« First «...10 20 30...1,568 1,5691,5701,571 1,572...1,580 1,590 1,600...»Last »

Facebook Take the Next Step: A Test to Encrypt Messenger in Early Phases – Digital Information World

Posted on November 3, 2019 by admin

After facing a lot of criticism by peers and users, Facebook is taking baby steps to increase data privacy on the platform. For Facebook, this also involves securing the conversation between people along with the communication transfer through audio and video calls.

Currently, this feature is only available on WhatsApp by default where the chats and audio calls between the users are encrypted.

In March, Mark Zuckerberg announced that Facebook is trying to encrypt the messaging service on the platform through a Secret Mode. Jane Manchun Wong, a reverse engineering guru reported that Facebook is trying to introduce encryption through Secret Mode. However, the encryption is only available on the Secret Mode and not in the normal mode.

Although the secret conversation mode is available and provides encrypted messaging but not call service as yet.

Messenger calls are expected to be encrypted in a limited way and therefore, a lot of people might not be able to use it as this platform is far from secure communication.

Read next: Are mobile phone carriers spying on us? Edward Snowden explains it all

Unlock BitLocker Encrypted Fixed or Removable Data Drive in Windows 10 – TWCN Tech News

Posted on November 3, 2019 by admin

BitLocker Drive Encryption is a data protection feature that integrates with the OS, Fixed & Removable drives that addresses threats of unauthorized access. In this post, we show you how to use password or recovery key to unlock a drive encrypted by BitLocker in Windows 10 using the following methods:

Open This PC in File Explorer (Win+E).

To unlock the locked fixed or removable BitLocker drive you want, right-click the drive and click Unlock Drive.

To Unlock the Data Drive with BitLocker Password, do the following-

Enter the password to unlock this drive, click Unlock.

The drive is now unlocked.

To Unlock the Data Drive with BitLocker Recovery Key, do the following-

Click the More options link.

On the next prompt, click the Enter recovery key link.

On the next prompt, make a note of the key ID (e.g., BED9A0F3) to help ID the recovery key for this drive.

Now go to where you backed up the BitLocker recovery key for this drive. Look for the 48-digit recovery key for this drive that matches its key ID (e.g., BED9A0F3).

Now type in the 48-digit recovery key for this drive. Click Unlock.

The drive is now unlocked.

Open the Control Panel (icons view), and click the BitLocker Drive Encryption icon.

Click the Unlock drive link for the locked fixed or removable data drive you want to unlock.

To Unlock the Data Drive with BitLocker Password, do the following;

To Unlock the Data Drive with BitLocker Recovery Key, do the following;

Open an elevated command prompt.

To Unlock the Data Drive with BitLocker Password, do the following-

Type the command below into the elevated command prompt and hit Enter.

When prompted, type the BitLocker password for this drive and hit Enter.

Note: Substitute in the command above with the actual drive letter (ex: D) of the fixed or removable drive you want to unlock. For example:

The drive is now unlocked. You can now exit the elevated command prompt environment.

To Unlock the Data Drive with BitLocker Recovery Key, do the following-

Type the command below into an elevated command prompt and hit Enter.

Make a note of the first section of numbers (e.g., BED9A0F3) for the Numerical Password ID. This is the key ID to help ID the recovery key for this drive.

Note: Substitute in the command above with the actual drive letter (e.g., E) of the fixed or removable drive you want to unlock. For example:

Now go to where you backed up the BitLocker recovery key for this drive, as above. Look for the 48-digit recovery key for this drive that matches its key ID (e.g., BED9A0F3).

Now, type the command below into the elevated command prompt and hit Enter.

Substitute in the command above with the actual drive letter (e.g.: E) of the fixed or removable drive you want to unlock. Also, substitute in the command above with the 48-digit recovery key. For example:

The drive is now unlocked. You can now exit the elevated command prompt environment.

Thus you can unlock a Fixed or Removable BitLocker Encrypted Drive in Windows 10.

