*Jess♥ Posted March 21, 2014 Posted March 21, 2014 Here we can talk about ways to stay safe and maintain privacy online. If you want to keep prying eyes away, from like the NSA or whatever, you can use the TOR network. this will mask your IP address and make it look like you're using a different computer or network. very useful. Google also is looking into using encryption in their search. privacy is becoming more important these days for simply stopping people tracking you or just keeping your sense of freedom. There is a full program package for TOR that you can install on your computer or if you don't want to take it so far, you can use proxy servers in your internet settings. here is a useful website that lists some proxy's that you could use if you wanted. https://hidemyass.com/proxy-list/ Other ways you can stay safe online include plugins for your browser. I'm a fan of script blockers such as noscript. I also use anti malware and antivirus but them's standard. contrary to popular belief, firewalls are not so necessary these days. most routers have pretty solid security inbuilt and windows has a pretty damn good firewall built in. also if you want to block certain computers from connecting to yours, you can get a program called peerblocker. it has a list of IP addresses to actively block. so you can block institutions such as governments of certain countries, schools, advertising companies etc. this is necessary when i a situation where multiple ip can connect at once, maybe a website that has dodgy connections or if you are using peer to peer software. Quote
durendal Posted March 24, 2014 Posted March 24, 2014 Safe? Don't put anything you don't want anybody to know about online. The way I see it, the people who are concerned about their privacy being breached, they are the ones doing it to their selves. People post everything in facebook, and then complain about their privacy? Now that's funny. You are right about firewalls. Heck, I don't even have an anti-virus in my PC. I have zero presence online. I don't have facebook or any of those social media apps. The only presence I have online, is the persona that I created specifically for internet usage. I am that paranoid, and it seems that my paranoia paid off with all these NSA spying issues. 2 Quote
Guest snow Posted March 24, 2014 Posted March 24, 2014 (edited) seems really cool to able to hide oneself on a proxy server. Edited March 26, 2014 by Jupiter-Prime Quote
Guest snow Posted April 14, 2014 Posted April 14, 2014 (edited) I've decided to warn everyone about the new Heart Bleed Computer Virus since Yuki made this thread about being safe. If you haven't heard of Heart Bleed, you do now. http://youtu.be/Y_DR08W63zk The Heartbleed virus is the latest in a series of viruses that steal all of your personal information, and its widespread enough that it can be considered an epidemic. In this day and age, a computer virus is just as annoying as a biological virus. So, what is it, and what can you do to protect yourself from it? The Heartbleed bug is a bug in the open-source cryptography library, OpenSSL, which allows an attacker to read the memory of a server or a client, allowing them to retrieve, for example, a server's SSL private keys. Examinations of audit logs appear to show that some attackers may have exploited the flaw for 5 months before it was rediscovered and published. On April 7, 2014, it was announced that OpenSSL 1.0.2-beta, as well as all versions of OpenSSL in the 1.0.1 series prior to 1.0.1g had a severe memory handling bug in their implementation of the TLS Heartbeat Extension. This defect could be used to reveal up to 64 kilobytes of the application's memory with every heartbeat. Its CVE number is CVE-2014-0160. The bug is exercised by sending a malformed heartbeat request to the server in order to elicit the server's memory response. Due to a lack of bounds checking, the affected versions of OpenSSL never verified that the heartbeat request was valid, allowing attackers to bring about inappropriate server responses. The vulnerability has existed since Dec. 31, 2011, and the vulnerable code has been in widespread use since the release of OpenSSL version 1.0.1 on March 14, 2012. Affected websites include, but aren't limited to, Amazon, Soundcloud, Tumblr, Wikimedia, and Wunderlist. So, according to Time Magazine, the best way to protect yourself against the virus is to go to this link and enter the site you want to visit to make sure it's "heartbleed safe." Ultimately, it's up to the site itself to fix the bug, if indeed it does have it. Changing your password isn't going to affect the site one way or another. Stay safe on the internet and don't get infected. Edited April 14, 2014 by Jupiter-Prime Quote
