More
Home Blog Page 315

This is what Edward Snowden said About Tor Project

By
Avinash A
-
Edward Snowden said About Tor Project

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor Project helps in enabling anonymous communication. The name is an acronym derived from the original software project name The Onion Router.

Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”.Tor’s use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.

Also Read : This New Computer Chip Can Self Destruct In 5 Seconds

What Edward Snowden said about Tor Project

Recently Tor Project interviewed Edward Snowden and comments shows that Snowden is great supporter of Tor. According to Snowden, Tor provides a level of safety, a level of guarantee, to the confidentiality, and in some cases anonymity of human communications. He think this is an incredible thing because it makes us more human. We are at the greatest peace with ourselves when nobody’s watching.

Here is some key excerpts from the Tor interview with Snowden from their official blog:

Tor: What would you say to a non-technical person about why they should support and care about Tor?

Snowden: Tor is a critical technology, not just in terms of privacy protection, but in defense of our publication right — our ability to route around censorship and ensure that when people speak their voices can be heard.

The design of the Tor system is structured in such a way that even if the US Government wanted to subvert it, it couldn’t because it’s a decentralized authority. It’s a volunteer based network. Nobody’s getting paid to run Tor relays — they’re volunteers worldwide. And because of this, it provides a built-in structural defense against abuses and most types of adversaries.

Tor provides a level of safety, a level of guarantee, to the confidentiality, and in some cases anonymity of human communications. I think this is an incredible thing because it makes us more human. We are at the greatest peace with ourselves when nobody’s watching.

Tor: Can you talk about how the world would be different if Tor did not exist?

Snowden: Without Tor, the streets of the Internet become like the streets of a very heavily surveilled city. There are surveillance cameras everywhere, and if the adversary simply takes enough time, they can follow the tapes back and see everything you’ve done.

With Tor, we have private spaces and private lives, where we can choose who we want to associate with and how, without the fear of what that is going to look like if it is abused.

What the Tor network allows is what’s called a mixed routing experience where, due to a voluntary cooperation of peers around the Internet — around the world, across borders, across jurisdictions — you get individuals who are able to share traffic in ways that don’t require them to be able to read the content of it. So you don’t have to trust every participant of the Tor network to know who you are and what you’re looking for.

Tor: Did you know that Tor is run by a non-profit organization?

Snowden: Yes, Tor has been extremely open. Almost everybody who is involved in development has an online presence; they’re involved in online engagement. You can drop into the IRC and talk to these people directly and ask them questions, or criticize them (laughs). It’s a very open and inclusive community, and I think that’s incredibly valuable.

They also have a very rich and well-supported mailing list, which is very helpful for people who want to move beyond being a passive user of Tor and actually start being an active participant in expanding the network, in running a relay node from your home, or even starting to experiment with running an exit, which I think is one of the most interesting parts of the Tor experience.

Also Read : MIT Researchers Developed Untraceable SMS Text Messaging System that’s Even More Secure than Tor

Tor Project

From the interview its clear that first and foremost, the Tor Project isn’t exclusively for cyber criminals. Tor is for everyone who is concerned about privacy. For starters, many Tor users fear their browsing history is possibly being logged. Many sites, including Facebook, sell your browsing history to advertisers. It’s likely those ads on the sides of your social network and email accounts are the product of third-parties buying and analyzing your browsing history without your approval.

It’s common for people to turn to Tor for basic security. Often times Activists and Journalists use the utility to report injustices from enemy territory without being discovered or to better protect their sources.

At times, anonymity is important for safely utilizing basic internet functions. The utility can be an asset for citizens of countries with stringent censorship laws. In some cases, basic information is placed behind a firewall. Tor allows users can anonymously circumvent firewalls and research, say, HIV treatment or access Facebook.

Also Read : Enemies of Internet Freedom – Government Organizations Around the World who Monitor our Online Activities

Are you a Tor user, share your experience with Tor Project ? We’d love to hear from you in the comments!

Google Asked to Remove 558 Million “Pirate” Links from Search Results in 2015

By
Avinash A
-
Google Asked to Remove 558 Million Pirate Links from Search Results in 2015

In recent years copyright holders have overloaded Google with DMCA takedown notices, targeting links to pirated content. The majority of these requests are sent by the music and movie industries, targeting thousands of different websites. In recent years the volume of takedown notices has increased spectacularly and this trend continued in 2015.

Google doesn’t report yearly figures, but according to TorrentFreak, about 558 million of URLs are submitted by copyright holders last year, requesting Google to remove from its search results. For the first time ever the number of reported URLs has surpassed half a billion in a 12-month period. This is an increase of 60 percent compared to last year, when the search engine processed 345 million pirate links.

