Page 11234..1020..»

Category Archives: Tor Browser

Apple tries to clear the air about its anti-malware software accused of collecting users’ IP addresses – MediaNama.com

Posted: November 22, 2020 at 9:48 pm

Apple has denied claims that the companys anti-malware software collects details of appsrunning on Mac devices, along with the devices IP addresses, which contain city and country identifiers. The clarification has come in light of a heated debate around privacy concerns within the Apple ecosystem, as alleged by German security researcher Jeffery Paul in a recent blog post.

Paul, in a blog post titled Your Computer Isnt Yours, had alleged that Apples Gatekeeper feature, which ensures that a users Man runs only software that is pre-approved by Apple, collects IP addresses. This software allows Apple to stop an app from running on its devices if its developers certificate is revoked. In theory, this feature allows Apple to stop users from installing malware on their devices. But, according to Paul, Gatekeeper gives Apple a lot more information than the company is letting on.

This means that Apple knows when youre at home. When youre at work. What apps you open there, and how often. They know when you open Premiere over at a friends house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city Jeffery Paul, security researcher

Soon enough, Apple responded with an updated support document, presumably in response to Pauls blog post and the discussion it elicited on Reddit and other platforms.Apple said that Gatekeeper only performs online checks to verify if an app contains known malware and if a developers signing certificate is revoked.

We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices Apples updated support document

Apple emphasised on how the security checks have never included users Apple ID, or the identity of their devices. At the same time, however, the company said it will delete any IP addresses it has collected so far, perhaps admitting indirectly that it indeed had collected some IP addresses: To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs [emphasis ours].

Additionally, the company committed to introducing more changes to its security checks mechanism:

How other apps/ecosystems handle telemetric data collection: Almost all apps and programs collect telemetry data, which is a term for data that helps developers understand how their software is performing. However, it is considered ideal when this data collected is anonymised that it cannot be used to identify the user in any way. Firefox, for instance, allows users to know what data is being collected from them, which is anonymised to protect their privacy. Similarly, all projects that are part of the Linux Foundation need to anonymise telemetric data to ensure that users personal data or any other sensitive data is not at risk.

Here is the original post:
Apple tries to clear the air about its anti-malware software accused of collecting users' IP addresses - MediaNama.com

Posted in Tor Browser | Comments Off on Apple tries to clear the air about its anti-malware software accused of collecting users’ IP addresses – MediaNama.com

Everything You Need to Know About NetWalker Ransomware – MakeUseOf

Posted: at 9:48 pm

Netwalker is a strain of ransomware that targets Windows-based systems.

First discovered in August 2019, it evolved throughout the rest of 2019and into 2020. Significant spikes in NetWalker targeted attacks were noted by the FBI during the height of the Covid-19 pandemic.

Here's what you need to know about the ransomware that has attacked major schools, healthcare systems, and government institutions throughout the US and Europe.

PreviouslycalledMailto, Netwalker is a sophisticated type of ransomware that renders all critical files, applications, and databases inaccessible through encryption. The group behind it demands cryptocurrency payment in exchange for data recovery and threatens to publish the victims sensitive data in a "leak portal" if ransoms arent paid.

The group is known to launch highly targeted campaigns against large organizations,mainly using email phishing sent to entry points to infiltrate networks.

Previous samples of poisoned emails used the coronavirus pandemic as a lure to make victims click on malicious links or download infected files. Once a computer has been infected, it starts spreadingand compromises all connected Windows devices.

Aside from spreading through spam emails, this ransomware can alsodisguise itself as a popular password management app.As soon as users run the bogus version of the app, their files will be encrypted.

Like Dharma, Sodinokibi, and other nefarious ransomware variants, NetWalker operators use the ransomware-as-a-service (RaaS) model.

Ransomware-as-a-service is the cybercrime offshoot of the popular software-as-a-service (SaaS) business model where software thats centrally hosted on cloud infrastructure is sold or rented out to customers on a subscription basis.

In selling ransomware as a service, however, the material sold is malware thats designed to launch nefarious attacks. Instead of customers, the developers of these ransomware seek out "affiliates" who are expected to facilitate the spread of the ransomware.

Related: Ransomware-as-a-Service Will Bring Chaos to Everyone

If the attack is successful, the ransom money is split between the developer of the ransomware and the affiliate who distributed the prebuilt ransomware. These affiliates normally get around 70 to 80 percent of the ransom money. Its a relatively new and lucrative business model for criminal groups.

The NetWalker group has been actively recruiting "affiliates" on dark web forums, offering the tools and infrastructure to cybercriminals who have previous experience infiltrating large networks. According to a report by McAfee, the group seeks out partners who are Russian-speaking and those who already have a foothold in a potential victims network.

They prioritize quality over quantity and only have limited slots for partners. They stop recruiting oncethese have been filled and will only advertise via the forums again once a slot opens up.

Previous versions of the NetWalker ransom note, much like most other ransom notes, had a "contact us" section that used anonymous email account services.Victims would then contact the group and facilitate the payment through this.