durendal Posted April 14, 2014 Posted April 14, 2014 I think that all the major websites have already made corrective measures to prevent further vulnerabilities of this exploit. It is recommended that you change your password once you have verified that the website you are using have already patched their software. Quote
Guest snow Posted April 14, 2014 Posted April 14, 2014 Is it possible that Japan Legend may be vulnerable to Heart Bleed? Just wondering because this thing seems to float any where. Quote
durendal Posted April 14, 2014 Posted April 14, 2014 There is one other thing that I always do. Never use the same password twice. I have different accounts in different sites and I use different passwords for all of them. This measure keeps it harder for hackers to hack into your accounts, since one account may contain information about another of your account. It may be difficult to remember all those passwords, but at least one account will not compromise the other accounts. I have 7 different email accounts and all of them have different passwords. Quote
Guest snow Posted April 14, 2014 Posted April 14, 2014 (edited) There is one other thing that I always do. Never use the same password twice. I have different accounts in different sites and I use different passwords for all of them. This measure keeps it harder for hackers to hack into your accounts, since one account may contain information about another of your account. It may be difficult to remember all those passwords, but at least one account will not compromise the other accounts. I have 7 different email accounts and all of them have different passwords.Man, you're really cautious. Have you been hacked badly before or something? My wife's desktop got hacked really bad or got infected by some virus,trojan,malware etc and scrambled her windows and you couldn't read anything or click on anything.I get not wanting your stuff stolen. I've had the same email accounts for 5-6 years and I've never had a problem. Guess I'm just lucky that I haven't had a problem yet. I use Comodo Free Internet Security - Complete virus protection and malware removal. Its free security and it works way better than Norton 360 and you don't have to pay for it. Its free ware and it has free product updates. The firewall is fantastic. It covers most ports on your computer, not all of them like Peerblock that Yuki suggested to us. But in my opinion I have never had a problem with Comodo, I've never been hacked and Comodo has always taken care of me and my wife's computers. For something so free, it does so much better than spending 79 dollars on Norton or some other security system. I've been using it since 2011. Comes with Antivirus: Tracks down and destroy any existing malware hiding in a PC. Anti-Spyware: Detects spyware threats and destroys each infection. Anti-Rootkit: Scans, detects & removes rootkits on your computer. Bot Protection: Prevents malicious software turning your PC into a zombie. Defense+: Protects critical system files and blocks malware before it installs. Auto Sandbox Technologyâ„¢: Runs unknown files in an isolated environment where they can cause no damage. Memory Firewall: Cutting-edge protection against sophisticated buffer overflow attacks. Anti-Malware Kills malicious processes before they can do harm trial free and it works.( No trial at all) Comodo Internet Security Premium( Free) I encourage anyone to use it who doesn't want or have a lot of money to go out and buy protection. You shouldn't have many problems with it. If you or anyone is interested go to www.comodo.com/products/free-products.php Its worth it. Just wanted to share that. Edited April 14, 2014 by Jupiter-Prime Quote
durendal Posted April 14, 2014 Posted April 14, 2014 There is one other thing that I always do. Never use the same password twice. I have different accounts in different sites and I use different passwords for all of them. This measure keeps it harder for hackers to hack into your accounts, since one account may contain information about another of your account. It may be difficult to remember all those passwords, but at least one account will not compromise the other accounts. I have 7 different email accounts and all of them have different passwords.Man, you're really cautious. Have you been hacked badly before or something? My wife's desktop got hacked really bad or got infected by some virus,trojan,malware etc and scrambled her windows and you couldn't read anything or click on anything. Well nothing of the sort. It's just my nature to be paranoid. As for the anti-virus, that is all good and well provided you have a top notch PC that can guzzle lot's of memory. But for a PC like mine that is almost a decade old, I prefer to do without it. As I mentioned, I don't have any anti-virus. I chose where I surf and because my PC will be bogged down to a crawl if I have any more application hogging my RAM. My PC only has 1GB ram. It's funny too because it turns out that my phone is much more powerful than my desktop. Besides, I'm not worried about trojans/worms because I know my PC well enough. Anything that I do not recognize in the running processes of my Task Manager, I delete, eliminating the chance of that trojan spreading. And I don't simply delete the file, I also edit my registry to remove any traces of that trojan. Quote