Also Read : Critical Security Flaw in AVG Chrome Extension Exposes Millions of Users Data

The majority of the links are being removed from the search results. However, Google sometimes takes “no action” if they are deemed not to be infringing or if they have been taken down previously.

Google Asked to Remove 558 Million “Pirate” Links

This year most takedown requests were sent for the domains chomikuj.pl, rapidgator.net and uploaded.net, with more than seven million targeted URLs each. The UK Music industry group BPI is the top copyright holder of 2015, good for more than 65 million reported links.

Google Asked to Remove 558 Million Pirate Links
Image Source : TorrentFreak

Looking at the totals for this year we further see that 329,469 different domain names were targeted by 27,035 copyright holders. Interestingly, these staggering numbers are interpreted differently by Google and various copyright holders.

A few weeks ago Google told the U.S. Intellectual Property Enforcement Coordinator that it has taken various measures to help copyright holders, including swift removals.

Also Read : New Study Claims Merely Visiting Piracy Sites can Place a User’s Computer at Risk

“We process more takedown notices, and faster, than any other search engine,” the search giant commented. “We receive notices for a tiny fraction of everything we host and index, which nonetheless amounts to millions of copyright removal requests per week that are processed, on average, in under six hours.”

The company rejects broader actions, such as the removal of entire domain names, as this would prove counterproductive and lead to overbroad censorship.

Many copyright holders, however, don’t share these concerns. Over the years groups such as the MPAA and RIAA have repeatedly argued that clearly infringing sites should be barred from Google’s index. In addition, they want Google to make sure that pirated content stays down.

While Google believes that the billion reported URLs are a sign that the DMCA takedown process is working properly, rightsholders see it as a signal of an unbeatable game of whack-a-mole.

As this stalemate continues we can expect the number of reported pages to continue to rise in the future, adding millions of new URLs on a daily basis. Perhaps there will be a billion reported pirate links in 2016?

Also Read : PlayStation 4 Hacked to Run Linux

PlayStation 4 Hacked to Run Linux

By
Sabarinath
-
PlayStation 4 Hacked to Run Linux

The PlayStation 4 and Xbox One systems are just PCs, and now hardware hackers have started doing some very cool things with at least one of these systems. Console-hacking group Fail0verflow has cracked the PlayStation 4 and loaded it up with a version of Linux.

This is a big step in the process to get homebrew software running on Sony’s popular console. This also turns the PS4 into a real PC. Sony embraced PC-style architecture for the PS4 after experimenting with exotic chips for its last system. And now that has come full circle to the point where the console is running a desktop computer’s operating system.

But it doesn’t stop with Linux. Fail0verflow also booted up a Game Boy Advance emulator and a modded copy of Pokémon that the group calls the “PlayStation Version.”

Also Read : Researchers from Google Discovered How to Hack a Corporate Network just by Sending an Email

Linux in PlayStation 4

Check out the full demonstration for yourself in the video below:

Also Read : Top High-Profile Hacking Attacks of 2015

The Game Boy emulator is particularly interesting because Fail0verflow actually connected a Game Boy Advance to the PlayStation 4 to serve as the controller. Of course, this is probably not the best way to play your old portable games. But it shows that the hacking group has control of much of the PS4 system.

Getting deep integration with the PS4 means that Fail0verflow has gathered a strong understanding of how the console functions. In the presentation, the group noted that some of the differences between the PS4 and a PC are “crazy” and some are “batshit crazy.” The hackers went on to say that the engineers that work at semiconductor company Marvell Technology Group were “smoking some real good stuff” when they designed the PlayStation 4’s southbridge chip.

Linux on a PlayStation isn’t the craziest thing in the world. Some gamers will remember that the PlayStation 3 launched with a feature called “OtherOS” that enabled anyone to load the system with Linux or other operating systems. Sony eventually removed that, but a community of homebrewers kept it alive on their own. Now, that legacy lives on with the PS4.

Also Read : Microsoft Probably has your Disk Encryption Key in its Server, Here’s How to Take it Back

Father of Debian Linux, Ian Murdock Passed Away

By
TechLog360
-

Founder of the Debian GNU/Linux distribution project, Ian Murdock has died at the age of 42. His death, announced in a blog post by Docker CEO Ben Golub, came after an apparent encounter with police and a statement posted on Murdock’s Twitter feed that he was going to commit suicide, though no cause of his death has been given.