The much more sophisticated version that the group has been using since March 2020 ditched the email and replaced it with a system using the NetWalker Tor interface.

Users are asked to download and install the Tor Browser and are given a personal code. After submitting their key through the online form, the victim will be redirected to a chatmessengerto talk toNetWalker "technical support".

The NetWalker system is organized much like thecompanies they target. They even issue a detailed invoice that includes the status of the account i.e. "waiting for payment", the amount that needs to be settled, and the time they have left to settle.

According to reports, victims are given one week to pay, after which the price for decryption doublesor sensitive datais leaked as a consequence of non-payment before the deadline. Once payment has been made, the victim is directed to a download page for the decryptor program.

The decryptor program appears to be unique and is designed to decrypt only the files of the specific user who made the payment. This is why each victim is given a unique key.

The gang behind NetWalker has been linked to a spate of attacks on different educational, government, and business organizations.

Among its high-profile victims are Michigan State University (MSU), Columbia College of Chicago, and University of California San Francisco (UCSF). The latter apparentlypaid a $1.14 million ransom in exchange for a tool to unlock the encrypted data.

Its other victims include the city of Weiz in Austria. Duringthis attack, the citys public service system was compromised. Some of their data from building inspections and applications were also leaked.

Healthinstitutionshave not beenspared: the gang reportedly targeted the Champaign Urbana Public Health District (CHUPD) in Illinois, The College of Nurses of Ontario (CNO) in Canada, and the University Hospital Dsseldorf (UKD) in Germany.

The attack on the latter is believed to have caused one death after the patient was forced to go to a different hospitalwhen emergency services at Dusseldorf were affected.

Be wary of emails and messages asking you to click on links or download files. Instead of clicking on the link right away, hover over it to examine the entire URL which should appear at the bottom of your browser. Don't click on any email links until you're definitely sure it's genuine, which might mean contacting the sender on a separate system to check.

You also need to avoid downloading fake apps.

Makesure you have reliable antivirus and anti-malware installed thats regularly updated. These can often spot phishing links within emails. Install software patchesstraight away since these are designed to fix vulnerabilities cybercriminals frequently exploit.

You also need toprotect your networks access points with strong passwords and use multi-factor authentication (MFA) to protect access to the network, other computers, and services in your organization. Taking regular back-ups is also a good idea.

While it doesnt target individual end-users yet, NetWalker can use you as a gateway to infiltrate your organizations networks through phishing emails and malicious files or infected bogus apps.

Ransomware is a scary thing, but you can protect yourself by taking sensible precautions, staying vigilant, and

You've seen the news reports, and read about it on Facebook. Perhaps you know someone who has lost all of their data because of it.

Loraine has been writing for magazines, newspapers, and websites for 15 years. She has a master's in applied media technology and a keen interest in digital media, social media studies, and cybersecurity.

Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!

Please confirm your email address in the email we just sent you.

Read this article:
Everything You Need to Know About NetWalker Ransomware - MakeUseOf

Posted in Tor Browser | Comments Off on Everything You Need to Know About NetWalker Ransomware – MakeUseOf

Invisible Web Search Engines to access the Deep Web – TWCN Tech News

Posted: at 9:48 pm

Invisible Web, as the name suggests is the invisible part of the World Wide Web which either is not indexed on the search engine or is subjected to various access restrictions. The regular search engines cannot trace or track the content uploaded on the Invisible web which means not everyone can get access to it. Just in case you arent aware, the World Wide Web can be called the metaphor Ocean which further has different sections like Surface Web, Shallow Web, Deep Web, and Dark Web.

Whereas the Dark Web actually refers to a set of anonymously hosted websites that are not indexed by the regular search engines. There are specific web browsers and search engines to access this Invisible Web and this is what we are going to learn in this post.

This website is one of its kind as it showcases international historical newspapers. It includes 3,866,107 Newspapers and 4,345 Newspaper titles which is huge. Most of the newspapers shown on this website are on the deep web and are not indexed on Google or other traditional search engines. You will get the newspapers from the 17th Century too. You can either use the search bar to get a specific newspaper or can go through the newspaper archives. Check Elephind here.

Voice of the Shuttle is an excellent resource for anyone interested in Humanities. It is a beautifully and perfectly curated collection of deep web content. The collection includes a wide range of categories right from Architecture to General Humanities, Literature to Legal studies, and a lot more. It has been listed in Forbes as the best of the Web directory in the Academic research category. Check Voice of Shuttle here.

It is a Dark web search engine and you need to install the Tor web browser to use it. You wont be able to open the links without the Tor browser. Ahima indexes the hidden content published on Tor. Check Ahmia here.

These were the five search engines to explore the Invisible Web. Do let us know if you want us to add in some more names.

