What is Computer Exploit? Tips to Keep You Safe in 2019

A computer exploit usually refers to vulnerability on software through which hackers can gain access to data. Usually, users are not even aware that such vulnerabilities exist and this puts them in a very precarious position. The problem is generally fixed by the developers, and they avail the safer software through updates. It is therefore incumbent upon the user to install updates to their software as soon as they are released.

As a safe measure, avoid downloading attachments from suspicious sources as they might just be what the hackers need to access your data. It is only by being vigilant and staying up to date that you can protect your data from unwanted access. You will also do yourself a great favor by installing a premium anti-virus program on your devices as it will keep the hackers at bay. Be sure to visit www.norton.com/setup for more information on how to go about this.

What is Identity Theft? How to Protect Yourself in 2019

Identity theft is one of the most downplayed yet incredibly risky threats to your data security. As can be inferred from the name, it involves  impersonation. Usually the hacker or criminal will gain your personal data and use it for their own financial gain. They can use your passwords to gain access to your accounts,  and then proceed to make purchases or borrow loans in your name.

Signs that you may be a victim of identity fraud include strange purchases made in your name, inexplicable transactions carried out using your cards or even not getting your bills when you should. Identity theft can indeed have far reaching financial consequences.

To protect yourself, make sure that all your cards and accounts are protected using passwords, preferably different passwords for different accounts. Additionally, steer clear of shady websites, and never give out your passwords or PINs under any circumstances. Ensure that your devices are properly protected from unwanted access using superior quality software. Finally, always carry few cards with you so that you know when one is missing

What is Spoofing? How to Mitigate Under the Radar Threats

Spoofing refers to impersonation by a hacker of another website or device on a network. They will often pick a device or website that you trust, which means that you are more likely to divulge sensitive information without raising an eyebrow. Usually, spoofing involves emails, IPs and DNS.

The only way to spot spoofing is by being very keen. If you get an email from a source you trust, but the email asks for very sensitive information, you need to be very wary before you respond. The same also goes for websites that you trust-if the site starts behaving strangely, then you need to be on your guard. Make use of quality software to protect your information as well.

How to Remove Mobile Malware and Keep Your Device Protected in 2019

Mobile malware can be frustrating to say the least. The virus can be in a file or you might have a whole app corrupted. The tell-tale signs of mobile malware include slow performance and a fast- draining battery. They both occur due to the programs working in the background thus consuming a lot of charge and tying up other processes. You might also notice strange pop- ups in your device and mysterious increase in storage consumption. All of these often point to a device infested with a virus.

To protect yourself, you would be well advised to install high- quality anti- virus software. This will ensure that your phone is protected from malicious software at all times. Additionally, avoid visiting questionable sites and only install applications from reputable sources.

Stress and Burnout Takes its Toll on the Security Industry

At the moment it is possible to get employees who are suffering from daily stress in the sector where burnout is overlooked, common and unluckily receives a reward.

If you are the person working on the security of the computer and think over the hurdles put by attackers, then you truly comprehend what you are facing. Although you work to ensure the safety of your organization from vicious attackers, in most cases you may fail to get awareness of another deadly threat that is hiding behind the shadows: Stress.

Corman Josh, who is the principal security officer at the PTC and a computer services and software developer based in Boston, says that a lot of attention is given to ensuring a threat-proof security strategy and less of it on the security personnel.

This topic is one that Josh understands from primary experience. In the recent RSAC conference of 2019, Corman gave personal and factual information about the impact of stress as well as the burnout that it creates. From his experience, Corman has seen most of his workmates and friends plummet as professionals and as people under the burden of long-term and mounting stress. He has also seen organizations rewarding employees who work with zest and vigor, and they later only label them as a liability when they no longer have something to offer.

He even recalls the going to the Las Vegas industry conference, where he inquired from various people if they have encountered stress or burn out during their work. It got him by surprise when most of them gave admissions of attempting suicide, abuse of drugs and alcohol and regret on giving work more attention than the family events.

