Welcome, Guest
You have to register before you can post on our site.



  Third-Party Investigation Finds No Malicious Chips on Supermicro Motherboards
Posted by: mrtrout - Yesterday, 12:51 AM - Forum: Security News - No Replies

https://news.softpedia.com/news/third-pa...4225.shtml        Third-Party Investigation Finds No Malicious Chips on Supermicro Motherboards

No malicious hardware found by customers, US agencies either     
Dec 11, 2018 19:19 GMT  ·  By Sergiu Gatlan ·                 
The big hack that never was?

Supermicro launched an investigation to see if any malicious chips were indeed added on its server motherboards as reported by Bloomberg at the start of October 2018 and the results were negative.

"After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards," stated Supermicro in its press release.

The audit was conducted by a third-party investigations firm hired by Supermicro to eliminate any suspicions of bias and to prove beyond doubt that their products were not in any way compromised throughout the supply chain as Bloomberg outlined in their report.

The analysis used a collection of representative sample motherboard models including recently released motherboard models, as well as the model affected by the supply chain hardware hack mentioned by Bloomberg in its article.

"We appreciate the industry support regarding this matter from many of our customers, like Apple and AWS," also said Supermicro.

Supermicro also detailed the safeguard measures it uses to ensure its products are not compromised
The company added that "We are also grateful for numerous senior government officials, including representatives of the Department of Homeland Security, the Director of National Intelligence, and the Director of the FBI, who early on appropriately questioned the truth of the media reports."

In support of their findings, Supermicro stated that they have never been informed about malicious hardware being found in their products by any U.S. government agencies.

Furthermore, Supermicro failed to ever discover any proof of maliciously added chips or similar hardware in their server motherboard nor did their customers until Bloomberg's report or after.

The information tech company also said in its press release addressing Bloomberg's October report that it continuously tests every motherboard it manufactures against their design to detect any defects or aberrations that could appear during the assembling process.

Print this item

  The Humble Software Bundle: VEGAS Pro Even More Creative Freedom
Posted by: AAU - 12-11-2018 , 10:56 PM - Forum: Hot Deals & Discounts - No Replies

The Humble Software Bundle: VEGAS Pro Even More Creative Freedom

Even more awesome software for you. We're bringing the Magix back with another VEGAS Pro bundle! Get applications like VEGAS Pro 15 Edit and SOUND FORGE Audio Studio 12. Plus, your purchase will support charity!
Pay what you want. Normally, the total cost for the software in this bundle is as much as $788. Here at Humble Bundle, you choose the price and increase your contribution to upgrade your bundle! This bundle has a minimum $1 purchase.

Tier 1 ($1 USD)

  • Fastcut Plus Edition
  • Voucher Code for Producer Planet
Tier 2 Pay more than $21.80 USD
  • SOUND FORGE Audio Studio 12
  • VEGAS Movie Studio 15
Tier 3 Pay more than $25 USD 
  • VEGAS Pro 15
  • VEGAS DVD Architect
  • HitFilm Movie Essentials

Vizit here: https://www.humblebundle.com/software/ve...e-software

Print this item

  Steam games
Posted by: tregs_beales - 12-11-2018 , 06:40 PM - Forum: Personal Game Giveaways - Replies (5)

I got some games left, so as promised listing those below for a tiny giveaway. Lol

Note: I get some of these from friends & take these in good faith. You can understand that its impossible to check if serial is working or already redeemed, unless you activate it on Steam. So if a key turns out to be a duplicate its unfortunate & hopefully I can offer a different replacement game if I have it. You have to active it on Steam & hope all are ok & you get the game. This is the only term/condition I got for such personal giveaways of mine.
Fortunately none turned out as dup yet. Punk  


Action Henk 
Overwatch (Humble gift)
Serial Cleaner
Immortal Redneck
Zombie army trilogy
Amnesia Dark descent
Amnesia Machine for Pigs
Interplanetary: Enhanced Edition

First come first serve. 1 game per user.

This is the first batch, will arrange another dump of games by Christmas Thumb

Print this item

  Hackers Steal Over 40k Logins for Gov Services in 30 Countries
Posted by: Mohammad.poorya - 12-11-2018 , 04:27 PM - Forum: Security News - No Replies

Quote:Victims fell for phishing trick

According to Group-IB, the hackers were able to grab the username/password pairs via malicious emails that distributed well-known spyware tools like Pony Formgrabber, AZORult, and Qbot (Qakbot).
The phishing operation targeted both personal and corporate email accounts and disguised the malware as a legitimate file or archive. When the victim opened the attachment, the malware would deploy and start looking for sensitive information on the system.
Pony targets over 70 software programs, searching for credentials in configuration files, databases, and secret storages. Once it collects the data, it sends it to the attacker's command and control (C2) server.
AZORult pilfers passwords from web browsers and also forages for data related to cryptocurrency. This particular trojan comes with a diverse set of capabilities that includes downloader functionality to deliver other threats, such as the Aurora ransomware.