Originally posted here:
Unlock BitLocker Encrypted Fixed or Removable Data Drive in Windows 10 - TWCN Tech News

How to create a BitLocker Drive Encryption shortcut in Windows 10 – TWCN Tech News

Posted on November 3, 2019 by admin

Users might find it useful to create a special shortcut to launch the BitLocker Drive Encryption window directly with one click. From there, you will be able to suspend the drives protection, change how your drive is unlocked at startup, back up your recovery key, or turn off BitLocker completely for one or more installed drives. In this TWC post, we will show you how to create a desktop shortcut to launch the BitLocker Drive Encryption panel in Windows 10.

To create a desktop shortcut, right-click on an empty area on your desktop, and click New >Shortcut.

Copy and paste the following into the location field, and click Next:

Type BitLocker Drive Encryption for the name, and click Finish button.

Right-click the new BitLocker Drive Encryption shortcut, and click Properties.

Click the Shortcut tab, then click the Change Icon button.

Now copy and paste the following into the Look for icons in this file field and hit Enter:

Sselect the icon highlighted in blue, and click OK.

Click OK on the next pop-up window.

You can give the shortcut any name or use any icon that you like.

You have now created the desktop shortcut for opening the BitLocker Drive Encryption panel.

Read the original here:
How to create a BitLocker Drive Encryption shortcut in Windows 10 - TWCN Tech News

WhatsApp Pegasus attack: iMessage, Signal, Wire and other messaging apps with end-to-end encryption – The Indian Express

Posted on November 3, 2019 by admin

WhatsApp has been vocal about the end-to-end encryption it offers for messaging and this was not exploited for the Pegasus attack.

Popular messaging platform WhatsApp was used to spy on journalists and human rights activists in India using an Israeli spyware tool called Pegasus. With the worlds most popular app that has a total of 1.5 billion users under the radar, it wont be surprising if many seem to be looking at other secure messaging options. Some popular ones include iMessage, Wire, and Signal that offer end-to-end encryption for messages.

WhatsApp has been vocal about the end-to-end encryption it offers for messaging and while this was not exploited for the Pegasus attack, the spyware took advantage of video/voice call function on the app, which had a zero-day security flaw.

We take a look at some end-to-end messaging options to consider other than WhatsApp:

Apple says it offers end-to-end protection for iMessage and FaceTime conversations across all devices. In addition, the third-party apps that use iMessage are not given access to a users conversations. Apple iMessage is among the top ways to protect privacy when it comes to messaging but do note that the service is only available to users of Apple devices.

Wire is another option that offers end-to-end encryption across its messenger, voice, video, conference calls, file-sharing, and external collaboration services. The end-to-end encryption is switched on by default for conversations, text files, files and images, etc.

Also read: In September, WhatsApp told govt 121 individuals affected by Pegasus spyware

The messaging service is free for personal usage, though there is a paid version as well for enterprises. Wire is supported on various platforms as well, which makes it an even better option. Apart from Android and iOS, Windows, macOS, Linux, and browsers such as Chrome, Firefox, Edge, Opera are supported as well.

Signal is free for everyone and messages and calls are end-to-end encrypted. Among other features is disappearing messages as users can set timers for when they want their message to automatically get deleted or disappeared. Signal can be used on iPhone, Android as well as desktop.

Read more: Explained: What is Israeli spyware Pegasus, which carried out surveillance via WhatsApp?

Telegram has this feature called Secret Chats which offers end-to-end encryption for chats, though like WhatsApp not all chats are encrypted by default on Telegram. Facebook Messenger also has a similar Secret Conversation feature where the chats are end-to-end encryption. Reports suggest Facebook is also looking an encrypting audio and video calls, though it is unclear when the feature will be rolled out.

(Disclaimer: When the phone is hacked, it doesnt matter which other end to end encrypted platform one uses because it isnt secure)

See original here:
WhatsApp Pegasus attack: iMessage, Signal, Wire and other messaging apps with end-to-end encryption - The Indian Express

The never-ending Mt. Gox saga: Cryptocurrency recovery deadline pushed back (again!) – The Next Web

Posted on November 3, 2019 by admin

I hate to be the bearer of bad news, but victims who lost money as a result of Mt. Goxs implosion will have to wait even longer to get their refunds.