Ian Murdock, born in Germany in 1973, founded Debian in 1993 while studying computer science at Purdue University. The distribution gets its name from the combination of his name and that of his then-girlfriend Deborah Lynn. The pair married, and had two children; they divorced in 2007.

Murdock’s Debian Manifesto railed at the poor software maintenance of other Linux distributions of the time—and that of Softlanding Linux System (SLS) in particular, bemoaning the lack of attention developers gave to distributions and what he saw as the big cash grabs being made by would-be commercial Linux developers. He outlined Debian’s modular architecture approach as well as its adherence to free software philosophy.

After earning his Bachelor of Science from Purdue in 1996, Murdock became Chief Technology Officer of the Linux Foundation. In 2003, he brought his experience with Debian to Sun, where he was Vice President of Emerging Platforms. He led Project Indiana, the effort that created the OpenSolaris operating system, which he described in a 2007 interview as “taking the lesson that Linux has brought to the operating system and providing that for Solaris as well.” But three years later, after Sun was acquired by Oracle, the plug was pulled on OpenSolaris in favor of a new proprietary version.

Simon Phipps, who led the open source effort at Sun alongside Murdock and worked (though at separate times from Murdock) at the Open Source Initiative, where Murdock was founding Secretary, told Ars Murdock “was always energetic, enthusiastic, pragmatic and charming. I and my team [at Sun] appreciated his insight and activity as well as enjoying his company. I’ve been contacting them, and we are all devastated by his untimely loss.”

After the Oracle acquisition, Murdock resigned his position at Sun. In 2011, he went back to Indiana to join the cloud software company ExactTarget as its Vice President of Platform and Developer Community. The company was acquired by Salesforce in 2013 and became Salesforce Marketing Cloud. In November, he left the company to join Docker in San Francisco.

On Monday at 2:13 PM Eastern Time, Murdock apparently posted that he was going to kill himself:

Father of Debian Linux, Ian Murdock Passed Away

His Twitter account had since been deleted. However, at that time, some people speculated that Murdock’s account had been hacked and that the tweets were not by him.

Also on Monday, Murdock wrote a string of posts that indicate he had a confrontation with police. Inquiries to the San Francisco Police Department by Ars went unanswered. Public records indicate Murdock was arrested on December 27, and released on bail by the San Francisco County Sheriff’s Department, but no details were available on the charges.

Golub wrote in his post that “Ian’s family has requested that well-wishers and press respect their privacy and direct all inquiries through Docker.”

Microsoft Probably has your Disk Encryption Key in its Server, Here’s How to Take it Back

By
Sabarinath
-
Disk Encryption Key

Did you recently bought a new Windows 10 PC or have upgraded to the latest version of the Windows OS, chances are your disk encryption key has been uploaded to Microsoft’s servers — which means you’re not 100 percent in control of the privacy of your data.

Since the launch of Windows 8.1, Microsoft is offering disk encryption as a built-in feature for Windows laptops, Windows phones and other devices. The Intercept reports that this is probably the case if you’ve logged in to Windows 10 with your Microsoft account. That’s useful for accessing your hard drive after something’s gone wrong, but it also means that if a hacker gains access to your Microsoft account, they could make a copy of it for misuse.

Also Read : How To Increase Internet Speed In Windows

So What is Disk Encryption ?

Disk encryption is a simplified version of the BitLocker drive encryption that made its debut in Windows Vista in 2006. The full BitLocker requires a Pro or Enterprise edition of Windows, and includes options such as integration with Active Directory, support for encrypting removable media, and the use of passwords or USB keys to unlock the encrypted disk.

Disk encryption is more restricted. It only supports internal system drives, and it requires the use of Secure Boot, Trusted Platform Module 2.0 (TPM), and Connected Standby-capable hardware. This is because Disk encryption is designed to be automatic; it uses the TPM to store the password used to decrypt the disk, and it uses Secure Boot to ensure that nothing has tampered with the system to compromise that password.

The final constraint for Disk encryption is that you must sign in to Windows with a Microsoft account or a Windows domain account to turn it on. This is because full disk encryption opens the door to all kinds of new data loss opportunities. If, for example, you have your system’s motherboard replaced due to a hardware problem, then you will lose access to the disk, because the decryption keys needed to read the disk are stored in the motherboard-mounted TPM. Some disk encryption users may feel that this is a price worth paying for security, but for an automatic feature such as device encryption, it’s an undesirable risk.

Also Read : InFocus Kangaroo Launched As World’s Smallest Windows 10 PC

How to Remove Disk Encryption Key from Microsoft Account ?