On the same note, Corman argued that there is a change in attitude when the stress gets to the point where the workers begin to treat one another with rising negativity. Although the organization may want to employ other security personnel, a lot of people fall short because of the stress that accompanies the job. This problem makes the company remain stagnant in terms of progress.

Corman gave the possibility of the demanding tech industry doing itself a double favor; if competitiveness surpassed empathy as the general regulation; he gave a suggestion, could it also not culminate to a more powerful industry? Dr. Maslach Christiana gave some statistical details to second Corman’s notion. Dr. Maslach is a professor of Berkeley psychology and the Maslach Burnout Inventory creator, which is an instrument that is most functional in measuring burnout.

Stress Daily Dose

Maslach extracted the name “burnout” from the individuals that she talked to when discussing stress and their problems. Maslach explains that Burnout happens as a result of severe stressors. She adds that these stressors do include not only the emergencies and crises but also the stuff that siphons away life’s goodness with time.

  1. Exhaustion- This condition is a response to stress due to various projects placed for a person, and there is a limited amount of resources.
  2. Cynicism- to possess negative energy and to feel hostile towards the job and everyone who works there. This condition where the heart grows cold has some consequences which may culminate to missing work, mental health complications and poor performance. People who have become chronic cynicism will attack each other, giving room to toxicity that limits everyone’s success.
  3. Perceived self-Efficiency- when you fail to reinforce the confidence that you are good at this, it culminates to a feeling of uselessness and starting regretting why you took the job in first place. You will never feel competent or confident in your work atmosphere.

Besides the three areas of measurement, Maslach gives a talk to the people who doubt if the jobs they are occupying suits them best. She explains six imminent imbalances or mismatches:

  1. Workload- could there a mistake in resource expectation?
  2. Autonomy- do you the permission of discretion and a say on the way the doing the job?
  3. Reward- are you offered recognition or social reward? (in most cases more motivating than cash rewards?
  4. Community- do you have a supportive work environment or is there conflicts such as bullying?
  5. Fairness- are the operations there done in impartially for instance who gets a raise, promotion or perfect space in the office? The workplace has to be fair for all the staff working there.
  6. Values- does your place of work and its environment offer a sense of purpose, meaning and value to your life?

Maslach has received questions on whether it is an individual who causes the burnout and she refuses. In most cases, the corporate response is to blame the individual for the burnout. She requires a better diet, try meditation, better sleep, toughens up or exercises more- nonetheless it is the environment that needs to change.

Corman states that we should alter the tone of speaking to one another. Maslach admits that there is a presence o fear culture in the organizations where employees are afraid of saying no or showing some weakness.

Moreover, when employees look for help, they get ignored. The negativity and toxicity are responsible for the destruction of communication. This communication boosts our growth in life and as people. The counsel from Maslach and Corman about what organizations and employees should do is to keep away from burn out. Burnout occurs due to cynicism, exhaustion and low self-efficacy. The ideal area for a business to focus on is the toxicity which thrives in the fear culture. Aim at the way people communicate with each other.

In his place of work, Corman concluded that getting rid of the toxicity gave birth to fixes of imbalance that lead to burnout. Rather than developing a diversity initiative, a business should develop an empathy initiative. People perform in workplaces that are safe and have an honest culture. The workers will work hard to improve the organization’s bottom line as well as industry presence since they would like to secure their place of work.

For your issues on getting malware attacks and other attacks, you should try norton.com/setup or the www.norton.com/setup.

Several Cryptojacking Apps Found on Microsoft Store

Among the latest discoveries of the Symantec are the eight apps on the Microsoft that have been really found to have the capacity to mine the Monero even without the user’s authority or knowledge! The potentially unwanted applications commonly known as the PUAS was discovered on the 17th date of January. These potentially unwanted applications are actually contained in the store that belongs to microsoft and they actually utilize the users CPU power to mine the Cryptocurrency. After being reported to Microsoft, it was actually scrapped from the store.

