Search the Community

31 March is World Backup Day, a chance for us all to avoid being April Fools by making sure we have secure backups of all our most important data. On last year's Backup Day, we provided a rundown of the most basic and important steps you can take to ensure your files can be retrieved in the event of a disaster. Most physical storage media, from hard drives and USB flash drives to CDs and DVDs, are vulnerable to damage from flood, fire, or sudden impact (sometimes even simply dropping them on the floor). That's not to mention having your laptop stolen, losing a USB drive, or indeed corruption or accidental deletion, so having a single copy of your important files is never a good idea. Of course, keeping a second copy right next to the computer holding your main copy is not going to help in the event of a fire or burglary. As a result, a range of online backup services has emerged in recent years, providing handy options for simple, low-cost backups that are shielded from many of the risks of copies stored in your home or office. There are some issues to consider here too, though, especially in terms of privacy. Depending on the service you use and the location of its servers, your data could be open to the prying eyes of government agencies and even hackers, so it's advisable to use strong encryption of your own if you need to upload data to a cloud service while keeping its content private. Make sure access is controlled with strong passwords and 2-factor authentication to keep unwanted people out of your account, and don't forget to pay the subscription fee, as your data may automatically be deleted if your account expires. The ransomware threat When we last covered World Backup Day, ransomware was a relatively new addition to the range of headaches facing us, with CryptoLocker hitting headlines around the world in late 2013. Since then ransomware has become a popular money-making tactic for cybercriminals, evolving multiple variants including CryptoWall and CryptoDefense, and going after iPhone users, gamers and companies' customer databases. Of course, ransomware wasn't invented with CryptoLocker – the AIDS Information Trojan, created in late 1989, was probably the first example of malware that scrambled your data and demanded money to decrypt it. But the inclusion of properly-implemented cryptography in CryptoLocker and its followers - rendering the files it targets for all practical purposes irretrievable without paying up - has turned it from an annoyance into a calamity for those affected. At least, that is, for those without proper backups. Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too. At least, that is, for those without proper backups. Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too. However, as we've seen, even in settings where you would expect secure computing practices, they're not always in place, with organisations from police departments to entire school districts finding their data locked up and held to ransom. Malicious encryption Having malicious software running on your computer, encrypting files at will, adds a further complication to the backup process. Many ransomware variants don't just scramble your C: drive. They look for any device that can be accessed as if it were a disk drive, including USB drives, network shares and even cloud-based storage, if it is mounted as a directly-accessible network drive. This could result in the double nightmare of having your carefully stowed backups also encrypted and locked up. There's also a risk with more basic scheduled backup systems that your local files could get encrypted, then backed up, overwriting existing "clean" backups so that even if you restore your backup, you are still stuck with scrambled files. Stepped backups So, there's a strong argument for some sort of stepped approach to backing up, using at least two separate backup devices and updating one or the other alternately on a regular basis, checking the integrity of the data stored on them each time. That way, you're reasonably sure you won't lose more than a few days or weeks' worth of data, even in the case of the most devious and long-lasting infection. The main point of World Backup Day is to make sure those of us who have yet to make any sort of effort to secure our data make a start and take those first basic precautions. If you haven't yet backed up any of your stuff, now would be a really good time to get moving. Sursa: https://nakedsecurity.sophos.com

nu am vazut sa mai fi fost postat pe forum si pentru mine arata interesant: [INDENT]A website that irrevocably deletes itself once indexed by Google. [/INDENT] [COLOR=#333333][FONT=Helvetica Neue]The site is constantly searching for itself in Google, over and over and over, 24 hours a day. The instant it finds itself in Google search results, the site will instantaneously and irrevocably securely delete itself. Visitors can contribute to the public content of the site, these contributions will also be destroyed when the site deletes itself.[/FONT][/COLOR] https://github.com/mroth/unindexed