The news comes after the trustee, tasked with refunding users, again decided to extend the submission deadline for claims.

In a statement released earlier this week,Nobuaki Kobayashi said a Tokyo District Court had issued an order to extend the deadline until March 31, 2020.

Kobayashi announced the deadline extension just one day before the current one, which was agreed in April, expired.

When it collapsed in 2014, Mt. Gox was the biggest cryptocurrency exchange in the world, handling approximately 70 percent of all Bitcoin transactions.

It officiallyfiled for liquidationin April 2014, claiming750,000 BTC had been lost, although 200,000 BTC was later recoveredfrom a forgotten wallet.

Nobuaki Kobayashi was appointed a trustee after former CEO Mark Karpeles failed to safely operate the exchange.

Last summer, apress releasewas published on the Mt. Goxwebsite alongside anonline toolfor submitting claims, signaling it was readyingto return$1 billion in stolencryptocurrency.

As frustrating as it must be for victims, it seems they have no other choice but to sit and wait for their cryptocurrency to be returned.

Published October 31, 2019 13:39 UTC

Decred (DCR) Cryptocurrency Suddenly Spikes Over 19%; Whats Next? – CCN.com

Posted on November 3, 2019 by admin

Autonomous cryptocurrency Decred (DCR) is skyrocketing after its community welcomed new developments surrounding Politeia, its own censorship-resistant blockchain-anchored public proposal system for funding projects.

In the last 24 hours, DCR jumped over 19% to hit a high of $18.50. The upward momentum was timed by a well-known technical pattern. Now, this cryptocurrency could be preparing for a further advance.

The recent bullish impulse that took Decred to rise from a low of $15.50 to a high of $18.50 seems to be the result of a bull pennant. The bull pennant is a continuation pattern, which has developed on DCRs 12-hour chart since Oct. 25.

The 26% upswing that DCR went through between Oct. 25-26 formed the flagpole of this technical pattern. Meanwhile, the consolidation phase between Oct. 27-31 formed the pennant, which led to a breakout in the same direction of the previous trend.

Now, DCR is trading above the 7-three-day moving average, which is a positive sign for its uptrend. Additionally, the moving average convergence divergence (MACD), which helps determine changes in a given trend, recently turned bullish. The crossover between the 12 and 25-week exponential moving averages signals a further upswing.

A spike in the buying pressure behind this cryptocurrency could take Decred to the next resistance level on its 3-day chart. The barrier sits around the 30-three-day moving average, which is currently trading around $20.85. If the volume is high enough, then DCR could break above it and test the 50-three-day MA that is trading around $24.

CCN reached out to Zerocaschool, a well-known trader in the crypto community, to gather their opinion about Decreds price behavior. The technical analyst stated that this cryptocurrency had a significant bullish change in character whereby demand was found in a hammer and piercing pattern formations on its 31-day and 1-month charts, respectively. Now, Zerocaschool expects that DCR to retrace to approximately $16 before it can resume its bullish trend.

Zerocaschool said:

Price has expectedly met with supply at Phi EMA 144 and a pullback will now come. Ideally, the correction will take DCR to the SMMA 6 & EMA 30 ($15.50-$16.50). From this point, a bullish candlestick reversal with enough volume could support higher prices. Were looking for hammers, bullish engulfing patterns, and morning stars. Volume is the key factor which will illustrate the drive to break out of EMA 144 and push into the next Phi EMA 305 target ($20.00). Beware that a failure of these EMAs to hold as support will invalidate this bullish target.

The sentiment around Decred appears to be as positive as the rest of the market. Chinas decision to embrace blockchain technology seems to have had a direct impact on the markets outlook. At the moment, it seems like DCR is preparing for the next significant move that could take it to around $21. However, this cryptocurrency could first retrace to approximately $16, before it continues rising, as Zerocaschool estimated.

