find it at the page of the properties of the computer account in “Active Directory Users and Computers”). The passwords and key back-up process include three stages.

1. In the group policy editor of the computers’ accounts go to the folder Computer Configuration/Windows Settings/Administrative Templates/Windows Components/BitLocker Drive Encryption.

2. If a computer has only one disk, go to the unit “Operating System Drivers” and edit the policy “Choose how BitLocker protected operating system drivers can be recovered”. If there is more than one disk use the unit “Fixed Data Drivers” and edit the policy “Choose how BitLocker protected fixed data drivers can be recovered”. Pay attention that although these policies can be configured identically they will affect to different disks.

3. Inorder to adapt back-up copy of the passwords and keys of BitLocker in Active Directory when BitLocker protection is on, turn on the next options:

- Save BitLocker recovery information to AD DS for the operating system drivers and for hard disks if you need.

- Do not enable BitLocker until recovery information is stored in AD DS for the operating system drivers and for hard disks.

Passwords and keys of the protected volumes will be copied only after applying the policy. Passwords and keys of the volumes where BitLocker protection was configured earlier will not copy automatically to Active Directory. You will need to disable and enable again BitLocker and only after that the backup information will appear in Active Directory.

About the author: Paul Smith is a staff writer of http://askessay.com/. He is passionate about writing on various topics, including business, technology and social media.

by Malik korrich ~ samedi 5 octobre 2013 0 commentaires

Think Like a Hacker and Improve Your Computer Security

You may not know it, but right now you could be under attack. As you read this, your computer could be being bombarded by hacking attempts from individuals who want to break into your personal files and plunder what they find there. These attacks could potentially damage your computer and leave you facing a virus, or worse they could result in your personal details being stolen and used to empty your bank account or just send you tons of junk mail.

You might not be aware of it again, but your computer is probably meanwhile trying to defend itself against such attacks and stoically protect you and your private data from theft. An arms race is going on at all times between the two with you happily browsing away on Facebook, but if you want to turn the tides in your computer's favor then it's time to get involved. And successfully defending your computer means knowing how the bad guys operate and how to counteract their every move. Read on to get inside the minds of those who would steal your information and start beating them at their own game.

Image Credit

Staying Under the Radar

One thing worth considering is what makes someone a target for hacking in the first place, and the answer to that is simply opportunity. Most of us won't be seriously hacked or pick up serious viruses unless we're very unlucky or unless we expose ourselves. And we can expose ourselves by visiting the wrong sites that aren't quite so strict about the kinds things they allow on them, or by accessing the web on open networks without protection. Sharing your details around the web is also a recipe for disaster, so if you have a website with your full e-mail visible - take it down. Most hackers don't come to you, but rather wait for you to come to them. Play it safe and don't do anything to draw attention to yourself.

Rage Against the Machine

Also worth bearing in mind is that most bad guys - just like in the movies - don't like to do the dirty work themselves. In this case, cyber criminals will instead create programs and software ('bots' and 'spyware') to carry out the gruntwork en-masse. This means that what you're up against a lot of the time is simply algorithms that look for patterns and that approach matters in a methodical way. Understanding this is key to creating successful passwords - avoid anything common, anything predictable and anything that follows a pattern. Think random, and think 'human'.

Hackers are Coders

To understand the hacker, you must understand the coder - and understand that this is someone who thrives on creating solutions to complex problems. In this case, your computer is the problem and they will think of just about anything to get in once they've decided to start trying which could involve looking at your keystrokes with a piece of spyware to guess your passwords, or picking up your location on your phone to route through your trash in person. Make sure that you work the same way - that you think of everything and don’t leave any stone unturned. That means doing every update, it means being constantly vigilant, and it means changing your password regularly.

Author Bio:

Today’s featured writer, Jason Haddad, works as a tester for wellresearchedreviews.com. Being an ardent writer, he often shares his views and opinions on the issues related to information security via his articles.

by Malik korrich ~ lundi 12 août 2013 0 commentaires

5 Ways to Be Protected from Cyber Crimes

Cybercrime, also known as computer crime, is any time of criminal activity that occurs using a computer or the Internet. Such crimes can be devastating and cause great harm to the victim; types of cybercrimes include child pornography, copyright infringement, phishing scams, and fraud or identity theft. Even more serious potential cybercrimes include cyber terrorism and cyber warfare, both of which are becoming more and more common following the increased worldwide use of the Internet. To protect yourself from becoming a victim of the devastating effects of cybercrime, follow the 5 Ways to Be Protected from Cyber Crimes listed below.

1. Exercise caution when surfing the web. That means if you shop online, only buy from websites that you trust to be secure or have had numerous experiences with. If you have never heard of or interacted with a particular website, make sure to do your research beforehand to determine its credibility. Entering your personal information on an unprotected or fraudulent website can have disastrous consequences which can easily be avoided by remaining alert.

2. Even the best cyber protection can fail, so it is important that you regularly monitor your financial statements to ensure that you are not a victim of fraudulent activity. If you see anything suspicious or out-of-the-ordinary going on in your account, you can contact your bank and take steps to ensure it won't happen again.

3. This may seem like a given, but use anti-virus software on your computer to protect yourself against cybercrime. This software can be a strong deterrent to any scams or viruses. Everyone should invest in good software, no matter how immune to viruses you think your computer is. Decent antivirus software can save you a lot of hassle and worry. Don't make the mistake of thinking that just because you have a iMac means that you're impervious to viruses; while they are less of a target, they are still vulnerable to cyber criminals.

4. Take your time thinking of strong passwords to use for important things such as logging into your computer and Smartphone, or looking at sensitive information such as your bank account. This may seem fairly obvious, but the number of people who have their accounts hacked is a warning to you that only the strongest passwords can resist entrance. Try to make your password complicated and understandable only to you, with at least eight symbols or more. You may want your password to be simple and easy to remember, but don't choose anything too obvious or you may come to regret it.

5. Another way to protect yourself from cybercrime is to use different passwords for different accounts. It is not a good idea to use a common password for everything; once a hacker finds out, it will be a relatively simple task to commit crimes like identity theft. If remembering too many passwords proves to be difficult, try to use small variations of the same password.

If you want more information on cybercrime, or if you need to find out more tips to help prevent against it, call the Norton helpline for assistance today.

by Malik korrich ~ mardi 6 août 2013 0 commentaires