Although there’s no way to prevent a new Windows powered computer from uploading the disk encryption key at the very first time you log into your Microsoft account, you can delete the existing encryption key from your Microsoft account and generate a new one.

Follow the below steps to remove disk encryption key from your Microsoft account :

• Open recovery key page in OneDrive and log in with your Microsoft Account

• You will find list of recovery keys backed up to your Microsoft Account. If you don’t see any recovery keys, then you either don’t have an encrypted disk, or Microsoft doesn’t have a copy of your recovery key. This might be the case if you’re using BitLocker and didn’t upload your recovery key when you first turned it on.If you have recovery key, take a backup (screenshot) of it locally and now go ahead and delete your recovery key from Microsoft Account.

Generate a New Disk Encryption Key Without Giving a Copy to Microsoft

Also Read : Mozilla Finally Introduced 64-Bit Firefox for Windows

In order to generate a new disk encryption key, this time without giving a copy to Microsoft, you need decrypt your whole hard disk and then re-encrypt it, but this time in such a way that you’ll actually get asked how you want to backup your recovery key.

• So first go to Start, type “Bitlocker”, and click “Manage BitLocker”.

• Click “Turn off BitLocker” and it will decrypt your disk.

• Once done, Click “Turn on BitLocker” again.

• Now Windows will ask you: How you want to backup your Recovery Key. Make sure to DO NOT Choose “Save to your Microsoft Account”. If you choose to save it to a file, it will make you save it onto a disk that you’re not currently encrypting, such as a USB stick. Or you can choose to print it and keep a hard copy.

Disk Encryption Key

• On the next page it will ask you if you want to encrypt used disk space only (faster) or encrypt your entire disk including empty space (slower). If you want to be on the safe side, choose the latter. Then on the next page it will ask you if you wish to run the BitLocker system check, which you should probably do.

• Finally, it will make you reboot your computer

When you boot back up your hard disk will be encrypting in the background. At this point you can check your Microsoft account again to see if Windows uploaded your recovery key – it shouldn’t have.

Now just wait for your disk to finish encrypting. Congratulations: Your disk is encrypted and Microsoft no longer has the ability to unlock it.

This is only possible if you have Windows Pro or Enterprise. Unfortunately, the only thing you can do if you have the Home edition is upgrade to a more expensive edition or use non-Microsoft disk encryption software.

Also Read : Microsoft Joint Hands with a Chinese Partner to Accelerate Adoption of the Windows 10 Operating System

Did you follow above mentioned steps, if not do now? Have any doubts during process feel free to comment!

Researchers from Google Discovered How to Hack a Corporate Network just by Sending an Email

By
Avinash A
-
FireEye Hack a Corporate Network just by Sending an Email

What if, with a single email, an attacker could monitor all traffic on a supposedly protected network?

Researchers from Google’s Project Zero found, and silently reported, a bug in FireEye security software that allowed attackers to do just that. No, it’s a not a phishing scam. No one had to actually open the email. Just sending it was enough.

Also Read : The Anatomy Of A Data Breach

FireEye offers devices that scan all traffic flowing through a company’s network. If malware is detected in any transfer, the device intercepts the file and removes the malware.

Project Zero demonstrated they could use this constant screening process against the software, turning it from a security feature into a bug that monitors all Internet traffic inside the company. Google employee Tavis Ormandy outlined the process in a blog post.

“For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,” wrote Ormandy, adding that such an exploit could let hackers passively monitor all traffic on a company’s network. He then outlined an exploit that does exactly that.

Also Read : What Is DDoS Attacks And How Does It Works ?

Read the entire post if you’re technically inclined — everything is laid out in detail. But don’t worry, FireEye has been notified of the problem, and given a chance to fix it before Google published the exploit for the entire world to read.

Google’s Project Zero team is charged with discovering, documenting, and silently reporting zero day exploits before malicious hackers do. The team researches not only potential security issues in Google services, but any software used by large groups of people.

When the team discovers a flaw in another company’s software, they report it silently so that patches can be developed and released. It’s only after everything is fixed that they make their discoveries public — or 90 days, whichever comes first. The team caused controversy in 2014, when Microsoft did not fix an exploit in Windows 8 within the 90-day Window.

Also Read : What Is SQL Injection Attack And How Does It Works ?

Anonymous Brought Down 400,000 Turkish Websites As Part Of War Against ISIS

By
Avinash A
-
Anonymous Brought Down Turkish Websites

Turkey is reeling under a massive cyberattack purportedly carried out by the hacktivist group Anonymous. The targets of the attacks include the websites of the government and banks. According to official page of hacker group, Anonymous brought down about 400,000 Turkish websites as part of war against ISIS.