Disclaimer: The technical analysis above should not be considered trading advice from CCN. The writer owns bitcoin, Ethereum, and other cryptocurrencies. He holds investment positions in different cryptos but does not engage in short-term or day-trading.

This article was edited by Sam Bourgi.

Last modified: November 1, 2019 15:24 UTC

Read this article:
Decred (DCR) Cryptocurrency Suddenly Spikes Over 19%; Whats Next? - CCN.com

The First BlueKeep Mass Hacking Is Finally Herebut Don’t Panic – WIRED

Posted on November 3, 2019 by admin

When Microsoft revealed last May that millions of Windows devices had a serious hackable flaw known as BlueKeepone that could enable an automated worm to spread malware from computer to computerit seemed only a matter of time before someone unleashed a global attack. As predicted, a BlueKeep campaign has finally struck. But so far it's fallen short of the worst case scenario.

Security researchers have spotted evidence that their so-called honeypotsbait machines designed to help detect and analyze malware outbreaksare being compromised en masse using the BlueKeep vulnerability. The bug in Microsoft's Remote Desktop Protocol allows a hacker to gain full remote code execution on unpatched machines; while it had previously only been exploited in proofs of concept, it has potentially devastating consequences. Another worm that targeted Windows machines in 2017, the NotPetya ransomware attack, caused more than 10 billion dollars in damage worldwide.

But so far, the widespread BlueKeep hacking merely installs a cryptocurrency miner, leeching a victim's processing power to generate cryptocurrency. And rather than a worm that jumps unassisted from one computer to the next, these attackers appear to have scanned the internet for vulnerable machines to exploit. That makes this current wave unlikely to result in an epidemic.

"BlueKeep has been out there for a while now. But this is the first instance where Ive seen it being used on a mass scale," says Marcus Hutchins, a malware researcher for security firm Kryptos Logic who was one of the first to build a working proof-of-concept for the BlueKeep vulnerability. "Theyre not seeking targets. Theyre scanning the internet and spraying exploits."

"It hasnt hit critical mass yet."

Jake Williams, Rendition Infosec

Hutchins says that he first learned of the BlueKeep hacking outbreak from fellow security researcher Kevin Beaumont, who observed his honeypot machines crashing over the last few days. Since those devices exposed only port 3389 to the internetthe port used by RDPhe quickly suspected BlueKeep. Beaumont then shared a "crashdump," forensic data from those crashed machines, with Hutchins, who confirmed that BlueKeep was the cause, and that the hackers had intended to install a cryptocurrency miner on the victim machines, as detailed in this blog post from Kryptos Logic. Hutchins says he hasnt yet determined which coin theyre trying to mine, and notes that the fact the target machines crash indicate that the exploit may be unreliable. The malware's authors appear to be using a version of the BlueKeep hacking technique included in the open-source hacking and penetration testing framework Metasploit, Hutchins says, which was made public in September.

It's unclear also how many devices have been impacted, although the current BlueKeep outbreak appears to be far from the RDP pandemic that many feared. "I've seen a spike, but not the level I'd expect from a worm," says Jake Williams, a founder of the security firm Rendition Infosec, who has been monitoring his clients' networks for signs of exploitation. "It hasnt hit critical mass yet."

In fact, Williams argues, the absence of a more severe wave of BlueKeep hacking so far may actually indicate a success story for Microsoft's response to its BlueKeep bugan unexpected happy ending. "Every month that passes by without a worm happening, more people patch and the vulnerable population goes down," Williams says. "Since the Metasploit module has been out for a couple of months now, the fact that no one has wormed this yet seems to indicate theres been a cost-benefit analysis and theres not a huge benefit to weaponizing it."

But the threat BlueKeep poses to hundreds of thousands of Windows machines hasn't passed just yet. About 735,000 Windows computers remained vulnerable to BlueKeep according to one internet-wide scan by Rob Graham, a security researcher and founder of Errata Security, who shared those numbers with WIRED in August. And those machines could still be hit with a more seriousand more virulentspecimen of malware that exploits Microsoft's lingering RDP vulnerability. That could take the form of a ransomware worm in the model of NotPetya or also WannaCry, which infected almost a quarter million computers when it spread in May of 2017, causing somewhere between $4 and $8 billion damage.

