About:

Quote:Soft Organizer lets you completely detect, uninstall, and remove traces of programs, while checking for new program versions automatically. With Soft Organizer, you’ll not only be able to cleanly remove programs installed prior to Soft Organizer, you’ll be able to install new programs going forward while recording all system changes, to empower complete and total uninstalls

Strong and secure file compressor for text, multimedia and raw data.


Giveaway link:
http://www.giveawayoftheday.com/bulkzip-...sor-7-5-4/


About 23 Hours,35 Minutes

It may look as a good idea now, but there are some downsides

MasterCard is moving a pilot program into the next stage and has decided to allow users to authenticate and authorize payments using biometrics instead of a classic PIN.

Launched last year in June, MasterCard's pilot program was only available for people in the Netherlands and the US and allowed users to pay for goods using four new distinct techniques.

Innovative payments pilot program to expand to more countries

To enter the program, users had to install a special MasterCard app on their smartphones or use one of the MasterCard-issued wristbands.

With these tools, users had the option of authorizing payments by taking a selfie (face recognition), placing a finger on their phone's camera (fingerprint recognition), speaking a code (voice recognition), or by measuring their cardiac rhythm (via the wristband).

At the Mobile World Congress held in Barcelona these days, MasterCard has announced that, starting this summer, these payment options and the pilot program will be expanded to more countries.

The country list includes the UK, Belgium, Spain, Italy, France, Germany, Switzerland, Norway, Sweden, Finland, Denmark, and Canada, which will join the previous countries, the US and the Netherlands.

Are selfie-approved payments safe?

MasterCard says that the new biometrics-based payments service was created to ensure and keep user data safe. The company says that no selfies, voice commands or fingerprints are sent to its servers for storage and that the mobile app transforms everything into ones and zeros.

Only this code is sent to MasterCard's servers, and it will be processed and analyzed for similarities to the user's default biometrics.

Security experts aren't really looking forward to biometrics-based payment verification systems. While passwords and PINs can be changed once compromised in a data breach, once biometrics data has been lost, the user may find it hard to change their face or voice just for the sake of their bank account's safety.

Source

Redmond also ships new Redstone build for PC insiders

Microsoft has just released a new Windows 10 Mobile Redstone build for new Lumia devices participating in the Insider program, but the company took everyone by surprise and also shipped a PC build too.

Aimed at insiders who are enrolled in the fast ring, the new Windows 10 build for PCs is all about bug fixing and performance improvements and Gabe Aul, the head of the Windows Insider program, says that getting as much feedback as possible is critical at this point.

Redstone is the next big update for Windows 10 coming in mid-2015 and that’s why Microsoft is pushing so hard for feedback, as fixing bugs at this point is essential before the development team starts work on new features.

Bug fixes and known issues

Windows 10 Redstone build 14271 is thus fixing the majority of major issues reported in the previous release (you can check the full changelog in the box after the jump), including a bug causing the accent color not to change when the slideshow option is enabled on the desktop. We’ve had this bug on one of our PCs here at Softpedia and it was really annoying, especially if you like to tweak the look of your desktop regularly.

Additionally, this build brings updates for the music control icons shown in taskbar previews in music apps, including Groove Music, with Microsoft claiming that they should now look more crisp and cleaner at higher resolutions.

Needless to say, there are also some known issues, including one causing a number of PCs to freeze or get a BSOD when resuming from hibernation. The only workaround available at this point is to completely disable hibernation, Microsoft says, but a patch is expected to be included in the next build.

Keep in mind that this build is only available for the fast ring, so bugs like this are something to be expected at this point. Microsoft still recommends those who don’t want to spend too much time diagnosing bugs to switch to the slow ring.

Source

Dell, Microsoft, Lenovo, Logitech devices affected

Vulnerabilities in USB dongles used for wireless mouse and keyboard peripherals can allow an attacker to take control over a victim's computer and carry out malicious actions.

This attack currently affects mice and keyboards sold by companies like AmazonBasics, Dell, Gigabyte, HP, Lenovo, Logitech, and Microsoft.

Only Logitech has issued a firmware update to protect their dongles against this type of attack. The other companies have been made aware of the problem and are working on a fix.