Follow this link:
Invisible Web Search Engines to access the Deep Web - TWCN Tech News

Posted in Tor Browser | Comments Off on Invisible Web Search Engines to access the Deep Web – TWCN Tech News

10 Years of HTTPS Everywhere – EFF

Posted: November 13, 2020 at 9:49 pm

Its been 10 years since the beta release of EFFs HTTPS Everywhere web browser extension. It encrypts your communications with websites, making your browsing more secure. HTTPS has journeyed its way from an urgent recommendation to a main component of traffic of our everyday web experience. In 2018, we discussed the importance of HTTPS Everywhere and our ongoing effort to encrypt the web. We have come far and still have more work to do. This post gives a snapshot into the landscape of HTTPS Everywhere today.

Since the launch of HTTPS Everywhere, other projects have also taken on the task of helping users browse securely. These more recent projects include DuckDuckGos Smarter Encryption and Smart HTTPS. The biggest difference is that HTTPS Everywhere still operates a community-curated list of rules for particular sites. Many users who add to our list have intimate knowledge of the sites they are contributing. Examples of such reports include subdomains of a site that have misconfigurations, insecure cookies, or CDN buckets to account for.

Many users wanted dynamic upgrades to HTTPS, so we developed the Encrypt All Sites Eligible (E.A.S.E) mode in HTTPS Everywhere.

EASE automatically attempts to upgrade connections from insecure HTTP to secure HTTPS for all sites, and prevents unencrypted connections from being made. This parallels the features of the more recent projects listed. EASE mode also assists in preventing downgrade attacks, where malicious actors attempt to redirect your browser to an insecure HTTP connection to the site. This is handled slightly differently by other projects, but we want to emphasize that our rulesets also apply to sub resources on the page as well. Meaning, if there are images and scripts that link to another domain, such as a Content Delivery Network (CDN), our rules can apply to those as well. We are not only adding rulesets, but amending them as websites change. HTTPS Everywheres maintainers and contributors have done a fantastic job over the years maintaining this aspect of the project.

A common question is whether HTTPS Everywhere is still helpful if DNS over HTTPS (DoH) is enabled? Absolutely. The Domain Name System (DNS) looks up a sites IP address when you type the sites name into your browser. A DNS request occurs before the sites server connection is made; DoH occurs at this layer. After the DNS request has been made, the connection to the sites server is next. That is where HTTPS Everywhere comes in: it is able to secure your traffic to the requested site.

DNS request = request for I.P. sites address

HTTP request = request communication with site's server/website content

DoH & HTTPS = encrypted request for sites I.P. & encrypted request with site's server/website content respectively

Many browsers have made important strides in adopting HTTPS at a more aggressive rate. For example:

We hope to see these developments, especially the option to be HTTPS by default, in both Firefox and Chrome.

In the coming decade, we hope browsers will further help to encrypt the web. Its time for browsers to close these remaining gaps and give users the choice to upgrade to HTTPS. We hope our HTTPS Everywhere project will eventually not be needed in its current state, because the browsers themselves will close these gaps. This will take a strong commitment by all major browsers to provide comprehensive HTTPS options for their users.

In addition to encrypting your web traffic, HTTPS Everywhere also provides extended features that have made way for some exciting developments in internet privacy.

Our update channels provide a secure way for other parties to load their own rulesets. For example, SecureDrop partnered with Tor to use HTTPS Everywhere Update channels to have human-readable onions in Tor Browser! As SecureDrop explains:

SecureDrop uses onion servicesaccessible only via the Tor networkto protect sources sending tips to news organizations. When you visit an onion service (address ends with .onion), all traffic to and from the service is encrypted and anonymized.

We are excited to be able to provide a platform for easily shared AND secure tips to newsrooms. A very big hat tip to SecureDrop and Tor Browser.

HTTPS Everywheres ruleset rewrites are very useful, but can be memory heavy in comparison to most extensions. To alleviate this, we have a ruleset redirect engine written in Rust that compiles to Web Assembly. If Web Assembly isnt supported, then Javascript is the fallback for rewrites. We picked Rust because it is a memory safe language that is lightweight and manageable. Also, one need not rewrite existing parts of the code base in order to take part in more modern developments of web applications.

Learn more about Rust + Web Assembly: https://rustwasm.github.io/docs/book/introduction.html

This project and its extended features were created to make privacy and security not only accessible but easily obtainable to everyone. Anonymity and privacy on the web shouldnt be limited to people with highly technical knowledge. Hopefully when we write an update a decade from now, HTTPS Everywhere will be retired, because its encryption safeguards will have been fully integrated as a common feature of the net.

Thank you for using HTTPS Everywhere. If you havent installed it, do so today!

Read more here:
10 Years of HTTPS Everywhere - EFF

Posted in Tor Browser | Comments Off on 10 Years of HTTPS Everywhere – EFF

The Top Three Browsers for Security and Safety – Hacked

Posted: at 9:49 pm

Safari, Explorer, Chrome these are some of the most popular internet browsers ever. But theyre not necessarily the safest.

With rates of cybercrime steadily rising, you should arm yourself with all the tools you can. And there are browsers out there that were built with your security in mind.