See the original post here:
The First BlueKeep Mass Hacking Is Finally Herebut Don't Panic - WIRED

Edward Snowden Says Facebook Equally Dangerous As The NSA – Fossbytes

Posted on November 3, 2019 by admin

At the recent Joe Rogan podcast, Edward Snowden explained how carrier networks and tech companies collectively use smartphones to spy on us.

But this time, he is pointing fingers at Facebook. In a forthcoming interview on the Voxs Recode Decode podcast, Edward Snowden says its a mistake to think that tech companies are lesser of a threat to privacy than the NSA (National Security Agency).

Whistleblower Edward Snowden is a former NSA employee who is living the life of a political refugee in Russia for the last six years.

Back in 2013, Snowden leaked several classified government documents to international media, therefore, revealing the unethical mass surveillance activities conducted by the NSA.

Six years after the disclosure of NSA files, Snowden told Recodes Kara Swisher that the mass surveillance powers of tech companies such as Facebook and Google are equally worrisome as the powers of government agencies such as the NSA.

Facebooks internal purpose, whether they state it publicly or not, is to compile perfect records of private lives to the maximum extent of their capability, and then exploit that for their own corporate enrichment, said Edward Snowden on the podcast.

He also states that Facebook and Google collect an insane amount of data over the facade of Oh, were connecting people. and Oh, were organizing data.

On the other hand, Snowden showed believe that government agencies know more about users than tech companies because of their reach over different platforms.

In the conversation with Kara Swisher, Edward also talks about the bleak privacy laws that have no jurisdiction over the data collected from tech giants. He also mentions the current scenario where there is no accountability on the information stored.

Why Google should be able to read your email. There is no good reason why Google should know the messagesFacebook shouldnt be able to see what youre saying

Since the infamous Cambridge Analytica Scandal, government agencies have become more stringent on the data collection practices of Google and other tech giants. To this date, Mark Zuckerburg is being questioned about the mishaps that occurred on Facebook.

A few months ago, the state of California passed the Privacy bill to empower users over the data collected by tech giants. Meanwhile, other governments are also doing something or the other to curb data collection policies of tech companies.

However, the question is is it enough?

Booz Allen Hamilton Is Making Millions Working with ICE – Vice News

Posted on November 3, 2019 by admin

Who Loves ICE is a column examining the companies profiting from their work with U.S. Immigration and Customs Enforcement.

Booz Allen Hamilton portrays itself on its website as a company committed to changing the world for the better, driven by a high regard for its fellow humans.

We are a global firm of approximately 26,300 diverse, passionate, and exceptional people driven to excel, do right, and realize positive change in everything we do, the management and tech consulting firm states. We believe in corporate and individual citizenship that make our communities better places for all.

Evidently, the company believes one way to make communities better places for all is to work with U.S. Immigration and Customs Enforcement (ICE), the law enforcement agency behind policies like family separation and the housing of immigrants in inhumane conditions.

Booz Allen Hamilton has made at least $32 million working with the agency in the 2019 fiscal year, according to USAspending.gov, a government spending tracker.

Most of that money has come from ICEs information technology division and detention compliance and removals office, which have paid Booz Allen Hamilton for immigration data modernization support services and law enforcement systems and analysis project management office support, according to the website USAspending.gov. ICEs detention compliance and removals office handles deportations, and the sanitary, safety, and health conditions within ICE detention facilities.

When VICE asked about the services the company provides to ICE and how working with the agency falls in line with the firms values, Booz Allen spokesperson Jessica Klenk noted the company does not have any involvement in detention operations or family separation.

For many years we have provided support to the U.S. Immigration and Customs Enforcement, Klenk said. Our work is predominately [sic] analytic in nature and related to combating human trafficking and other criminal behavior. We only perform work that is consistent with our values.