Print this item

Exclamation Supply chain compromise: Adding undetectable hardware Trojans to integrated circuits
Posted by: Mohammad.poorya - 12-11-2018 , 10:26 AM - Forum: Security News - No Replies

Quote:Is it possible for attackers to equip integrated circuits with hardware Trojans that will not change the area or power consumption of the IC, making them thus indiscernible through power-based post fabrication analysis?

A group of researchers from the National University of Sciences and Technology (Islamabad, Pakistan), the Vienna University of Technology and New York University have proven it is.

They have also demonstrated that hardware Trojans (HTs) can be implanted not only by adding logical gates to the original circuit, but also by identifying and safely removing expendable, redundant gates and embedding malicious circuitry at the appropriate locations.


Print this item

  War Hunter
Posted by: Mohammad.poorya - 12-11-2018 , 09:20 AM - Forum: Game Giveaway of the Day - No Replies

War Hunter is a first person shooter where you take control of the special agents and must fight your way through a cold and mean scenery and find the arms dealer Talib.
The world public is panic-stricken. A well-known arms dealer, Talib, stole a nuclear device from the Russian government.
The media is buzzing about the imminent extermination of all of humanity. The US government has sent a special unit to neutralize the enemy.
The Russians, in turn, send the best agent of the FSB. Will they be able to save the whole world together? Everything depends on you!
You have the classic FPS controls, with WASD and arrows to move your character and mouse to point and shoot.


Print this item

  Mockplus iDoc Professional
Posted by: Mohammad.poorya - 12-11-2018 , 09:14 AM - Forum: Giveaway of the day - No Replies

Mockplus iDoc, handoff designs with specs, assets and code snippets automatically.
Mockplus iDoc is a powerful product design collaboration tool for designers and engineers. It helps connect the entire product design workflow. It facilitates handoff by taking designs from PS, Sketch, Adobe XD and exporting into a format that can generate code snippets, specs, and assets.
 Export designs in one click from Sketch, XD and PS
 Generate accurate specs, assets, code snippets automatically
 Show design tasks and workflow in full-view storyboard
 Comment right on designs to give instant feedback
 Build hi-fi interactive prototypes with real design files

[Image: iDoc-box-giveaway.png]


Download: (Web App) Mockplus iDoc Professional
Mockplus iDoc is a web app that works directly in your browser, so there is nothing you need to download. However, you need to create an account to activate your free Professional subscription. To get your free subscription, do the following:

  • Click here to go to the developer's website. For new users, click the REGISTER button at the top of the page. You are then asked to enter your desired valid email address and password to create an account. Click CONTINUE to confirm. For existing users, you simply need to log in with your email and password.
  • Once registered and logged in, you must create a new team by clicking the down arrow button next to the default team name displayed at the top-left. Click CREATE TEAM and enter your new team name on the field provided. Click OK to confirm.
  • Once you’ve created a new team, click here to go to the upgrade page and an UPGRADE IDOC message should appear. Under PLEASE SELECT A TEAM TO UPGRADE, make sure to select the name of the new team you just created. After that, enter/paste the following giveaway activation code where it says PLEASE ENTER AN ACTIVATION CODE:
    • SharewareOnSale exclusive activation code: giveaway11
  • Finally, click UPGRADE to confirm. If successful, you will see a confirmation message that says ACTIVATED SUCCESSFULLY. That’s it!

Print this item

  Aiseesoft MobieSync 1.0.12
Posted by: ahmed - 12-11-2018 , 09:03 AM - Forum: Giveaway of the day - No Replies

[Image: skGgKi1.jpg]

Aiseesoft MobieSync is the iOS data helper to transfer, convert and manage photos, videos, contacts, and others easily. It works as the data transfer to copy files from/to iOS device to/from computer, and between iOS devices (iOS 12 supported). Moreover, it lets you convert HEIC images from your iPhone to be viewed on more devices that are playable conveniently. You can even customize ringtone for your iOS device without purchasing from iTunes Store conveniently. Get the all-in-one data transfer, HEIC converter and ringtone maker, and you can play your iOS device at ease.



Show ContentSpoiler:

Print this item

  Techsmith Snagit: The best Screen Capture Software
Posted by: tarekma7 - 12-11-2018 , 08:51 AM - Forum: Written Reviews - Replies (9)

[Image: QM0qJkG.png]

Snagit has long been the go-to screen capture and screen recording tool for millions of people worldwide, allowing anyone to quickly and easily capture and share information in easy-to-understand visual content. It is the Leader in Screen Capture Software. Take the hassle out of creating images and videos. Capture your screen, edit images, and deliver results. You will easily create images and videos to give feedback, create clear documentation, and show others exactly what you see.