MouseJack attack relies on faulty USB dongles

The attack, codenamed MouseJack, was discovered by IoT security firm Bastille, who found a flaw in how a wireless mouse/keyboard talks to its dongle.

By default, vendors foresaw issues with wireless input equipment and protected communications between the computer and the wireless device using encryption.

Bastille researchers discovered that the USB dongle does not create unique pairings between the computer and its device. This means that an attacker could also use another similar device with the victim's dongle.

In theory, this should have been impossible because of the encryption that made sure that a mouse/keyboard without the proper key could not have connected to a dongle.

MouseJack attack can install malware in seconds from up to 100 meters away

Bastille found out that particular devices did not enforce this policy and accepted unencrypted commands from other mice/keyboards. Attackers could take control over the mouse's movements or the keyboard's input, manually or with automated attacks.

Researchers put together a Python script that could automate their attack in a matter of seconds, more than enough in many enterprise scenarios where an employee goes to get a cup of coffee or glass of water from the office kitchen.

During this time, attackers can install malware on the victim's computer, from a distance of up to 100 meters (330 feet) away.

Technical details regarding the attack, along with a list of affected devices can be found on Bastille's MouseJack website.

Source

“We’re working with Kaspersky on a fix,” Microsoft says

Microsoft has just released a new preview build of Windows 10 Redstone and while the majority of fast ring insiders will rush to install it, there’s one very important thing to have in mind when doing so.

Kaspersky’s security software isn’t working on this particular build because of a bug and Gabe Aul, head of the Windows Insider program, confirmed this today, adding that there’s absolutely no workaround available at this moment.

“If you have Kaspersky Anti-Virus, Internet Security, or the Kaspersky Total Security Suite installed on your PC there is a known driver bug that prevents these programs from working as expected in builds from the Development Branch,” Aul explained, emphasizing that this is the kind of bug that has to be expected in an early build that’s only available to insiders opting for the fastest release.

Just switch to Windows Defender

Furthermore, Aul revealed that the Windows development team is already working with Kaspersky engineers on a fix, but for the moment, turning to a different security product is the safest way to go.

“We are partnering with Kaspersky to fix this issue for a future release, but at this time there are no known workarounds. While this issue is present, we recommend using Windows Defender or another third party anti-virus product of your choice to remain protected,” Aul said.

Windows 10 Redstone build 14271 is part of the development branch, so it’s only released to users who want to try out the latest builds compiled by Microsoft. Versions that are included in this branch are usually very buggy and this is one of the reasons why Redmond recommends users to switch to the slow ring if they don’t want to mess with critical issues that could significantly impact performance, reliability, or security.

And certainly, this bug is living proof that builds that are part of the insider program are not intended to be used on main PCs, a thing that lots of users out there are already doing.

Source

Porn Clicker Trojan strikes again, this time worse than ever

Yet again ESET researchers have found clickjacking malware in Android applications that managed to squeeze by Google's highly lauded app screening process and made their way on the official Play Store.

This particular issue is nothing new, neither to ESET or Google. Something similarly has happened three different times last year, first in April, then May, and then again in July.

Porn Clicker Trojan at the core of the issue

At the core of the issue is a malware family which the developers have named Porn Clicker Trojan. The reason behind this name is because of its behavior.
The trojan works by opening an invisible browser window and clicking on ads on pornographic websites. It does this every minute or so.

Because it does not steal any user data, log user behavior, or sends credentials to remote servers, many security firms have deemed this malware to be inoffensive since it's focused mainly on monetary gains for its operator without causing damage to the user.

Of course, there can be some cases where a user that leaves his mobile carrier Internet connection on, could see a higher bill the following month as the trojan loads and reloads smut websites in the background.

Ten new Porn Clicker-infected apps added to Play Store each week

The Porn Clicker Trojan is usually distributed as apps cloned after popular apps or free versions of commercial Android games. These apps are distributed via third-party app stores, but also via Google's Play Store.

During its most recent wave of infections, ESET's Lukas Stefanko says that the trojan's mode of operation has changed only slightly.

The trojan's new feature is a scanning function that searches the user's device for security and antivirus products. If it finds such tools, the trojan will not execute. This may also explain how the trojan passed Google's app review process.