Before we begin the list, we must define what we mean by security in this context. Generally speaking, were talking about which browsers protect your information, your privacy and take steps to keep you safe from security breaches. In no particular order, here are some of the best options:

You probably werent expecting such a mainstream browser to kick off this list, but Firefox can be a very safe option. You just need to tweak it.

Within the browsers settings, you can modify your Privacy and Security settings to standard, strict, or custom. And there are plenty of guides online that can help you customize your settings.

For example, you can customize your settings to block content that tracks the sites you visit and profiles you.

You even have the option to make sure specific websites dont track you.

There are numerous plug-ins, like Decentraleyes and uBlockOrigin, that can add extra layers of safety and security. Just make sure you use a trusted guide, as some modifications can cause some websites to become inaccessible or can slow download speeds.

If you like Firefox but want to up your security game even further, check out Tor Browser. Its basically a fortified version of Firefox.

Another branch of the Firefox tree, Brave was founded in 2016 by former Mozilla head Brenden Eich. As part of its standard protection features, Brave protects against fingerprinting, blocks trackers and ads, upgrades to HTTPS (which protects against eavesdropping and tampering), and has a built-in script blocker.

Fingerprinting is when sites scrape together specific information about you and your computer, which they use to create ads for you and can block you from identifying frauds or avoiding harmful bots, according to The Washington Post.

Brave also allows you to select what data you want to delete every time you close the app.

The browser has drawn criticism by including its own ads on websites while blocking ads from competitors.

But all in all, Brave is a good option. The browser fully transferred over to Chromium codebase, allowing easy use of Chrome extensions.

Its all in the name. Security and privacy are this browsers main goal. Unlike Mozilla, Epic defaults to the highest security setting. It may make some websites inaccessible, but if youre serious about security, this could be the browser for you.

Epic deletes all traces of history as soon as the app is exited. All third-party cookies are blocked. It hides your IP address, making a VPN unnecessary.

It claims to block 600+ tracking attempts per session, in addition to blocking ads and fingerprinting.

While these browsers might be some of the safest and most secure, none can guarantee safety.

If you feel like your security has been breached, do not hesitate to reach out to one of our trusted professionals. And if you want to add an extra layer of security, consider proactively adding one of our digital protection plans.

Featured image from Shutterstock.com

More here:
The Top Three Browsers for Security and Safety - Hacked

Posted in Tor Browser | Comments Off on The Top Three Browsers for Security and Safety – Hacked

What is Tor? Your guide to using the private browser – CNET

Posted: October 20, 2020 at 6:16 pm

Tor is an "onion-routing" network that protects your privacy online.

If you're new to internet privacy and security, you've still probably already read references to something called Tor -- a widely hailed piece of internet-connected software with its own internet browser. Tor is embraced by privacy aficionados for its reliable encryption and its history of covering users' internet tracks.

At first glance, the terminology around Tor can seem intimidating and alien. Don't worry, though. It's simpler than it seems.

Here's everything you need to know about Tor.

Read more: The best VPN service for 2020

Back in the mid-'90s, when the US Navy was looking into ways to securely communicate sensitive intelligence information, a mathematician and two computer scientists emerged from the Naval Research Lab with something called "onion routing." It was a new kind of technology that would protect your internet traffic with layers of privacy. By 2003, The Onion Routing project, acronymed Tor, was in the hands of the public, where its vast network of users -- the engine enabling Tor -- has since continued to grow.

Today, thousands of volunteers all over the world are connecting their computers to the internet to create the Tor network by becoming "nodes" or "relays" for your internet traffic.

At a basic level, Tor is a type of internet-connected network with its own internet browser. Once you connect to the internet with the Tor browser, your internet traffic is stripped of its first layer of identifying information as it enters the Tor network, and is then sent bouncing through those relay nodes, which serve to encrypt and privatize your data, layer by layer -- like an onion. Finally, your traffic hits an exit node and leaves the Tor network for the open web.

Once you're in the Tor network, it's nearly impossible for others to track your traffic's manic pinballing path across the globe. And once you leave the Tor network via an exit node, the website you view (assuming it has HTTPS in front of its address) isn't sure which part of the world you're hailing from, offering you more privacy and protection.

Read more: The best antivirus protection of 2020 for Windows 10

Normal web browsing is easy with Tor. Head to the official site and download the Tor browser. Follow the installation instructions as you would with any other program. When you open Tor for the first time, the program will ask you to either configure your connection (if you're in a country where Tor has been banned, like China or Saudi Arabia) or simply connect. Once you click connect, Tor may take a few minutes to find a set of relays to connect you through.

But once you're in, you can use Tor just as you would any other browser. You'll also be prompted to review your Tor browser security settings. If you're aiming for maximum privacy, I'd advise leaving the settings on their default selections.

If you start experiencing slower-than-normal speeds, you can nudge Tor into action by checking for a quicker connection path to the website you're trying to view. In the top right corner of the Tor browser, click the three-line menu icon and select New Tor Circuit for this Site.

The privacy-focused Brave browser also has an option to route traffic through Tor when inside a private window.