Product Page:


Release date of version 2019: 23 October, 2018

Current version: Snagit 2019.0.1 (6 November, 2018)

Languages supported: English, German, French


Select Windows or Mac version according to your device:


Try the full version of Snagit for 15 days

After you install Snagit, sign up for a TechSmith Account and start sharing to Screencast.com right away.


[Image: AIFkow3.png]

You can purchase a license for personal use, business, education, government and nonprofit or upgrade from a previous version at a discounted price

[Image: G4Adtu9.png]

Purchase new license here:




[Image: oc6rWuV.png]

System Requirements (Windows):

Microsoft Windows 10, Windows 8.1, Windows 7 SP1, Windows Server 2016, or Windows Server 2012 R2
Windows N requires the Media Foundation Pack
(Not currently released for Windows 10 - 1809)
.NET 4.6 or later
2.4 GHz single core processor (dual core i5 required for video capture)
1 GB of RAM (4 GB required for video capture)
500 MB of hard-disk space for program installation
We recommend the 64-bit Snagit installation when using multiple monitors or a 4k display


[Image: ZNrIOiw.gif]

User Interface:

[Image: 1Ilmxoz.png]

[Image: toqr2l2.png]

Editor Menus:

[Image: HTPVWWT.gif]

Screen recorder:

[Image: 4bPUn2w.png]

[Image: cW5O49O.png]

[Image: Z7VBZFE.png]

Customize Toolbar:

[Image: Mp683im.png]

New features in Snagit 2019 include:

Snagit 2019 ups the ante by offering new features to help make it even easier to share visual content and help ensure that content has a longer shelf life.

[Image: 1R0LLMp.png]

Combine Images

Whether you want to show a step-by-step process or simply have multiple screen captures in one image, Snagit 2019’s Combine Images Tool offers a fast and easy way to pull multiple images together. You will quickly combine images to create a set of instructions, a short how-to guide, or a side-by-side comparison.

[Image: 8sGt3yC.png]

Favorites tool

Snagit has grown substantially since its debut as a simple screenshot tool. But all these great features means it can be hard to find the tool you want. Here comes the Favorites Tool to the rescue! No more unnecessary tool switching or hunting down a specific style. With the Favorites Tool, all your favorite tool styles are just a click away!

Stamp searching and browsing

As a Snagit customer you already have access to nearly 2,000 pre-made stamps — including icons, symbols, cursors, and more that can be easily applied to your images. They’re great for marking up screenshots or even building simple infographics. With Snagit 2019 you can easily search through the stamps library using keywords to find exactly what you’re looking for.

Simplify Tool

Whether you want to make it easier to keep content up to date or reduce the amount time it takes you to localize content, Snagit’s new Simplify Tool is about to become your new best friend. You can manually add your own custom objects or use auto simplify option

Using the principles of Simplified User Interface (SUI), the Simplify Tool removes distracting or unnecessary parts of an image (including unnecessary text) so that only the most relevant portions are visible — giving your content a longer shelf life and reducing the need for localization!

[Image: f9jVNjk.png]

[Image: NAELXga.png]

[Image: 9xVV8ni.png]

[Image: RNswbbh.png]

[Image: 21P9V6f.png]

[Image: ehLvjnF.png]

Other improvements:

include high DPI support, which means the Snagit interface now looks even better on devices with higher-definition screens, such as Microsoft Surface and Macbook Pro.

 [Image: cM73f0V.png]

New Features in the current version (19.0.1):

New Support Tool for more easily submitting diagnostic information to TechSmith Support.
Improved messaging when the Windows 10 camera and microphone privacy setting is disabled.
Improved visibility of which option is selected in the Selection Tool.
Improved messaging when attempting to Simplify a Combined Image.
Improved Combine text looks small when dealing with larger images.

For all release history:


[Image: 9c0JU20.png]

What are the benefits and features you get from Snagit?

Beyond ordinary screen capture
Snagit's award-winning screen capture software is the only program with built-in advanced image editing and screen recording.

Capture anything on your screen
Snagit makes it easier and more intuitive to capture your screen or record video. Capture your entire desktop, region, window, or scrolling screen.

Edit with a few clicks
Get a full suite of editing tools. And create images on your own. Edit screenshots or build custom graphics. Without needing to work with a designer.

Deliver results
The human brain processes visuals 60,000 times faster than text. Snagit makes it easy to add videos and images to your email, training materials, documentation, blogs, or social media. Or get a short URL to share your screenshots and recordings with anyone.

Snagit integrates with the tools you use:

[Image: zinO8tn.png]

[Image: BgfJIld.png]



Record anything on your screen:

[Image: mbKy7gv.png]

Screen Recorder

Snagit's screen recorder lets you quickly record yourself working through steps. Or grab individual frames out of the recorded video. Save your video file as an MPEG-4 or animated GIF.

[Image: nqgoAwv.png]

[Image: eQKX17F.png]

Record Webcam

Toggle between webcam and screen recording during a video. Use the recorder to add a personal touch with teammates or clients, no matter where they are.