"On average, ten new porn clickers a week bypassed Google’s security checks during this campaign," the ESET team notes. "To get a sense of the scale, porn clickers on Google Play have on average, been downloaded 3600 times each."

ESET has published the list of apps it recently detected as infected with the Porn Clicker Trojan.

Source

 
All the power of CCleaner, now available from your browser!

 CCleaner Cloud is the new cloud version of the legendary application. And like the original, has all the features any regular user of CCleaner will instantly recognize, but also a number of new ones that serve only to enhance what was already a smashing little program.

Different

Perhaps the biggest difference between CCleaner, and CCleaner Cloud is the fact that the control center now runs via your internet browser. What this means, is that all of a sudden taking care of multiple computers with CCleaner need no longer be the time consuming task it used to be, especially for businesses and overworked IT departments.

Instantly familiar

The CCleaner bit of CCleaner Cloud is pretty much the same as the standard desktop version, and works in the same fashion as well, allowing you clean the registry, uninstall programs, and get rid of all the junk that Windows likes to accumulate over time.
 
CCleaner Cloud also allows you to monitor and manage the optimization of lots of machines. Being able to remotely install apps, clean junk files and defragment several PCs all at once from the same interface. The web interface is also highly intuitive.

Easy setup

Installing and using CCleaner Cloud is straightforward and doesn’t take much time, but you do need to create an account via the website, install the 6MB agent, and confirm the email address you gave.
 
I found adding the Windows computers on my network to CCleaner remotely, an easy and simple task. One of the really nice features of CCleaner Cloud is the fact that not only is the default CCleaner utility available, but there’s also ready access to Degraggler, and Speccy; two of Piriform’s other workhorse programs. Remote defragging operations worked seamlessly, including removable devices, which while maybe obvious, is still a nice touch.
 
CCleaner Cloud also keeps track of all the events and actions that have been performs and sends email notifications, so you have a handy history of everything you’ve done. This sounds like a simple feature, but can be incredibly powerful! For example, you can be alerted when a drive is running out space, when certain errors occur, and so on.

Compatibility

The cloud version of CCleaner also works, and can be deployed to all Windows versions back to XP SP2, though I was unable to confirm this because my old XP machine may finally just have gone to Silicon heaven. Piriform do claim to only offer limited support for Windows 10 at present, but it seemed to work flawlessly on my 2 Windows 10 laptops. The only other requirements needed are at least 512MB of RAM and a fairly recent browser.
 
There are three editions available, and the Free version allows you to look after 3 machines remotely. You can also gain full access to the other editions via a free 14-day trial.


Final Words:
 
CCleaner Cloud is a very handy and useful tool to have on your machines. Making the jump to the cloud has only served to put Piriform ahead of its rivals, once again.

You can sign up for CCleaner Cloud here.

Source

NTFS Mechanic Standard 2.1.1.0

Quote:

NTFS Mechanic handles all types of problems that can occur with NTFS-formatted disks and your data stored on them. NTFS Mechanic can undelete deleted files and folders, recover files removed from the Recycle Bin, locate and restore files from formatted, damaged and inaccessible NTFS disks. Unlike simple undelete tools, NTFS Mechanic goes one extra step by repairing the damage, unformatting formatted NTFS partitions and recovering partition tables, boot records and other disk system structures to restore access to damaged and inaccessible disks.

The preview displays formatted documents, plays back video and music, enters compressed archives, and displays images of various formats. More than 220 types of files can be previewed.

Sniper: Ghost Warrior Trilogy 90% Off

Was: $19.99

Now: $1.99

Sniper: Ghost Warrior Trilogy is provided via Steam key.

For key redemption, a free Steam account is required.

Quote:

This bundle includes the following elements:
- Sniper Art of Victory,
- Sniper: Ghost Warrior,
- Sniper Ghost Warrior 2,
- Sniper: Ghost Warrior – Map Pack,
- Sniper: Ghost Warrior – Second Strike Pack,
- Sniper Ghost Warrior 2: Digital Extras,
- Sniper Ghost Warrior 2: Multiplayer Expansion Pack,
- Sniper Ghost Warrior 2: Soundtrack.

Password Boss is available as a giveaway contest for limited time!