*Jess♥ Posted April 14, 2014 Author Posted April 14, 2014 What concerns me the most is that the NSA were well aware of this bug and even used it to exploit the rest of the world. They are the national SECURITY agency?! And yet they have left the entire world exposed to this danger. They have a lot to answer for. They are literally criminals, placed above the authorities of the people they are supposed to serve. Quote
Guest snow Posted April 14, 2014 Posted April 14, 2014 (edited) What concerns me the most is that the NSA were well aware of this bug and even used it to exploit the rest of the world. They are the national SECURITY agency?! And yet they have left the entire world exposed to this danger. They have a lot to answer for. They are literally criminals, placed above the authorities of the people they are supposed to serve. Wait, authorities in other countries haven't been alerted by this thing? This computer virus that goes around probing and pulling information? Wow, the NSA really are a bunch of degenerate bastards.I'm sorry to hear that Yuki. This thing is a bad deal. I remember when they had the issue with the Love Bug Computer Virus back in 2000-2001. It is estimated that the so-called "Love-Bug" email virus has caused some $10 billion in losses in as many as 20 countries. This thing is supposed to be somewhat like that.The victim's Internet browser is directed by the virus to visit four web sites in the Philippines, where another malicious program called WIN-BUGSFIX.EXE is downloaded. This program searches the victim's hard drive for password files and sends them to an Internet account in the Philippines, managed by Access Net Inc., an Internet service provider. Since there were no laws in the Philippines against writing malware at the time, both Ramones and de Guzman were released with all charges dropped by state prosecutors. To address this legislative deficiency, the Philippine Congress enacted Republic Act No. 8792, otherwise known as the E-Commerce Law, in July 2000, just two months after the worm outbreak. In 2002, the ILOVEYOU virus obtained a world record for being the most virulent computer virus at the time. Lame how they let these two guys just walk after all the damage they've done. I think they should have been sent to a prison in another country to pay for their crimes. However they said Heart Bleed cannot be traced. Who ever made it is really smart and knows how to dodge the authorities. Edited April 14, 2014 by Jupiter-Prime Quote
Guest snow Posted April 14, 2014 Posted April 14, 2014 (edited) Here's a list of current online threats going on this month. Mainly consisting of Trojans and Spyware. Its a pretty big one. So keep your Security system updated against this stuff. Can really slow your computer and possibly cause alot of software issues. Another useful program to use is Malware Bytes. There is a free version available on Filehippo.com so its important that you keep your computer safe. Trojans are just as bad as a virus. SONAR.Sality!gen1 Virus, Worm 04/14/2014 SONAR.Sality!gen2 Virus, Worm 04/14/2014 SONAR.SelfHijack!gen1 Trojan, Virus, Worm 04/14/2014 SONAR.ProcHijack!gen5 Trojan 04/14/2014 SONAR.SuspBeh!Drop Trojan 04/14/2014 Trojan.Gatak!gm Trojan 04/14/2014 Bloodhound.Exploit.551 Trojan SONAR.Zbot!gen3 Trojan 04/14/2014 SONAR.RogueAV!gen23 04/14/2014 SONAR.RogueAV!gen22 04/14/2014 Trojan.Shylock!gen10 Trojan 04/14/2014 Trojan.Shylock!gen11 Trojan 04/14/2014 Packed.Generic.460 Trojan 04/12/2014 Trojan.Shylock!gen9 Trojan 04/08/2014 Android.Virusshield Trojan 04/08/2014 Trojan.Gatak!gen4 Trojan 04/07/2014 Trojan.Asprox.B Trojan 04/04/2014 Backdoor.Necurs!gen5 Trojan 04/04/2014 O97M.Crigent Trojan 04/03/2014 Yontoo.C 04/02/2014 Trojan.FakeAV!gen120 Trojan 04/03/2014 Trojan.FakeAV!gen119 Trojan Trojan.Ransomlock.AK Trojan 04/01/2014 W32.Pixipos Worm 04/01/2014 Trojan.FakeAV!gm Trojan 04/02/2014 Trojan.Denpur Trojan Android.Malminer Trojan 03/27/2014 Backdoor.Lokidok Trojan Trojan.Cryptodefense Trojan 03/26/2014 PUA.Maltrec.TS!g1 03/26/2014 