Record Audio

Include audio in your videos from either a microphone or your computer’s system audio.

Animated GIFs

[Image: wX43MQS.png]

Turn any short recording (.mp4) into an animated GIF, and quickly add it to a website, document, or chat. Snagit comes with default and custom options to create the perfect GIF, every time.


Trim Video Clips

Remove any unwanted sections from your screen recordings. Cut any section at the beginning, middle, or end of your video.

Record iOS Screen

The TechSmith Capture App lets you record your iOS screen with just a few taps and instantly share it back into Snagit for trimming.

All-in-One Capture®

Capture your entire desktop, a region, a window, or a scrolling screen.

Scrolling Screen Capture

Take a full-page, scrolling screenshot. Snagit's screen capture tool makes it simple to grab vertical and horizontal scrolls, infinitely scrolling webpages, long chat messages, and everything in between. Snagit can capture the entire contents of a web browser or application window including the content that extends beyond the visible area in the window.

[Image: vA2VNXl.png]

[Image: nJLMZUw.png]

[Image: ynAGyxM.png]

Grab Text

Extract the text from a screen capture or file and quickly paste it into another document for edits. Easily copy information without retyping all the text.

 [Image: dRBywhG.png]

[Image: 4T6NQrm.png]

[Image: v9z2aBz.png]


Annotate screen grabs with professional markup tools. Add personality and professionalism to your screenshots with a variety of pre-made styles. Or you can create your own.

Step Tool

Quickly document steps and workflows with a series of numbers or letters that automatically increase.

Smart Move

Automatically make objects in your screen captures movable. Rearrange buttons, delete text, or edit other elements in your screenshots.

[Image: Dvk2a9D.png]

Text Replace

Snagit recognizes the text in your screenshots for quick editing. Change the words, font, colors, and size of the text in your screenshots without having to redesign the entire image.

[Image: uuBd1jA.png]

[Image: 9sk2ueM.png]

Magic Wand Tool

Use the Magic Wand tool to select an area on your image based on color. Quickly remove a background or replace the color in objects such as text or logos throughout a screenshot.


Personalize your images with stickers specifically designed for screenshots. Get the latest stamps straight from Snagit, or download previous stamps here.


Find all your past captures without wasting time digging for them. Your screen captures are automatically saved to your library. Tag captures to always keep your projects organized.

[Image: XWqDajL.png]

Share Captures:

Quickly share your images or videos using the Snagit outputs.

[Image: oYm7qUq.png]

[Image: FphRxO7.png]

Edit with Tools: Tool Types:

Arrow, Blur, Callout, Crop, Cut Out, Eraser, Favorites, Fill, Grab Text, Highlighter, Line, Magic Wand, Magnify, Move, Pen, Selection, Shape, Simplify, Stamp, Step, Text

[Image: DgaJrdC.png]

Add Effects:

Add an effect to enhance an image. Effects can be applied to the entire image or a selection.

You can learn how to quickly add or delete effects here:


[Image: ijBfIaN.png]

[Image: nCnpftl.png]

[Image: NbLwPeI.png]

Create Presets:

Presets automatically remember your capture settings. Use presets to save commonly used capture settings. Quickly switch between capture types based on the task at hand. Automate which effects are added or locations where captures are shared during the capture process. You can import and export Snagit Preset files (.snagpresets) to share your capture settings with others. You can arrange the Preset List using drag and drop according to your needs

[Image: oztoltw.png]

[Image: EPLXT7l.png]

Snagit Printer Capture Settings (Windows)

Send content from an application into Snagit Editor using the application's Print option.
The process is very easy. Simply, in the Capture window, select File, Capture Preferences, Capture tab, Printer Capture Settings.

[Image: MYB6dQg.png]

[Image: t5YzN0E.png]

[Image: Y0OsNyZ.png]

Record Videos:

[Image: 3A32DeI.png]

[Image: 7LcsX9y.png]

Record a video of the screen as an MP4 video. You can choose to record microphone audio, system audio, and a webcam. Use Snagit videos to:
Walk someone through a process or issue, record a demonstration or a how-to video, record a presentation switching between the presentation slides and video of the speaker, send someone audio and visual feedback in a video, record a small portion of an online video or animation.

Snagit Preferences:

To open the Snagit Preferences, simply select Capture Window, File menu then Capture Preferences. Alternatively you can select Snagit Editor, Edit, Editor Preferences.

[Image: eRleTGX.gif]

[Image: uJouOXf.gif]

Is it better for you to Upgrade to the latest version?

The answer is yes. Now let’s discuss why

The new release of SnagIt offers the quickest way to create step-by-step instructions
You can easily take separate Snagit images and combine them into one, organized piece of content. Perfect for step-by-step instructions, how-to guides, documentation, and more.

Find what you need, when you need it
Favorites allows you to keep all of your most valuable tools together in one spot. There’s no need to dig through menus to find the callouts, arrows, stamps, and shapes you use every day.