The applications actually included those which can be used by the computer and also the battery optimization tutorial, the web browsers and the internet search. Others include video viewing and download apps. They are believed to originate from three developers. The developers are the DigiDream, 1Clean and also the Findoo. The 8 applications from these developers were actually found out to contain some characteristics that may really poss risk. Further investigations showed that there are chances that it was developed by the same manufacturer or group

What really makes them popular is the fact that they appear in the top list of the Microsoft store as the free apps. It can also be found through the keyword search.The applications can actually run on the windows 10 such as the windows 10 S mode.

This application will really begin their process when they have been downloaded after which it is launched.They actually fetch a JavaScript that can mine coin actually initiating the application called the GTM in the servers contained in their domain. This process then gets initiated and the mining script starts using the computer’s cycles in the CPU to mine coins for the operators. What really makes these applications questionable is the fact that they appear to have well-defined privacy policies but they actually fail to include the coin mining process on their descriptions.

The records have it that the apps were actually published on 2018 between the months of April and December meaning that it has received a lot of views. These apps have been in the apps store meaning that majority may have downloaded them. The reviews also as per December 2018 showed that it had over 1900 ratings but this really cannot be used to find the right number of the download frequency since it has actually be proven to exist criteria where the ratings are fraudulently inflated. The exact number of users who may have downloaded the app may really not be accurately established.

Mining script

The manifest file where the apps’ domains are hard coded is shown below;

When each app is actually launched, there is really an unauthorized silent visit of the domain where it really triggers the GTM. the GTM is triggered using the GTM keys PRFLJPX which is then distributed in the 8 applications.actualy GTM is really a legitimate tool that makes it possible for the developers to have the Javascript dynamically injected into their applications. Notably, this GTM app has been sometimes abused by the users so as to hide the behaviors that are really malicious and risky! For instance, the link to the JavaScript that’s often stored in the GTM actually doesn’t indicate the function of the code that’s is triggered when its launched. The link is (https://www.googletagmanager.com/gtm.js?id={GTM ID} )

After effective monitoring of all the traffic that is generated from these applications, it was really established to connect to one location that is actually known for its coin mining activities. This remote location is;
http://statdynamic.com/lib/crypta.js

When they have launched the apps it will then access their own GTM and, therefore, activate the mining script. When the crypta.js which is actually an encrypted library was decoded it was actually established to be a version of a coinhive library that actually mines the monero. Many reports have really shown that the coin has have been fraudulently used by tas a crypto jacking agent even without the knowledge of the visitors since its launching date on September 2107!

The miners’ activation source code was also investigated and it was actually established that the miner was actually working with the key da8c1ffb984d0c24acc5f8b966d6f218fc3ca6bda661 which is actually a defined wallet for the coin hive.

The apps are actually categorized under the progressive web applications which are often installed as the part of the Windows 10 apps that will actually run independently from the browser in a window that’s really a standalone type.

Shared domain name servers the master servers for each an every app was actually found from the apps’ network traffic. It was actually established through a “who is” a query that all these servers do really have a likely common origin. This really proved the allegation that the apps might have been really having the same origin or they were actually born from the same manufacturer. They may have really been published by the same manufacturer who may have only varied the names!

After the reports were made to the Microsoft and also the google about the misbehavior of his apps, the Microsoft has really taken action and they have removed the applications from the store. The action has also been taken towards the mining JavaScript and has been actually removed from the google tag manager.

Mitigation’s

These are the precautions you should really take to stay safe from the online threats;

  •  Start by updating your software
  • Always cease from downloading the apps from the unrecognized sources
  • Ensure that the apps that you install are from the trusted suppliers
  • Be keen on the permissions that your app will always request you
  • Always be concerned with the CPU and the memory of your device
  • Ensure that a safety app is installed. You can really pick the norton.com/setup from the link; www.norton.com/setup or even the Symantec endpoint protection for the best security of your device.
  • Ensure you make the frequent backups of the data that you really think is important

For security

Ensure that you choose the Symantec and also the Norton.com /setup since their products and the apps are really the best following their best abilities to detect the Javascript cryptocurrency miner and the apps that may be unsuitable such as the

  • PUA downloader
  • Miner .jswebcoin

Build a Blockchain PoC Application using Hyperledger Fabric

This piece of experience written by Don li in creating a blockchain PoC application for land and title recording on blockchain leveraging Hyperledger Fabric (HF) blockchain platform. It may benefit those who just got started on HF or intend to learn it and for those who are already experienced in HF it may offer another equally viable option.