Trojan.Gampass!gen5 Trojan 03/26/2014 W32.Craq Worm 03/25/2014 Bloodhound.Exploit.550 Trojan 03/25/2014 Trojan.Trensil Trojan 03/24/2014 Adware.Maltrec.TS!g4 03/21/2014 Adware.Maltrec.TS!g6 03/21/2014 Trojan.Tsyrval Trojan 03/21/2014 Trojan.Cidox!gm Trojan 03/20/2014 Trojan.Smoaler!gen5 Trojan 03/20/2014 Trojan.Boaxxe!gen2 Trojan 03/19/2014 Trojan.Boaxxe!gen1 Trojan 03/19/2014 Infostealer.Napolar!g2 Trojan 03/19/2014 Trojan.FakeAV!gen118 Trojan 03/19/2014 Trojan.Tracur!gen8 Trojan 03/18/2014 Trojan.Cidox.B!g1 Trojan 03/19/2014 Packed.Vmpbad!gen30 Trojan, Worm 03/17/2014 W64.Viknok.B!inf Trojan Trojan.Viknok.B!inf Trojan 03/16/2014 Trojan.Coinstealer Trojan 03/17/2014 Edited April 14, 2014 by Jupiter-Prime Quote
Guest snow Posted April 16, 2014 Posted April 16, 2014 (edited) here's an article on Heart Bleed from yesterday of The Hindu. Sounds like great news and that they are in the process of getting rid of the virus. New technique to fight ‘Heartbleed’ virus computing and information technology data management storage software US cyber security researchers have developed a technique that fights the ‘Heartbleed’ virus, and detects and entraps hackers who might be using it to steal sensitive data. The Heartbleed bug, which became public last week, has set alarm bells ringing across the globe, including in India, for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers. Researchers at The University of Texas at Dallas created the sophisticated technique, dubbed Red Herring, which automates the process of creating decoy servers, making hackers believe they have gained access to confidential, secure information, when in fact their deeds are being monitored, analysed and traced back to the sources. “Our automated honeypot creates a fixed Web server that looks and acts exactly like the original — but it’s a trap,†said Dr. Kevin Hamlen, an associate professor of computer science in the Erik Jonsson School of Computer Science and Engineering, who led the team which created the technique. “The attackers think they are winning, but Red Herring basically keeps them on the hook longer so the server owner can track them and their activities. This is a way to discover what these nefarious individuals are trying to do, instead of just blocking what they are doing,†Dr. Hamlen, a member of the UT Dallas Cyber Security Research and Education Institute (CSI). The Heartbleed bug affects about two-thirds of websites previously believed to be secure. These are websites that use the computer code library called OpenSSL to encrypt supposedly secure Internet connections that are used for sensitive purposes such as online banking and purchasing, sending and receiving emails, and remotely accessing work networks. Even though Heartbleed is now in the process of being fixed, victims face the challenge of not knowing who may already be exploiting it to steal the information, and what information they may be going after, researchers said. The Red Herring algorithm created by Dr. Hamlen automatically converts a patch-code widely used to fix new vulnerabilities like Heartbleed — into a honeypot that can catch the attacker at the same time. “When Heartbleed came out, this was the perfect test of our prototype,†Dr. Hamlen said. Red Herring does not stop at being a decoy and blocker; it can also lead to catching the attacker. As the attacker thinks he or she is stealing data, an analyst is tracking the attack to find out what information the attacker is after, how the malicious code works and who is sending the code. “In their original disclosure, security firm Codenomicon urged experts to start manually building honeypots for Heartbleed,†Dr. Hamlen said. “Since we already had created algorithms to automate this process, we had a solution within hours,†Dr. Hamlen said. -End of article Edited April 16, 2014 by Jupiter-Prime Quote
Guest Jupiter-Prime Posted April 18, 2014 Posted April 18, 2014 Comodo Security Corporation announcement on Heart Bleed Comodo Advises Customers and Partners to Patch Systems to Run the Latest Version of OpenSSL in Light of 'Heartbleed' Vulnerability.Vulnerability lies with in flawed OpenSSL implementation, not with Comodo certificates or Comodo CA keys. Comodo offers free replacement of certificates on affected systems with immediate effect. Clifton, NJ, April 9, 2014 - In light of the recently discovered vulnerability known as ‘Heartbleed’, Comodo CA, a leading Certificate Authority and Internet security organization, would like to advise customers to patch OpenSSL to the latest version and would like to confirm that the vulnerability lies with the OpenSSL software and not with Comodo certificates or Comodo CA keys. Comodo will work with