Simplify your screenshots with just a click
Now you can convert your standard screenshots into simplified graphics. By simplifying a screenshot, you can make it easier to focus your audience’s attention on the important parts.

Search stamps faster than ever
Quickly search through nearly 2,000 pre-made stamps in Snagit. These graphics include icons, symbols, cursors, and more that can be easily applied to your images.


Snagit 2019 makes it easy to create powerful and practical images and video. It supports simplified user interface to extend the shelf life of your content and enables combining of multiple images to accelerate process documentation.  In addition, it helps to put  most-used features right at your fingertips with the new Favorites tool.

More information/Important Links:

Did you not find what you were looking for in the online help? Check out one of our other resources:
Snagit Tutorials: Free training videos, tutorials, and guides.
Technical Support Articles: Browse our support articles for help with an issue or contact an expert.
 Community: Get help with the TechSmith user community.
Enterprise Resources: Administrator resources and guides to help deploy and customize Snagit installations.

Software Key Help: Learn how to unlock TechSmith products. 

Print this item

  Australian Government Passes Controversial World-First Anti-Encryption Law
Posted by: Mohammad.poorya - 12-11-2018 , 03:50 AM - Forum: Security News - No Replies

Quote:The Australian government yesterday passed a controversial bill that allows law enforcement agencies to compel tech companies to hand over encrypted messaging data.

The legislation has been broadly condemned by privacy groups and technology companies with suggestions it could not only harm the Australian tech industry, but undermine encryption security worldwide. The Australian legislation has been brewing for more than a year now, with constant calls from governments around the world reiterating concerns over an inability for law enforcement agencies to access encrypted communications. The legislation, called The Assistance and Access Bill 2018, can compel a private company to create new interception capabilities so no communications data is completely inaccessible to the government. Even more controversial is the fact that this security vulnerability must be deployed in secret, without public knowledge. The new legislation is undoubtedly problematic, in a variety of ways, however, the Australian Senate rushed the bill through at the end of the final sitting day for the year, amidst a whirlwind of political games and sniping. The country's primary opposition party ultimately capitulated into supporting the bill, despite long-standing concerns, with opposition leader Bill Shorten buying into the argument that delaying the legislation until next year would threaten the country's national security.

Earlier this year, in a submission to the Australian Parliament, Apple condemned the proposed legislation calling it "extraordinarily broad" and "dangerously ambitious". The core issue frequently raised is that forcing companies to embed some kind of backdoor access to encrypted data fundamentally weakens security for everyone. It's unclear exactly what this bill will be asking of technology companies as comprehensive end-to-end encryption is a fundamentally unassailable process. Once encryption is enabled in an app such as WhatsApp, the company has no way to access that data. So, if it were legally compelled to create something under the parameters of this legislation it would have to involve some kind of backdoor that allows the company to intercept a message at either the point of sending, or the point of receipt. Due to the vagaries in the new legislation it is unclear exactly what will play out over the next six to 12 months. What we can be sure of is that this Australian regulation will have far-reaching global implications.

Ted Hardie, chair of the Internet Architecture Board, suggested the legislation may even break laws in other countries if the Australian government tries to force companies to hand over sensitive data. The massive GDPR law rolled out across Europe earlier this year is a prime example raised by Hardie."We are concerned that the proposed legislation may cause these service providers to violate contracts or laws in other jurisdictions, depending upon the exact nature of the requests made," Hardie writes. "For example, companies with European presence are required to handle sensitive data according to the GDPR, and by complying with an Australian order for data that might be located in Europe, that provider could be required to violate the GDPR to satisfy Australian law."


Print this item

  EU Should Worry About Huawei, Other Chinese Firms
Posted by: Mohammad.poorya - 12-11-2018 , 03:47 AM - Forum: Security News - No Replies

Quote:"Do we (in Europe) have to be worried about Huawei or other Chinese companies?" Ansip asked during a press conference in Brussels.

"Yes, I think we have to be worried about those companies because they set new rules according with their IT companies, their producers," Ansip said.
"They have to cooperate with their intelligence services. And this is about mandatory backdoors," the former prime minister of Estonia added.

He said he has long opposed such backdoors where the firm may use chips to obtain secrets from customers, though he pointed out little was known about concrete cases.
"It's not a good sign when companies have to open their systems for some kind of secret services," he added. "As normal ordinary people of course we have to be afraid.


Print this item

  9 Suppressed Inventions That Could Have Changed The World
Posted by: mrtrout - 12-11-2018 , 03:32 AM - Forum: Off Topic Chat - No Replies

9 Suppressed Inventions That Could Have Changed The World     

Quote:Vintage Files
Published on Jun 4, 2017     Here is the list of 9 Suppressed / lost inventions in history that could have changed the world. From a strange time travel machine to a mechanic who invented a water fuelled car.