Read more:Best iPhone VPNs of 2020

Now playing: Watch this: Brave browser gets more private with Tor

1:32

Because Tor is a volunteer-run network, speed can often be an issue. As your traffic moves from node to node, you're likely to notice more speed loss than you would, for instance, with most commercial virtual private networks. This becomes particularly noticeable if you try to watch streaming Netflix content over Tor or make voice-over-IP phone calls or video calls with an app like Zoom. Tor technology isn't necessarily built to provide seamless audio-video experiences.

Speaking of videos, there are also limits to the amount of privacy Tor can offer you if you enable certain browser media plugins like Flash. Likewise, your browser's JavaScript plug-in -- which enables you to view a lot of websites' embedded media -- can still leak your IP address information. Torrenting files with Tor also exposes you to privacy risks. Because of these risks, Tor's privacy settings have these kinds of plug-ins disabled by default.

If you're just looking to do general, daily internet perusal using a browser that will better hide your traffic from spying eyes, Tor probably isn't the best choice due to its slow speeds and incompatibility with most embedded media. But if you're concerned enough about privacy around a particular topic of internet research (and you don't have a VPN), Tor is probably the best choice for you.

In some cases, yes. Most of the time, however, it takes some know-how to be able to configure your VPN's connection to work in harmony with Tor. If you don't get it right, you can risk making both Tor and your VPN ineffective when it comes to protecting your privacy. We recommend getting familiar with both types of software before marrying the two.

On the plus side, however, a successful combination of the two can be useful. While Tor protects your internet traffic, your VPN can be set to encrypt the internet traffic of any other applications running on your device in the background.

To investigate VPNs further, check out our beginner-friendly guide to all the VPN terms you need to know and our directory of the best VPNs of 2020.

Now playing: Watch this: Top 5 reasons to use a VPN

2:42

See the original post here:
What is Tor? Your guide to using the private browser - CNET

Posted in Tor Browser | Comments Off on What is Tor? Your guide to using the private browser – CNET

What Is Tor and Should I Use It? – Lifehacker

Posted: at 6:16 pm

Dear Lifehacker,I've been hearing a lot about Tor these days (with a shoutout on House of Cards!), but I'm not entirely sure what it does or why I'd ever use it. What exactly does Tor do?

Sincerely,Frank Overwood

Dear FO,We've talked a lot about Tor over the years because it's the easiest way to browse the web anonymously, but it's not always clear why that matters or why you'd need to use it. Let's take a look at what Tor does, who uses it, and perhaps most importantly, what Tor doesn't do.

G/O Media may get a commission

Tor is short for The Onion Router (thus the logo) and was initially a worldwide network of servers developed with the U.S. Navy that enabled people to browse the internet anonymously. Now, it's a non-profit organization whose main purpose is the research and development of online privacy tools.

The Tor network disguises your identity by moving your traffic across different Tor servers, and encrypting that traffic so it isn't traced back to you. Anyone who tries would see traffic coming from random nodes on the Tor network, rather than your computer. (For a more in-depth explanation, check out this post from our sister blog, Gizmodo).

To access this network, you just need to download the Tor browser. Everything you do in the browser goes through the Tor network and doesn't need any setup or configuration from you. That said, since your data goes through a lot of relays, it's slow, so you'll experience a much more sluggish internet than usual when you're using Tor.

If you want to be anonymoussay, if you live under a dictatorship, you're a journalist in an oppressive country, or a hacker looking to stay hidden from the governmentTor is one of the easiest ways to anonymize your traffic, and it's free. It's far from perfect, though (we'll get to that in a moment).

On a more general level, Tor is useful for anyone who wants to keep their internet activities out of the hands of advertisers, ISPs, and web sites. That includes people getting around censorship restrictions in their country, police officers looking to hide their IP address, or anyone else who doesn't want their browsing habits linked to them.

Tor's technology isn't just about browsing anonymously. It can also host web sites through its hidden services that are only accessible by other Tor users. It's on one of these hidden service sites that something like The Silk Road exists to traffic drugs. Tor's hosting capabilities tend to pop up in police reports for things like child pornography and arms trading, too.

So is it something that everyday users need? Probably not, at least not yet. But it's become popular because of its usefulness in many of these more specific situations.

Tor is handy, but it's far from perfect. Don't think just because you're using Tor that you're perfectly anonymous. Someone like the NSA can tell if you're a Tor user and that makes them more likely to target you. With a enough work, the government can figure out who you are. Motherboard points to a recent FBI bust that shows how this might work:

The FBI's big child porn bust this summer also raised some suspicion from privacy advocates over how easy it is for the Feds to infiltrate Tor. The FBI managed to crack the anonymous network by injecting malware into the browser, in order to identify what it called "the "largest child porn facilitator on the planet." In the process, the malware revealed the IP addresses of hundreds of users.

Furthermore, anonymity is not the same as security. It's hard to hack into the Tor network, but the browser is a different story. As we found at least year, the NSA can get into your browser a lot easier than it can the network and once it does, it gets access to everything else. So, "man in the middle" style attacks on Tor are still possible with help of internet service providers. Tor responded to these possible attacks with these comments:

The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network. Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.