customers, partners, platform vendors and service providers to help ensure affected parties are made fully aware of the issue over the coming days, that customer systems are updated with the fixed version of OpenSSL, and that customers can quickly and easily acquire a certificate reissuance that may be required as a result of patching OpenSSL. What is the 'Heartbleed' vulnerability? On Tuesday 8th of April 2014, a serious vulnerability to OpenSSL known as 'Heartbleed' was made public by a team of researchers. The 'Heartbleed' vulnerability means that it is possible for an attacker to silently 'steal' private keys for SSL certificates, as well as other secret information, on affected versions of OpenSSL. OpenSSL is an incredibly popular cryptographic software library, and provides SSL/TLS communication for large numbers of applications. The bug causing the vulnerability was introduced to OpenSSL in December 2011 and has been 'in the wild' since the release of OpenSSL 1.0.1 on 14th March 2012. However, it was only discovered within the past day and, other than a proof of concept, Comodo is not aware of any real-world exploits at this point in time. Full details of the vulnerability, including more technical details, can be found at: http://heartbleed.com/ What is affected? OpenSSL versions affected: 1.0.1 through to 1.0.1f (inclusive). The following OpenSSL versions are NOT affected: 1.0.1g 1.0.0 (entire branch) 0.9.8 (entire branch) The release of OpenSSL 1.0.1g on the 7th April 2014 fixes the bug. How do I fix it? Any systems using vulnerable versions of OpenSSL need to be patched or updated. OpenSSL themselves have released a patch, and many other software vendors have updated their software as well. Please contact your vendor for further details. Patch your server before you install your new certificate. If you put a new certificate onto a vulnerable server you risk compromising the key of the new certificate. Is my site affected? Customers can test whether they are affected by visiting https://sslanalyzer.comodoca.com/ to verify the presence of this vulnerability. What about my certificates? Because there is a theoretical possibility that Heartbleed could already have been exploited, Comodo must replace certificates on systems running the affected OpenSSL version. Certificates on affected systems should be replaced, as soon as possible and the previous certificates should be revoked. Comodo have ensured that all of our own websites using OpenSSL have been patched and updated, and we have also reissued certificates for those sites as a precautionary measure. Comodo, unlike other CAs, has a no-charge reissue policy - so replacing your certificate and maintaining the security of your website and your systems is simple and incurs no additional cost. To perform a reissue, please follow the normal procedures - reissuing via our web-interface, management portal or the APIs. Should you need any additional assistance, please contact: support@comodo.com or submit a ticket to: https://support.comodo.com/ References: http://heartbleed.com/ https://www.openssl.org/news/secadv_20140407.txt About Comodo Comodo is a leading internet security provider. With U.S. Headquarters in New Jersey and global resources in UK, China, India, Ukraine, and Romania, Comodo provides businesses and consumers worldwide with security services, including SSL Certificate, PCI scanning, desktop security, and remote PC support. Securing online transactions for more than 200,000 businesses, and with more than 35 million desktop security software installations, including an award-winning firewall and antivirus software, Comodo is Creating Trust Online®. To learn more, visit Comodo's website: Comodo.com For more information, reporters and analysts may contact: Comodo:E-Mail: media-relations@comodo.comOffice: +1 (201) 963 0004 x 4000 Media Relations Comodo Group, Inc.1255 Broad StreetClifton, NJ 07013 USA Tel: +1 (201) 963 0004 x 4000 media-relations@comodo.com Newsroom Latest News Comodo in the news News archive Contact us Newsroom The latest news from Comodo Antivirus Firewall SSL Certificate Internet Security SSL Online Backup System Cleaner Terms & Conditions Privacy Policy Legal Repository Site Map Site Map Site Map Site Map © Comodo Group, Inc. 2014. All rights reserved.All trademarks displayed on this web site are the exclusive property of the respective holders. Stay connected Share on digg Share on twitter Share on facebook More Sharing Services Products Home & Home Office E-Commerce Business & Enterprise Partners Social Media About Us Resources Newsroom Careers Contact Us Support Login ä¸æ–‡ COMODO - Creating Trust Online Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.