9. Water Fuel Cell
8. Cloud buster
7. Starlite
6. Rife devices
5. Sloot digital coding system
4. Ogle’s Carburetor
3. Greek Fire
2. Chronovisor
1. Project X.A.   

  Images used in this video are under fair use.

Print this item

  Lights on the lake 2018
Posted by: Mike - 12-11-2018 , 02:11 AM - Forum: Photo Albums, Images, & Videos - No Replies

This is a drive thru of the entire 2 1/2 mile animated light show on Onondaga Lake, put on by the Onondaga County Parks Dept. This is just a teaser as a camera mounted on the dash just cannot do this show justice. Watch this video and then make plans to see "Lights on the lake" in person

Print this item

  Facebook's hidden battle against ad-blockers
Posted by: mrtrout - 12-10-2018 , 11:38 PM - Forum: Security News - No Replies

https://www.bbc.com/news/technology-46508234         Technology
Facebook's hidden battle against ad-blockers
9 hours ago    The methods Facebook uses to thwart ad-blocking technology have been criticised by web developers.

The social network injects dozens of lines of code in every page to make it harder for ad blockers to detect and hide sponsored posts.

But that makes the website less efficient and stops software such as screen readers used by visually impaired users from working properly.

The BBC has contacted Facebook for comment.

In order to block advertising, developers look for patterns in a website's code that can be consistently identified and hidden.

It would be easy for a plug-in to spot the word "sponsored" or to find a container labelled "ad" inside the webpage code, so companies, including Facebook, use coding tricks to obfuscate their ads.

The tricks Facebook uses to fool ad-blocking plug-ins include:

breaking up the word "sponsored" into small chunks only one or two letters long
inserting extra letters, as in "SpSonSsoSredS", hidden to the viewer
adding the word to all regular posts on the news feed, even ones that are not ads, and then using another piece of code to hide it on the non-ads
Facebook provides some controls for users to influence the ads they see.

"Although you can't opt out of seeing ads entirely, you can influence the types of ads you see by giving us feedback or hiding ads and advertisers that you don't want to see," it says in its help centre.

Developers working on the uBlock Origin browser plug-in have been documenting their counter-measures on coding site Github.

In one case, they worked at blocking ad containers labelled "feed_subtitle" and "feed-subtitle".

"That solves it quite neatly," one said. But two days later, Facebook had changed its code again.

"These guys act quick. Now the div [container] is named 'feed_sub_title_ 128; 1402960186614717; 0; 2216051248638936; 1542673577: -7185000746684546330: 5:0:47233'," a coder said.

One, posting as filbo, pointed out that the sponsored text was different depending on your language settings, so ad-blocking efforts should not focus on the word "sponsored".

"If a workable UI-language-neutral expression can be written, that's better," they wrote.

Another, posting as okiehsch, suggested development would never stop.

"I doubt very much that Facebook will stop trying to push their ads, so this issue will never be 'fixed'," they wrote.

Print this item

  Satan Ransomware Variant Exploits 10 Server-Side Flaws
Posted by: mrtrout - 12-10-2018 , 11:34 PM - Forum: Security News - No Replies

https://www.darkreading.com/threat-intel...id/1333448        THREAT INTELLIGENCE     12/10/2018
04:04 PMJai VijayanJai Vijayan
News     Satan Ransomware Variant Exploits 10 Server-Side Flaws
Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
A new version of ransomware that first surfaced about two years ago is garnering attention for its ability to spread via as many as ten different vulnerabilities in Windows and Linux server platforms.

"Lucky," as the new malware is called, is a variant of Satan, a data encryption tool that first became available via a ransomware-as-a-service offering in January 2017. Like Satan, Lucky also is worm-like in behavior and capable of spreading on its own with no human interaction at all.

Security vendor NSFocus spotted the variant on systems belonging to some of its financial services customers in late November, and described it as likely to cause extensive infections worldwide. The malware is capable of exploiting previously known vulnerabilities in Windows SMB, JBoss, WebLogic, Tomcat, Apache Struts 2, and Spring Data Commons.

Sangfor Tech, another security vendor, also heard from a customer in the financial sector about Lucky infecting some of their Linux production servers. In a blog post, Sangfor said its researchers found the ransomware to encrypt files and append the name '.lucky' to the encrypted files.

NSFocus identified the ten vulnerabilities that Lucky uses to propagate itself: JBoss default configuration vulnerability (CVE-2010-0738); Tomcat arbitrary file upload vulnerability (CVE-2017-12615); WebLogic arbitrary file upload vulnerability (CVE-2018-2894); WebLogic WLS component vulnerability (CVE-2017-10271); Windows SMB remote code execution vulnerability (MS17-010); Spring Data Commons remote code execution vulnerability (CVE-2018-1273); Apache Struts 2 remote code execution vulnerability (S2-045); Apache Struts 2 remote code execution vulnerability (S2-057); and Tomcat Web admin console backstage weak password brute-force flaw.