Last year, consulting firm McKinsey & Company ended its work with ICE after the New York Times reported that the company had received over $20 million working with the agency. That same year, a separate Booz Allen Hamilton spokesperson denied that the firms work with ICE involved the separation of children from adults in a New York Times interview.

Booz Allen Hamilton has not indicated it has any plans to end its contracts with ICE.

The company gained national attention for its work with the government in 2013, when Edward Snowden, a contractor with Booz Allen Hamilton, decided to blow the whistle on the National Security Agencys mass surveillance system. Snowden only had access to the information he provided because of the agencys work with Booz Allen Hamilton.

Excerpt from:
Booz Allen Hamilton Is Making Millions Working with ICE - Vice News

Mass surveillance technology just needs a missed call to hack you – Gulf News

Posted on November 3, 2019 by admin

Image Credit: Pixabay

New Delhi: As Indians break their heads over WhatsApp spygate where an Israeli bug infected select users smartphones to access their personal details, the mass surveillance technology has truly come of age and now the governments just need to make a missed call to install an "exploit link" into the device of a person they want to bug and listen in.

From the days when surveillance methods involved bugging the phone or cable wires to tap phones (remember Radia tapes!) to track a person's vehicle by installing a tracking device beneath the car, cyber criminals and hackers have devised modern and untraceable tools to hack into your systems.

The most popular mass surveillance programme is 'PRISM' - under which the US National Security Agency (NSA) collects user's personal communications from various US internet companies.

'PRISM' allegedly collects stored Internet communications based on demands made to internet companies.

The NSA can use PRISM requests to target communications that were encrypted when they traveled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier, and to get access to data.

Its existence was leaked by NSA contractor and whistleblower Edward Snowden, who warned that the extent of mass data collection was far greater than the public knew.

US President Barack Obama, during a visit to Germany, stated that the NSA's data gathering practices constitute "a circumscribed, narrow system directed at us being able to protect our people".

According to Amnesty.org, NSA and UK's Government Communications Headquarters (GCHQ) are monitoring you with code names.

'Muscular' is one such project that "intercepts user data as it passes between Google servers". Yahoo! was also said to be affected.

Between December 2012 and January 2013, 'Muscular' collected 181 million records but "Google has now strengthened security between their servers since then.

Another tool called 'Optic Nerve' allowed secret access to Yahoo! webcam chats. In a six-month period, it spied on 1.8 million Yahoo! users and took one still image every five minutes of video per user.

"GCHQ targeted Belgacom, Belgium's largest telecommunications provider with spyware called Regin, a malicious piece of software designed to break into Belgaom's networks. The purpose of the GCHQ hack was to spy on phones and internet users using the Belgacom network".

Since then, the technology has evolved to such an extent that just a missed call is enough to snoop on anyone, anywhere.

Citizen Lab, a laboratory based at the Munk School of Global Affairs and Public Policy of the University of Toronto, has identified over 100 cases of abusive targeting of human rights' defenders and journalists in at least 20 countries across the globe via the new piece of Israeli spyware called Pegasus.

Once Pegasus is installed, it begins contacting the operator's command and control (C&C) servers to receive and execute operators' commands, and send back the target's private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.

"The operator can even turn on the phone's camera and microphone to capture activity in the phone's vicinity, and use the GPS function to track a target's location and movements," said Citizen Lab.

The spyware can be placed on phones using multiple vectors, or means of infection. The WhatsApp exploit from May 2019 was one such vector.

In 2017, the wife of a murdered Mexican journalist was sent alarming text messages concerning her husband's murder, designed to trick her into clicking on a link and infecting her phone with the Pegasus spyware.

In 2018, a close confidant of Jamal Khashoggi was targeted in Canada with a fake package notification, resulting in the infection of his iPhone. Citizen Lab has tracked more than two dozen cases using similar techniques.

See more here:
Mass surveillance technology just needs a missed call to hack you - Gulf News

« First «...10 20 30...1,568 1,5691,5701,571 1,572...1,580 1,590 1,600...»Last »