Just using Tor isn't enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.

As the How-To Geek points out, you still need to use HTTPS whenever possible to protect yourself from man-in-the-middle style attacks. Likewise, Tor's only as strong as its browser, which has had security flaws before, so it's worth making sure you always have the newest version.

As we mentioned above, if you're an average user looking at cat GIFs and browsing Facebook, you probably don't need to worry about the government spying on your activity, and Tor is just going to slow down your connection. It's more likely that you need to secure your internet rather than anonymize it, say, when you're using public Wi-Fi. In that case, you'd want to make sure you're using HTTPS on all sites that support it, and possibly even use a VPN to encrypt all your traffic when you're away from home.

If you want to stay anonymous because you're downloading large files and don't want people to see what you're downloadingsay, on BitTorrentTor is not a good solution. It won't keep you anonymous, and you'll slow down everyone else's traffic for no reason. In this case, you'd want a proxy or a VPN instead.

In other cases where you want to stay anonymous, Tor will do the trick, and it'll do it freely and easily. But we recommend considering a VPN tooas long as you use a VPN dedicated to anonymity that doesn't keep logs of your traffic, it can provide quite a few advantages over Tor (though you'll usually have to pay some money).

Most importantly, remember: nothing is 100% anonymous or secure, whether you're using Tor, a VPN, or anything else. If you think you need something along these lines, think about what exactly you're doing and what you need to protecthalf the battle is picking the right tool for the job.

Good Luck,Lifehacker

Go here to see the original:
What Is Tor and Should I Use It? - Lifehacker

Posted in Tor Browser | Comments Off on What Is Tor and Should I Use It? – Lifehacker

From the Experts: Social Media Monitoring and Dark Web Investigations – Security Boulevard

Posted: at 6:16 pm

Recently, Authentic8s National Security Engagement Lead and former CISO at the White House Matt Ashburn sat down with Forresters Brian Kime to discuss cyber investigations, where they lead and their importance to private and public sector organizations. Kime is a Forrester senior analyst covering cyber threat intelligence, vulnerability risk management and industrial control system security. In this role, he helps organizations identify, assess, and prioritize cyber and physical threats; prepare for emerging attack vectors; and reduce cyber risk in enterprise IT and operational technology (OT) environments.

Ashburn: We see social media sites and applications as rich resources for gathering information related to our investigations but are concerned well put ourselves and/or the company at risk. How should we get started? Do you have any dos and donts when it comes to social media?

Kime: Your organization and your high-profile employees are more vulnerable than ever, which is why you need to integrate social media monitoring into your security strategy immediately. Here a few recommendations for firms to manage social media risks.

Identify your most valuable social points of presence, actors and assets, and consider the consequences for your organization if those high-value accounts were compromised or impersonated. To determine value, consider the business influence and brand influence of those accounts as well as the data and people they are associated with.

How people use and interact on social media continues to evolve rapidly, as do the tactics cybercriminals wield to exploit it. Cyber threat intelligence services can help track the methods the adversarial groups are using against organizations like yours. As the threat landscape evolves and new threats and use cases emerge, be sure to review your social media security posture with regular audits and vulnerability assessments.

Encourage your employees to verify that new social media connections are who they say they are by connecting over email, instant messaging or phone. Create training modules on how to identify email phishing and suspicious social media activity. Identify your most at-risk and valuable employees, such as IT system and domain administrators, high-profile executives, employees in finance or R&D, etc., and set stricter policies and technical oversight controls for them.

You may want to limit messaging features to only those who use it to speak on the companys behalf. And review your marketing teams security practices to ensure they dont share access credentials for your brands social accounts; require that they access accounts through a social media management solution and reduce reliance on static passwords by requiring two-factor authentication (2FA). You should also actively monitor and protect your high-profile accounts for suspicious behavior and establish a process to monitor and submit takedown requests for fraudulent social accounts misusing your brand names and logos.

Ashburn: Is tracking activities on the dark web really a need for corporations? Seems more applicable to government- and law enforcement-type investigations.

Kime: Absolutely yes. While the dark web is primarily used by hackers for hire (either independent or state sponsored) who are trying to make a profit by selling stolen data, tracking the dark web can still be very valuable. For one, tracking the dark web helps corporations identify if their own data is for sale which might be indicative of a data breach or malicious insider activity. While you should still block access to the Tor browser and block Tor traffic at the firewall for all employees, enabling a small group of users with dark web access will provide additional insight about potential data breaches against other malicious activities targeted against your firm.

Ashburn: How do I convince upper management that we need to allocate resources to do more proactive threat intelligence gathering vs. just reacting after the fact all the time?

Intelligence helps decision makers reduce risk and uncertainty. Boards of directors are concerned with managing reputational and regulatory risks to preserve stockholder value. Therefore, intelligence should always lean towards being proactive by assessing the organizations threats intent and capability to breach or attack the organization. More tactical and operational benefits to threat intelligence include:

Matt Ashburn: How useful/important is actively managing attribution versus, say, being very cautious and making sure to use incognito mode in my browser?