"There is a risk of extensive infections because [of the] big arsenal of vulnerabilities that [the malware] attempts to exploit," says Apostolos Giannakidis, security architect at Waratek, which also posted a blog on the threat.

All of the vulnerabilities are easy to exploit, and actual exploits are publicly available for many of them that allow attackers to compromise vulnerable systems with little to no customization required, he says. Several of the vulnerabilities used by Lucky were disclosed just a few months ago, which means that the risk of infection is big for organizations that have not yet patched their systems, Giannakidis says.

All but one of the server-side vulnerabilities that Lucky uses affect Java server apps. "The vulnerabilities that affect JBoss, Tomcat, WebLogic, Apache Struts 2, and Spring Data Commons are all remote code execution vulnerabilities that allow attackers to easily execute OS commands on any platform," he notes.

Ransomware attacks have not been quite as high-profile this year as they were in 2017, with the WannaCry and NetPetya outbreaks. But as the new Lucky variant shows, ransomware still remains a popular tool in the attacker's arsenal.

SecureWorks recently analyzed threat data from over 4,000 companies and found that low and mid-level criminals especially are maintaining a steady level of malicious activity against enterprises using ransomware and cryptomining tools. The firm found no discernable difference in ransomware activity between this year and 2017.

Ransomware Pivots to Servers

Like other self-propagating malware, Lucky attempts to spread right after it completes encrypting files on the victim system. The malware scans for specific IPs and ports on the local network and then sends its malicious payload to any systems that are discovered to be vulnerable.

Lucky is an example of how attackers have evolved ransomware tools over the past two- to three years. Instead of targeting OS vulnerabilities—such as Windows SMB protocol—on desktop and other end-user systems, attackers have pivoted to attacking servers instead, Giannakidis notes.

"Instead of targeting OS vulnerabilities their focus is now applications and services on servers," Giannakidis says. "This is also evident by the fact that the ransomware targets Linux systems, which are primarily used for servers."

One reason for the shift in attacks could be that patching server-side applications is a considerably more difficult task than patching desktops. Servers with vulnerabilities in them are likely to remain unpatched—and therefore exposed to attack—for longer periods than vulnerable end-user systems, Giannakidis notes. "According to recent studies, organizations need on average at least three to four months to patch known vulnerabilities with windows of exposure of more than one year to be very common in the enterprise world."

What to Do

NSFocus recommends using an egress firewall or similar functionality to check for suspicious port scanning activity as well as for vulnerabilities getting exploited. Security admins also should check for requests to access to a list of four specific IP addresses and domains and provided steps that organizations can follow to remove the virus from infected systems.

And upgrade to the latest versions of affected software, NSFocus says, and install patches where available.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Print this item

  Japan bans Huawei and ZTE 5G networking hardware; will Canada be next?
Posted by: mrtrout - 12-10-2018 , 11:29 PM - Forum: Security News - No Replies

https://venturebeat.com/2018/12/10/japan...a-be-next/       Japan bans Huawei and ZTE 5G networking hardware; will Canada be next?   
JEREMY HORWITZ@HORWITZ DECEMBER 10, 2018 12:02 PM      If 5G equipment bans from the United States, Australia, and New Zealand weren’t enough this year, Huawei will end 2018 on an even worse note: Kyodo News reports that Japan’s government has decided to block the Chinese company and its smaller rival ZTE from network hardware procurement. Not coincidentally, Canadian authorities are publicly discussing a similar ban following last week’s arrest of Huawei’s CFO.

Japan’s decision comes less than a month after the United States reportedly lobbied several overseas allies to block Chinese cellular hardware from their wireless networks, in part due to concerns over monitoring of U.S. military base communications. According to reports, the U.S. floated the prospect of financial subsidies for compliant countries, alongside the threat of reduced assistance to non-compliant ones.       Kyodo reports that the Japanese government complied, and is coordinating with top cellular providers to remove Huawei and ZTE hardware from their networks. Three carriers have agreed to stop using Chinese 4G equipment and not introduce new 5G hardware into their networks. A soon-to-be-launched fourth carrier has also said it will not use Chinese networking gear.

“It’s extremely crucial not to procure equipment that embeds malicious functions including information theft and destruction,” said Yoshihide Suga, Japan’s Chief Cabinet Secretary, noting that the country is now studying what to do with already purchased Chinese hardware. Top carrier Softbank has indicated that it will replace Chinese 4G cellular products with U.S. and European alternatives, while rivals NTT Docomo, KDDI, and Rakuten will avoid using Huawei and ZTE networking hardware in their 5G infrastructures.

Notably, none of the Japanese carriers will stop selling consumer devices such as phones and tablets from Huawei or ZTE, as they are not believed to impact core network security. That’s unlikely to change in the immediate future, giving users the ability to keep purchasing comparatively inexpensive Chinese products — albeit with potential security risks.