According to local media, the Anonymous hacking group posted a message saying it would continue to attack Turkey for “supporting the Islamic State by buying their oil and tending to their injured fighters.”

Anonymous recently ‘went to war’ with ISIS after the horrific terrorist attacks in Paris, which left 130 people dead.

Also Read : The Anatomy Of A Data Breach

Anonymous Brought Down 400,000 Turkish Websites

The two-week-long cyber campaign intensified over Christmas as scores of financial and state-run sites were experiencing distributed denial of service (DDoS) attacks resulting in crippling of transactions. Nic.tr, a non-governmental organisation that administers addresses for websites using the “tr” domain, said Thursday that the attack appeared to be from “organised sources” outside Turkey. The domain is used by websites belonging to Turkish ministries, commercial enterprises and banks. The attack has seriously disrupted the banking sector.

Anonymous Official Press Release To Turkish Government Leaders

“As many of you have heard, Turkey is supporting Daesh [Isis] by buying oil from them and hospitalizing their fighters.”

“We won’t accept that Erdogan, the leader of Turkey, will help Isis any longer. The news media has already stated that Turkey’s internet has been the victim of massive DDoS attacks.”

“Dear Government of Turkey, if you don’t stop supporting Isis, we will continue attacking your internet, your root DNS [the foundation of Turkey’s internet], your banks and take your government sites down.

After the root DNS we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure.”

“Stop this insanity now, Turkey. Your fate is in your hands.”

Also Read : What Is SQL Injection Attack And How Does It Works ?

Anonymous group released a video claiming that they brought down the servers because of Turkey’s alleged ties with the Islamic State (Isis). Local media reports said leading banks such as Isbank, Garanti and Ziraat Bank were among the targets.

https://youtu.be/EdgLA3ICvuc

Turkish servers were bombarded for more than a week earlier this month, in what’s being called some of the most intense cyberattacks in the history of the country. The government was eventually forced to cut off all foreign internet traffic coming to ‘.tr’ websites – Turkey’s domain – to help stop the assault, according to Radware.

Turkey has been under fire in recent months for failing to actively stop ISIS, especially given the geographic proximity to Syria and Iraq. President Obama has put pressure on the country to secure their border with Syria, and U.S. officials have expressed frustration that Turkey has not stopped extremists smuggling oil.

Also Read : What Is XSS Attacks And How Does It Works ?

Researchers Claims GOTPass System – Images and Patterns as Passwords Holds Up Well Against Hacks

By
Avinash A
-
GOTPass System

Researchers at Plymouth University have devised a new password input method called GOTPass system, that they believe could improve security and could be effective in protecting personal online information from hackers.

GOTPass system combines patterns, imagery, and one-time passcode to create a system that it’s hoped would be both more secure and easier to remember than traditional passwords. It will also reduce the cost for banks or companies where they might need to implement hardware systems, and also more convenient for customers who might no longer need to bring around.

Also Read : Google Says its Quantum Computer is More Than 100 Million Times Faster Than a Conventional PC

“In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that. This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability.” —  said by Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study

How does GOTPass System Work?

GOTPass System

To set up the GOTPass system, users would have to choose a unique username and draw any shape on a 4×4 unlock pattern, similar to that already used on mobile devices. They will then be assigned four random themes, being prompted to select one image from 30 in each.

Also Read : Researchers Developed First Light-Based Microprocessor Chip to Create More Powerful Computers & Ultrafast Communications

When they subsequently log in to their account, the user would enter their username and draw the pattern lock, with the next screen containing a series of 16 images, among which are two of their selected images, six associated distractors and eight random decoys.

Correctly identifying the two images would lead to the generated eight-digit random code located on the top or left edges of the login panel which the user would then need to type in to gain access to their information.

It all sounds horribly complicated, but initial tests have shown the system to be easy to remember for users, while security analysis showed just eight of the 690 attempted hacking were genuinely successful, with a further 15 achieved through coincidence.

Researchers say the system would be applicable for online banking and other such services, where users with several accounts would struggle to carry around multiple devices, to gain access. And they are now planning further tests to test its efficacy and usability.

Also Read : Difference Between File System NTFS, FAT32, and exFAT

So what do you think about GOTPass system, do they provide a new layer of security without password? We’d love to hear from you in the comments!

1...314315316...328Page 315 of 328

© 2025 Copyright - TechLog360