Brian Kime: Users tend to think incognito mode or private browsing conceals their activity from all snooping, when the reality is those privacy modes do not prevent websites, ISPs, your employer or school from logging your activities, tracking your presence and attributing your browsing to your organization. For any user who conducts sensitive research or intelligence collection outside the corporate network, it is vital that we covertly access those hostile resources so that we do not give away our presence or intelligence requirements to our adversaries. By actively managing our own attribution (vice attributing cyberthreat activities to criminals or state organizations) we preserve our operational security and reduce the likelihood and consequences of a threat detecting our research or our intelligence collection.

Related Resources

Authentic8 and Forrester recently conducted a joint webinar on the importance of threat intelligence in the SOC and how to better enable intelligence-gathering investigations. The webinar also gives expert advice on the types of tools and frameworks that can give your SOC an advantage over adversaries.

Watch On Demand

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from Authentic8 Blog authored by A8 Team. Read the original post at: https://blog.authentic8.com/social-media-monitoring-dark-web-investigations/

Read more from the original source:
From the Experts: Social Media Monitoring and Dark Web Investigations - Security Boulevard

Posted in Tor Browser | Comments Off on From the Experts: Social Media Monitoring and Dark Web Investigations – Security Boulevard

The Nation in Brief – Arkansas Online

Posted: September 23, 2020 at 7:32 pm

Accused ricin mailer appears in court

WASHINGTON -- A Canadian woman accused of mailing a package containing ricin to the White House included a threatening letter in which she told President Donald Trump to "give up and remove your application for this election," according to court papers filed Tuesday.

[CORONAVIRUS: Click here for our complete coverage arkansasonline.com/coronavirus]

Pascale Ferrier of Quebec was arrested Sunday at the U.S.-Canada border and made her first court appearance Tuesday afternoon in federal court in Buffalo, N.Y. She faces a charge of threatening the president.

The envelope containing the toxic substance and the threatening letter was addressed to the White House but was intercepted at a mail sorting facility Friday. The package, postmarked from Canada, included a letter in which she referred to Trump as "The Ugly Tyrant Clown," according to an FBI affidavit filed in the case.

"So I made a 'special gift' for you to make a decision. This gift is in this letter," she wrote, according to the affidavit. "If it doesn't work, I'll find better recipe for another poison, or I might use my gun when I'll be able to come. Enjoy! FREE REBEL SPIRIT."

Ferrier appeared in court briefly Tuesday, and U.S. Magistrate Judge H. Kenneth Schroeder Jr. entered an innocent plea on her behalf.

Darknet drug case leads to 179 arrests

WASHINGTON -- Law enforcement officials arrested 179 people and seized more than $6.5 million in a worldwide crackdown on opioid trafficking on the darknet, the U.S. Justice Department said Tuesday.

The operation, which mainly occurred in the U.S. and in Europe, comes more than a year after officials took down the "Wall Street Market," which was believed to be one of the largest illegal online marketplaces on the darknet.

The darknet is a part of the internet hosted within an encrypted network and accessible only through specialized anonymity-providing tools, most notably the Tor Browser.

As part of the initiative, law enforcement officials seized more than $6.5 million in cash and virtual currency, in addition to 500 kilograms of drugs, the Justice Department said. About 275 kilograms of drugs, including fentanyl, heroin, cocaine, Ecstasy and other opioids, had been seized in the U.S.

The arrests include 121 made in the U.S., two in Canada, 42 in Germany, eight in the Netherlands, four in the United Kingdom, three in Australia and one in Sweden. The Justice Department said its investigation was ongoing, and investigators were still working to identify other individuals behind darknet accounts.

Deputy Attorney General Jeffrey Rosen said the takedown showed "there will be no safe haven for drug dealing in cyberspace."

CDC issues guidance on holiday visits

New guidance from the U.S. Centers for Disease Control and Prevention for the coming holiday season warns that hosts and attendees at holiday celebrations will need to take steps to limit the risk of contracting and spreading the novel coronavirus.

Virtual gatherings or those that involve one's immediate household are low-risk, the agency said in a posting Monday. If people do gather in person for Christmas and other holidays, the CDC recommends doing so outdoors, keeping groups small, using measures like mask-wearing and social distancing, and considering local virus conditions as well as where attendees are coming from.

Traditional celebrations like Halloween trick-or-treating, large indoor Dia de los Muertos gatherings, crowded Thanksgiving parades and Black Friday shopping sprees could spread the virus and should be avoided, according to the guidance. The CDC recommends alternatives such as virtual Halloween costume contests, holding a small dinner for household members and shopping online.

City readies for Taylor findings unrest

LOUISVILLE, Ky. -- Officials in Kentucky's largest city were preparing Tuesday for more protests and possible unrest as the public nervously awaits the state attorney general's announcement about whether he will charge officers in Breonna Taylor's shooting death.