A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe’s Flash Player and one against Microsoft’s Internet Explorer 9, to compromise a popular news site late last year. The group’s aim was to gain access to computers at several U.S. defense and financial firms by setting up a watering hole attack on the site that would go on to drop a malicious .DLL. Researchers with Invincea and iSIGHT Partners worked in tandem to dig up information about the group, which was able to compromise a part of Forbes.com’s website that appears to users before they’re ported over to articles they’ve clicked on. That portion of the site, Forbes.com’s Thought of the Day, is powered by a Flash widget. According to researchers with Invincea the group was able to use a zero day vulnerability to hijack that widget for a short period, from Nov. 28 to Dec. 1. Over the course of those four days, the group targeted visitors to the site who worked at a handful of unnamed U.S. defense and financial firms. Researchers with iSIGHT discovered that in addition to the Flash flaw, the attackers also exploited an Internet Explorer vulnerability, a zero day that helped attackers bypass Address Space Layout Randomization (ASLR) in IE 9. While the Adobe bug, a buffer overflow (CVE-2014-9163) was patched back on Dec. 9, the ASLR mitigation bypass (CVE-2015-0071) was one of many patched yesterday in Microsoft’s monthly Patch Tuesday round of patches, an update that was especially heavy on Internet Explorer fixes. In a technical writeup of the attack yesterday, Invincea explained how Forbes’ site was able to redirect to an IP address, load the Flash exploit, and drop a DLL, hrn.dll, to be loaded into the machine’s memory. “Once in memory, the exploit gains administrative privileges and opens a command prompt,” Invincea’s executive summary reads, “Next the victim system was scanned to report on its current patch levels, network mapping, and complete IP configuration, including any VPN connections.” Both firms agreed to set their disclosures for yesterday to coincide with Microsoft’s patching of the Internet Explorer bug. While Chinese APT groups have been in the news lately – some reports have already pinned last week’s Anthem breach on shadowy hackers from the PRC – several firms are already familiar with the APT group behind this campaign. FireEye, first published research on the group back in 2013, referring to the collective as the Sunshop Group. Researchers there caught the group carrying out a campaign that hit a series of victims – a science and technology journal, a website for evangelical students, etc. – by exploiting an IE zero day and several Java bugs in May of that year. Throughout its research, dating back to 2010, iSIGHT has taken to calling the group Codoso Team. This attack, like others its linked back to them, used similar malware (Derusbi) and called on a command and control (C+C) domain its been seen using in the past as well. Regardless of what it goes by, the group has been seen targeting U.S. government entities, the military/defense sector, and financial services groups for at least five years running. FireEye found the same group was also responsible for hacking the Nobel Peace Prize Committee website in 2010. That attack also used a watering hole and made use of a browser (Firefox) zero day. While neither iSIGHT or Invincea could give concrete numbers regarding the number of victims Codoso was able to compromise with this campaign, both were firm in their stance that the attacks were highly targeted in nature and only visitors who worked at the defense and financial firms were infected. Sursa

As Valentine's Day is coming soon, 3 software vendors unite to bring a best giveaway pack for Valentine's Day (Value $90). Just feel free to get WonderFox DVD Video Converter + Video to Picture + Greeting Card Builder for free in this Valentine’s Day Giveaway. http://www.videoconverterfactory.com/promotion.html Activation keys include in ZIP packages. This event will last till February 16.

Despre: "Join the most important event dedicated to the Java community in Romania, organized by Oracle in collaboration with Bucharest Java User Group and Java partners. Discover how Java can increase your developer productivity so you can build the next generation of advanced applications that power the world. Java is the foundation for virtually every type of networked application and is the global standard for developing and delivering mobile applications, games, Web-based content, and enterprise software. With more than 9 million developers worldwide, Java enables you to efficiently develop and deploy exciting applications and services. With comprehensive tooling, a mature ecosystem, and robust performance, Java delivers applications portability across even the most disparate computing environments. The Java EE platform offers enterprise developers the opportunity to deliver today’s Web applications with the greatest efficiency, flexibility, and ease of development. After 13 years offering business critical applications for thousands of companies, Java EE remains ahead of the pack as an enterprise application and deployment platform. As the industry standard for enterprise computing, Java EE enables developers to take advantage of the emerging usages, patterns, frameworks, and technologies of the enterprise space. Developing enterprise applications has never been easier. Register online now for this FREE event." Agenda: Part 1 (15:00 - 18:30) 15:00 - 15:30 Registration & Welcome coffee 15:30 - 16:15 Keynote: Java Enterprise Edition - State of the Union ; Speaker: David Delabassee, Java Principal Product Manager, Oracle 16:15 - 16:45 Romanian Java User Groups Community Perspective BJUG after 1+ years ; Speaker: Ioan Eugen Stan, Co-Founder, Bucharest Java User Group (BJUG) 16:45 - 17:00 Coffee Break 17:00 - 17:30 Web controlled Raspberry Pi Car using Java ; Speaker: Bogdan Craciun, Software Architect SIVECO Romania 17:30 - 18:00 Large scale enterprise application development with the Java EE technology stack ; Speaker: Marius Harpau, Java Architect Endava 18:00 - 18:30 “Weblogic 12c - What's new?” “Productivity in the Cloud with Oracle Application Development Framework (ADF) 18:30 - 19:00 Social Break - Refreshments Part 2 (19:00 - 21:00) Monthly Bucharest JUG Event Edition #15 - JUG Bucure?ti - Pagina Principal? 19:00 - 20:00 Java EE 7 overview ;Speaker: David Delabassee, Java Principal Product Manager, Oracle 20:00 - 21:00 The Future starts with a Promise ; Speaker: Alexandru Nedelcu, Software Engineer / Tech Lead at Epigrams Data si ora: Aug 29, 2013 03:00 PM - 09:00 PM ; Locatia: AFI Cotroceni – Cinema City BD. Vasile Milea 4 Bucharest Romania -- Daca nu ati citit tot, evenimentul este "Free", va puteti inregistra aici.