See what he saying about it.

[”

Let us first set up our goal and then see how we can achieve it.

Here our goal is to create a web application for recording house transactions (buying and selling houses) on a small permissioned blockchain and for being able to search for them. And we’ve decided to use Hyperledger Fabric platform to do the job.

At the end of the day, we want this application look like below (with terse explanation unless self explanatory).

Our first screen is the web application’s Login page with background of Hyperledger Fabric api service debugging output:

The following screen is the web application’s Login page (continued). Login uses two factor authentication process.

The following screen is the application’s main screen, which lists two core functions of “add transaction” and “search for them”. “]

For more visit medium for better reading

How to get HTTPS working on your local development environment in less then 10 minutes

This information shared by Daksh on Medium about the https installation on local development environment.

See what he is saying:

[“   Almost any website you visit today is protected by HTTPS. If yours isn’t yet, it should be. Securing your server with HTTPS also means that you can’t send requests to this server from one that isn’t protected by HTTPS. This poses a problem for developers who use a local development environment because all of them run on http://localhost out-of-the-box.

At the startup I’m a part of, we decided to secure our AWS Elastic Load Balancer endpoints with HTTPS as part of a move to enhance security. I ran into a situation where my local development environment’s requests to the server started getting rejected.

A quick Google search later, I found several articles like thisthis or this onewith detailed instructions on how I could implement HTTPS on localhost. None of these instructions seemed to work even after I followed them religiously. Chrome always threw a NET::ERR_CERT_COMMON_NAME_INVALID error at me.

The problem

All the detailed instructions I had found were correct for the time they were written. Not anymore.

After a ton of Googling, I discovered that the reason for my local certificate getting rejected was that Chrome had deprecated support for commonName matching in certificates, in effect, requiring a subjectAltName since January 2017. “]

Check Medium for more detail

Security: Your Phone Is Listening To Your Conversations

This Conversation of a boy with her ex girlfriend posted on medium.

Please read and analyse what we are facing nowadays:

“I haven’t spoken to her in years,” he said. “Have no contact with her — no clue if she’s even alive.”

“You’ve never Googled her or looked her up on Facebook?” I asked.

“Nah, never,” he said. “I don’t do stuff like that. Don’t care enough to.”

The conversation went on. There was the Facebook data breach in the news and movies we’d recently seen — one of them was Snowden.

“That movie scared the shit out of me,” he said. “I had no idea the level at which these agencies were tracking us.”

“It’s not just the government,” I said. “It’s every website you visit. It’s your phone, your computer, anything that you log on to — once you’ve got some kind of digital footprint, you’re fucked.”

“I don’t mind that so much,” he said. “You want to sell me things? Fine. I’m a consumer. If you want to target ads at me, that’s great. Now I don’t have to look at things I don’t like.”

“The phone is listening to you too,” I said. “It hears everything. You’ve never mentioned a place in passing and then randomly started seeing mobile ads for that place? I certainly have.”

“Maybe,” he said. “But I’ve never noticed.”

We parted ways — not before I told him to look into encrypting everything — and when I woke up the next day, there was a text message waiting for me.

“You were right,” my brother wrote. “This morning, there was a LinkedIn notification on my phone — ‘people you may know’ — and whose name do I see? My ex-girlfriend. Haven’t thought about this woman in years. Years!”

“Told you,” I texted back. “The phone is listening. It always is.”

“Scary,” he wrote. “Super fucking scary.”

“It’s stalking you,” I said. “The phone is stalking you.”

Please Refer Medium for Original

S3 Security and Privacy; What is Old Is New Again

There had been a lot of untrue facts about the insecurity of the S3 system in the recent past with a claim of a massive data breach! Is it really true that  there are insecurity issues with the S3 bucket? Is it really not possible for Amazon to fix this? The truth is, everything is really fine with S3 security. It’s also important to note that the S3 is really not synonymous with  Amazon like it is assumed to be by other consumers! S3 is really open to other corporations and they can run the S3 compatible servers in their LAN networks. It’s actually not fixed to Amazon alone.