Photo bySouth Florida Sun-SentinelKyle Welp plays tuesday with his dog Ryder at the freshwater dog swim area of Snyder park in Fort Lauderdale, Fla. (AP/south Florida sun-sentinel/Joe Cavaretta)

With timing of the announcement still uncertain, Louisville Mayor Greg Fischer declared a state of emergency because of the potential for civil unrest, hours after police said they would restrict access in the city's downtown. The mayor and police said they were planning ahead of time to protect demonstrators, and the people who live and work there.

But some involved in protests seeking justice for Taylor questioned why the police were going to such "overkill" lengths when the city has been the site of peaceful protests for months.

Attorney General Daniel Cameron has declined to set a deadline for his decision. Earlier this month, he remarked that "an investigation, if done properly, cannot follow a certain timeline."

Interim Police Chief Robert Schroeder said officials from Cameron's office have promised to give authorities a heads-up.

-- Compiled by Democrat-Gazette staff from wire reports

Continue reading here:
The Nation in Brief - Arkansas Online

Posted in Tor Browser | Comments Off on The Nation in Brief – Arkansas Online

The use of facial recognition to fight crime: Japan case – Geospatial World

Posted: at 7:32 pm

Facial recognition is a technology that can recognize and verify an individual from a digital image or a video frame. Facial Recognition system identifies your face based on skin tone, facial hair, and other biometric information. It then compares the data to a database of stored faces and finds a match.

Law Enforcement agencies all around the world have been using the latest technologies that help track down criminals. The latest in this long list of technologies is the Facial Recognition System.

Of course, there are other methods to distinguish individuals from each other and identify them, such as:

But facial recognition continues to be the perfect biometric benchmark. And the reason for this is that it is easy to deploy, and there is no need for physical interaction by the end-user. Tracking down criminals using facial recognition is faster and more efficient.

Japanese Police Force has also joined the long list of law enforcement agencies around the globe that use facial recognition. A system can compare photographs of people previously arrested with images obtained from surveillance cameras and social media.

Police have used facial recognition technology across the nation since March. Its a more efficient and reliable way to locate criminal suspects. Critics warn that the system could transform the country into a surveillance society unless it runs under strict regulations.

According to a senior National Police Agency official, that shouldnt be a problem: We are using the system only for criminal investigations and within the scope of the law. We discard facial images that are found to be unrelated to cases.

The Japanese National Police Agency also follows strict rules laid down by the National Public Safety Commission to handle and use facial images, the same way they do fingerprints and DNA evidence.

The agencys database currently holds 10 million facial images of criminal suspects. Some of those have not yet been arrested.

The implications of facial recognition are far-reaching. It can help law enforcement agencies track down criminal suspects. But governments can use the same technology to monitor and control their citizens, like Chinas government does to Uighur Muslims. More than a million of them are in detention camps, and the Chinese government uses surveillance technologies like facial recognition to control and discipline them.

In 2013 American coder Edward Snowden made key revelations about how the National Security Agency was breaching the general publics privacy in the name of security and surveillance. Snowdens revelations raised huge concerns about public privacy, and a huge overload of privacy advocacy was seen. It was now clear that governments can go to anylengths to control and discipline their citizens.

Concerns about the possible breaches of privacy, facial recognition being one of them, are present among the Japanese masses. The only way governments can use facial recognition to track down criminals is by monitoring everyone. That is the biggest issue that privacy advocates have against facial recognition.

Many government agencies could even access the webcams of internet users in the name of public safety and surveillance. And most of the time, users are not even aware of such an intense breach in their privacy. Thats why many start covering their webcams, muting their microphones, and using various privacy tools, such as a VPN or Tor browser.

Privacy in the age of the web is one of the most common issues that we face today. Almost everyone can track you or keep tabs on your personal information.

Internet users may fall victim to a data breach and lose their sensitive data. Or worse their data might end up in malicious hands. If you are anonymous online, then your chances of falling victim to a data breach are almost zero. But its virtually impossible to stay truly anonymous.

Location-based services are on the rise as almost everyone uses a smartphone these days. These services access your location and provide you information about nearby places such as the nearest restaurant, information about indoor positioning, speed, altitude, etc. But the privacy concern about this location-sharing is that these services may be collecting more data on the users than they need to.

Going online may feel like the equivalent of having zero privacy. Almost 40% of internet users worldwide feel that they dont have control over their data. Advertisement agencies and social media sites collaborate to bring you better ads but only at the cost of your privacy. Your personal data is handed over to these third-party sites all the time.

The Japanese government and marketplaces gather data about people to use it according to their needs. Nobuo Komiya, a criminology professor at Rissho University, said, It is natural for the police to adopt advanced technology.

Nowadays, many governments are more concerned about their control over citizens and less about their privacy. They often overlook data breaches in the name of security. So everyone should take their privacy into their own hands.

Read more here:
The use of facial recognition to fight crime: Japan case - Geospatial World

Posted in Tor Browser | Comments Off on The use of facial recognition to fight crime: Japan case – Geospatial World

Page 11234..1020..»