GIVEAWAY RULES:
- We are giving 6 free license(s).
- You need to register and login to enter into the Giveaway contest.
- Winner(s) will be published after the giveaway ends!

Quote:


Password Boss is the password manager and digital wallet designed for anyone who has trouble remembering their passwords. By securely storing personal information and synchronizing it across all devices, Password Boss is the easiest way for people to safely login to websites, access their accounts and shop online. A premium version is available with features such as online backups, 2-step verification and unlimited, secure password sharing.

Features:
- Password Vault - Store an unlimited number of passwords
- Digital Wallet - Save time with faster online checkouts
- Auto-fill - Automatically fill in forms on websites
- Works on all Platforms - Available for PC, iOS and Android
- Access From Anywhere - Unlimited syncing across all your devices
- Unlimited Secure Sharing - Share anything with the people you trust
- Theft Protection - Delete data from lost devices
- 2-Step Verification - Additional layer of security to keep your data safe
- Automatic Online Backup - Keep your data safe

QScanner Pro - Quickly scan documents, books, receipts

Smart scanner help you scan your documents, books, receipts and save it to PDFs or Photo libs.

Quote:

01. Import image from Camera rolls, photos lib or take picture from camera

02. Select multi images as the same time from camera rolls

03. Easy to adjust frame to crop image what you want

04. Filter image to clearly by:

- Gray Scale
- Documents

05. Manage list file
- Multi select to delete

06. Export to PDF file with multi pages

07. Share via:
- Email within PDF file attach
- Upload PDF file to DropBox
- Save image back to camera roll
- Print

ASUS VP279Q-P 27″ Full HD LED Frameless Widescreen Monitor

http://gvwy.io/a1d40ht

Samsung Galaxy View
https://wn.nr/skS36v

Genie Timeline Professional 2015 with a very special price! (Save 84%)

It's time for the sale of a lifetime. Get the award winning Genie Timeline

For only $9.95! (originally $59.95)      


https://secure.avangate.com/order/checko..._24_2_2016                                  

Chinese devs hide app store inside an educational iOS app

The Chinese developers of an app called 开心日常英语 (Happy Daily English) have found a way to go around Apple's review process and embed a fully functional iOS app store inside their application and had it hosted on the official iOS App Store itself.

The developers of this app, a Chinese company named XY Helper, have done this by creating a fully working iOS app that exhibits two different behaviors based on the user's geographical location.

For non-Chinese users, the app would be a simple educational app that taught Chinese users English, but for Chinese users, the app would transform itself into an app store that allowed them to install rogue, pirated or cracked apps using various tricks, without requiring users to go through the side-loading process.

Double-faced behavior fools Apple's reviewers

The app got approved and added to Apple's website when the iOS App Store reviewers accessed the app, from somewhere outside China, and didn't notice anything strange, seeing its educational interface.

But as Palo Alto security researchers are explaining, this app followed all the legal procedures not to give itself away, and then installed third-party apps on user phones without triggering any alarms.

Its bag of tricks includes the re-implementation of a tiny Windows Apple iTunes client. This allowed users to download and even purchase apps from third-party stores using a realistic Apple interface.

The store-in-store app (codenamed ZergHelper by security researchers) also recorded some of Apple's Xcode IDE functions, so ZergHelper would automatically generate app development certificates, right from Apple's server. These certificates would then be used on a per-client basis to sign the rogue applications it would be installing.

For some users, the app captured their Apple IDs

The app also asked users to re-type their Apple IDs in order to generate these certificates in their names. For some users, ZergHelper reused Apple IDs so that it wouldn't attract too much attention.

On top of this, ZergHelper was coded in Lua, a programming language that allowed the developers to dynamically update the app, but without going through Apple's app review process. This technique allowed the developers to change the app's behavior without the risk of being discovered during subsequent updates, something akin to the JSPatch library.

The malicious store-in-store app existed on the official App Store from October 30, 2015, to February 19, 2016. Palo Alto says it noticed ZergHelper distributing over 50 apps rogue apps.

Source

Baidu Browser collects user's personal information
 
The Baidu Web browser for Windows and Android exhibits behavior that could easily allow a security researcher to categorize it as an infostealer virus because it collects information on its users and then sends it to Baidu's home servers.
 