S3 is actually an amazing technology that simply stands for a simple storage service. This service does really has some roles. It’s a system that really deals with the data storage, transmission and the retrieval of such
data. The implementation of the S3 system is also very simple and has allowed the developers to have full access to the unlimited storage capabilities in all the hybrids and the traditional clouds using the scripts and other methods. S3 system does run well with all the S3 compatible servers and has really made it possible to move the data faster to other resources making them available in even variety of applications! In simple
terms, S3 can really ingest the data in its system and then applications can easily access them from the S3 and move them into their respective servers.

What is Open S3 Bucket?

With that little information about the S3 system, it’s really important to get some facts about the Open S3 bucket. There is a lot of allegations in the news that do really postulates about the massive data insecurities
associated with the S3 system. Notably, the open S3 bucket can be defined as an open location that’s actually accessible to all the users and may not really seek the authentication. The permissions are actually set for public use. Notably, in some recent years, this open S3 buckets was actually in a corporate LAN which was actually not easily accessed following its limited access plan. But the Open S3 buckets are actually available to all the internet users.

How is the Open S3 Bucket accessible on the internet?

The open S3 buckets actually have few locations and can be actually found using the following criteria;

  • You can use the search engines since this search engine has a capacity to discover the S3 buckets since they index the contents of the S3 bucket making them reachable. You can actually use the
    http(s)://buckets.grayhatwarfare.com since their services are really effective and you can always upgrade to a modern version.
  • You can also clone your website. Here it entails copying the companies details to the hackers’ local disk. This will enable the hackers to check through the links to the documents and any other resource that exist in
    the S3 servers.
  • You can also use a modernized technique which is famously known as the Brute force attack on the S3 buckets in much of any kind of the directories that are actually not protected. For example, entering a site with a forward slash and a name is a brute force attack that will actually try fetching information from many directories!

Having known what S3 is and also some few techniques that the hackers are actually using so as to easily access the S3 buckets, it’s really important to learn some tips that will actually improve the security of the S3 and therefore minimize the allegations of the S3 insecurities as portrayed in the news! Norton.com/ setup can really help you easily achieve the security options that you are actually in need for and they can do it for all
your devises including even your smartphone!

The steps here are really very essential and will actually protect your company. It’s actually the application of the old techniques to safeguard the data! remember the lessons that was actually learned about the S3 security in the past are still applicable ven at this present times! nothing has really changed.

  1. Ensure that your company offers fewer access privileges for the performance of the S3 tasks especially when using the secret key combo keys. your key combos should really minimize the S3 tasks performance
    privileges.
  2. Caution needs to be taken always when dealing with the scripts. You need to have a clear reason to use the scripts and when the decision is arrived at making the correct directories and also don’t fail to change the resource permissions. Also, ensure that the scripts are well checked since anything poorly written text can lead to it being transferred to the open S3 buckets hence exposing them to risk.
  3. Every bucket created has its own defined purpose. Ensure that every bucket serves its purpose and use it appropriately for what it was created for. Always be cautious when dealing with buckets. For instance, if the
    bucket was closed and you now want to expose it to be public, then ensure that you move that bucket to a newly created bucket!
  4. Be cautious when uploading the web or the varieties of the repository types that will interact with the S3 buckets. The brute force scripts could be modified to target your company activities by using the naming
    schema hence calls upon the need for caution when dealing with this activity.
  5. You can also add more security by encrypting data before you send them to the S3 files. It’s actually an added security advantage for your data and you really won’t be vulnerable to issues of the security breaches.

Don’t allow your data or your company data to be leaked through the S3. Take the relevant approaches and safeguard your data security. Data security and privacy options are still the same and have really not
changed. The rules can be universally applied. Norton .com/setup are the experts here. click to www.norton.com /setup for the best security for your data can be actually extended to all your devices!