Huawei has strongly denied accusations that its products constitute any form of security risk, and continues to offer its 5G networking hardware to carriers in South America, Africa, and Asia. ZTE was nearly forced to stop doing business entirely after a brief but hastily modified ban by the U.S. government, and actively turned its attention to pitching Japanese cellular companies, apparently without success.

China’s government has responded forcefully to each of the international bans, most recently defending Huawei and ZTE in a statement (via Google Translate) ahead of the Japanese government’s decision. But the protestations have generally fallen on deaf ears, and U.S. officials have continued to lobby friendly intelligence agencies across the world.

Northern neighbor Canada could be the next major U.S. ally to block Huawei from its communications networks. U.S. lawmakers lobbied Canadian Prime Minister Justin Trudeau for a ban on Huawei 5G gear in October, but the government was largely quiet until shortly after Huawei CFO Meng Wanzhou — daughter of the company’s founder, Ren Zhengfei — was arrested in Canada last week on charges of violating U.S. sanctions against Iran.

Though Canadian authorities have described the arrest as non-political, it brought longstanding issues with Huawei to greater attention in the Canadian media. Shortly after The Globe and Mail published a scathing opinion piece on Huawei, former Prime Minister Stephen Harper called for the company to be banned, suggesting that western allies needed to hold China accountable for “rule breaking” that imperiled its trade relationships with partners. “I obviously note that the United States is encouraging western allies to essentially push Huawei out of the emerging 5G network,” Harper said, “and my personal view is that that is something western countries should be doing in terms of our own long-term security issues.”

Soon thereafter, the Toronto Sun built upon Harper’s comments in an anti-Huawei editorial, saying that the company couldn’t be trusted to participate in Canada’s 5G network. And in a separate interview today, Canada’s Infrastructure Minister Francois-Philippe Champagne told the National Post that the country is relying upon input from its intelligence services in deciding whether to ban Huawei, putting national security first in the decision.

While there’s no timetable yet for Canada’s decision on Huawei, and Champagne has said that the issue is too important to be rushed, time is running out if the country hopes to deploy 5G over the next year. Huawei participated in 5G testing with Canadian carrier Telus in February, but by March, Canadian authorities began to question the wisdom of deploying Huawei 5G hardware. The first live Canadian 5G network, dubbed ENCQOR, is scheduled to begin serving business customers in early 2019.

Print this item

  Russian Car
Posted by: Mohammad.poorya - 12-10-2018 , 10:05 AM - Forum: Game Giveaway of the Day - Replies (2)

Russian Car Feel like the legendary driver of VAZ 2108! Participate in a race through the countryside.
Try yourself on rally. Custom your car. Drift! Participate in a drag race. Get out of the chase ...

Print this item

  WebSite X5 Professional 17 (5 License)
Posted by: ahmed - 12-10-2018 , 09:21 AM - Forum: External Giveaways/Contests - No Replies

[Image: ILkwlwo.png]

Win one of the 5 licenses for WebSite X5 Professional 17!
WebSite X5 Professional 17 offers you the best way to launch and grow your online activities. Impeccably designed websites tailored for every kind of business, advanced features to sell physical products, and management that's all in one place, including your mobile device, with the included WebSite X5 Manager and Feedready apps. In just minutes, create original websites, product landing pages, and professional online stores for you and your clients.


5 days or less Time Remaining!

Print this item

  (DCT) Ashampoo Video Optimizer Pro ( 5 licenses)
Posted by: longin - 12-10-2018 , 09:12 AM - Forum: External Giveaways/Contests - No Replies

Ashampoo Video Optimizer Pro

  • [Image: aFAFQVh.png]
  • Quote:“Ashampoo Video Optimizer Pro is an effective solution to enhance the quality of your videos. Stabilize shaky footage super easily, optimize contrasts and colors or sharpen your clips. Remove digital noise and flicker with incredible ease. Create slow motion or time-lapse effects and fix lens distortions at the click of a button. Use the built-in editor to rotate, crop or merge your videos.” ~ 
  • This contest will be active beginning Monday, December 10 and will expire at midnight Thursday, December 20, 2018. Winner(s) will be chosen by random drawing and will be notified by eMail

  • Winner(s) must claim their prize within five (5) days

Print this item

  Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix
Posted by: Mohammad.poorya - 12-10-2018 , 03:59 AM - Forum: Security News - No Replies

Quote: Bug dealt with in Chrome and Edge, but still a problem for Firefox users.

Malware authors, ad farmers, and scammers are abusing a Firefox bug to trap users on malicious sites.

This wouldn't be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren't abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007.

The bug narrows down to a malicious website embedding an iframe inside their source code. The iframe makes an HTTP authentication request on another domain. This results in the iframe showing an authentication modal on the malicious site, like the one below.
Sure, Mozilla is an open source project, and it doesn't have unlimited resources to handle all the reported issues, but you'd think that after more than 11 years a Firefox engineer would find the time to fix an actively exploited issue.


Print this item