Baidu Browser is the Chinese clone of Google Chrome, with  Baidu being a Web search company in China, just like Google, and the browser a spin-off from the Chromium project, just like Google Chrome.
 
An intrusion of user privacy

According to Citizen Lab researchers, the browser engages in the now-obligatory habit of collecting user details, which many software and Web-based services also do, "for analytics purposes."

The problem is that the Baidu Browser collects and then sends this information via unencrypted or easily decryptable connections.

During tests, researchers say that the Android version collects data about the user's operating system, the phone's IMEI, browsing history, search terms history, the phone's last GPS coordinates, and nearby wireless networks and local MACs.

On the other hand, the Windows version also collects data like the user's search history, browsing history, MAC address, CPU model, hard disk drive model and serial number, and file system volume number.

The browser collects and sends this information on startup, when the user starts typing content in their address bar, and on any page view.

Information collection behavior narrowed down to an SDK

Obviously, this is an intrusion of the user's privacy and something you wouldn't expect your browser to be collecting. This very same behavior is often found in infostealer (information stealer) malware that's usually deployed to collect information on targets before deploying more complex threats like ransomware, Bitcoin miners, spyware, or banking trojans.

Citizen Lab researchers narrowed down the information leakage issues to a common SDK, Baidu Mobile Tongji (Analytics) SDK, used for both the Android and Windows versions.

Together with mobile security firm Lookout, the researchers identified this SDK inside 22,548 app packages. Back in November 2015, researchers from Trend Micro identified a similar Baidu SDK, which could be found in 14,112 Android apps and included features that could be abused to install backdoors on all infected devices.

Insecure updates allow MitM attacks

But Baidu Browser's issues didn't stop here. Researchers also discovered that the browser checks and downloads updates but does not use code signatures. This practice exposes users to MitM (Man-in-the-Middle) attacks that allow an attacker to send malicious files to users disguised as a Baidu update.

Researchers say that they informed Baidu of all their issues, which the company started to address through updates to both the Android and Windows version on February 14, 2016. Some information leaks are still active.

Baidu also agreed to answer a list of questions regarding the browser's behavior. The answers can be viewed here.

In May 2015, the same Citizen Lab researchers analyzed another Chinese Web browser (UC Browser) and found a slew of issues in that product as well.

Source

Password Safe Portable 3.38.2 has been released. Password Safe Portable is a password manager that lets you carry your logins and passwords to websites and more with you in a secure, encrypted file. It's packaged in PortableApps.com Format so it can easily integrate with the PortableApps.com Platform. And it's open source and completely free.
 
Features:
Screenshot Password Safe allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire user name/password list. Security starts with you, the user. Keeping written lists of passwords on scraps of paper, or in a text document on your desktop is unsafe and is easily viewed by prying eyes (both cyber-based and human). Using the same password over and over again across a wide spectrum of systems and web sites creates the nightmare scenario where once someone has figured out one password, they have figured out all your passwords and now have access to every part of your life (system, e-mail, retail, financial, work).
 
What's New:

- Fixed entry corruption when database locked/unlocked while an entry was being edited (and possibly other scenarios).
- Ensure that the Tooltip on how to unprotect an entry is now shown against the tutorial text at the top of the dialog for wide displays.
- Newly added entries are now shown as selected in the Tree view.

 Homepage:

https://pwsafe.org/
https://sourceforge.net/projects/passwordsafe/files/

Download

EXE
https://sourceforge.net/projects/passwor...e/download

MSI
https://sourceforge.net/projects/passwor...i/download


Portable:
https://sourceforge.net/projects/portabl...e/download

Encrypt the web! HTTPS Everywhere is a extension to protect your communications by enabling HTTPS encryption automatically on sites that are known to support it.

Changelog
Firefox 5.1.4 / Chrome 2016.2.23
  * Fixes for Firefox Dev Edition
  * Chrome: Fix regressions in custom rule functions
  * Firefox: Fix custom ruleset regression

Homepage:
https://www.eff.org/https-everywhere

Changelog:
https://www.eff.org/files/Changelog.txt

Firefox Download:
https://addons.mozilla.org/en-US/firefox...verywhere/

Chrome and opera 15+ Download:
https://www.eff.org/files/https-everywhe...6.2.23.crx