Categories
News

According to Avast, Windows XP has more users than Windows Vista and 8 combined

Despite Microsoft’s aggressive marketing strategy created to persuade users to upgrade to Windows 10, Windows 7 is still leading the market. The folks from Avast have published some stats about the global Windows usage for the first quarter of 2017 and revealed some interesting facts.

56 million computers use Avast on Windows 7, this representing 48.35% of the market share. Windows 7 is followed by Windows 10, which is installed on 35 million devices running Avast software and Windows 8.1, which is installed on 12.7 million systems running Avast, representing about 10.96% of the market.

The big surprise is Windows XP, which has a market popularity bigger than Windows Vista and Windows 8 combined. According to the same numbers, Windows XP is still running on 6.5 million computers using Avast software (about 5.64%), while Windows 8 is running only on 2.51% of the computers having Avast installd, and Vista running on 2.08%. Speaking of Vista, it will reach end of life (EOL) next month, so if you still have it on your system it is advised either upgrade or switch to Linux.

Windows XP is still used due to the fact that it ideal for computers with old hardware and can run specific programs built on old technology that are not compatible with newer Windows systems.

Categories
Editorials and informational articles

Microsoft ends support for Windows Vista next month

Windows Vista

Microsoft plans to end support for Windows Vista operating system next month, meaning that no further security updates will be released afterwards. According to Windows lifecycle fact sheet from the Microsofts’ website, we can notice that starting with 11th of April the support for Vista will be terminated.

Microsoft will launch security patches on the 11th of April, afterwards stopping to offer any support for the operating system. While companies and organizations may still pay Microsoft for extending the support deadline, all of the end-users or Home users will have to face a difficult decision at that point in time.

Some users may still continue to use the Windows Vista operating system on their working stations, but that does not come as an advice from the software producers because security vulnerabilities won’t be fixed anymore. That won’t be as bad as it sounds if you’re not connected to the internet, or you’re using the internet occasionally.

The good part about Windows Vista is the fact that it has no expiration date. This means that you can run it for years from now on without any issues.

If you still decide to change the operating system with the next of kin or even newer version… don’t forget to back-up all of your data and files. Also check for any software compatibility issues from Vista to the new operating system. What operating system are you guys using and what do you like the most of it?

Categories
Linux distributions News

Tails 2.11 Amnesic Incognito Live System has been released

As you may know, Tails is a free, open-source Debian-based incognito Linux live system. Its popularity has increased since Edward Snowden used it to stay hidden online, after leaking the NSA private data.

The latest version available is Tails 2.11, which has been recently released bringing improvements and updated packages. It updates the I2P anonymizing network software to version 0.9.25, adds a notification that informs the users that the Tails 3.0 Live CD will not work on old computers with 32-bit (x86) processors and another one that warns the users that I2P will be removed, starting with Tails 2.12 because the Tails developers are all hands on deck and do not afford to work on integrating I2P into the distro.

Also, Tails 2.11 upgrades Tor Browser (anonymous web browser that uses the Tor network) to version 6.5.1, disables the dccp module in order to fix the local root privilege escalation issue and upgrades the Kernel to version 4.8.15 to fix a bunch of GNOME desktop bugs.

The distribution can be downloaded from here. For more information, read the official announcement here. This Linux live system is ideal for hackers and paranoid users that want to have control and anonymity over the internet.

Categories
News

According to WikiLeaks’ Vault 7 article, CIA had a hard time bypassing the Bitdefender and AVG protection

As you may know, WikiLeaks has published the article recently, revealing a lot of information about how CIA spies the users and their hacking capabilities. The article is called Vault 7 and provides a lot of interesting information.

The CIA uses 0-day exploits and spreads malware in order to perform mass espionage. Some ideas, from the WikiLeaks article:

  • CIA is capable of hacking into all the Android and iOS phones that have (or had) the Twitter app installed.
  • CIA can spy the users by using the Android and iOS phones, the internet of things devices and the smart TVs as microphones.
  • CIA can decrypt all the encrypted messages from WhatsApp, Signal and Telegram.
  • CIA can hack almost every system that’s available online, because it has both hardware resources and smart people that can do that.

The article does not contain anything about Windows Phones, this meaning that either it does not represent any interest or the government has some kind of deal with Microsoft.

In order to hack into different computers, the CIA hackers had to make their hacking tools bypass the security offered by antivirus software. This article from APNews.com tells us how much the CIA struggled to trick a bunch of antivirus solutions:

Comodo:

A CIA hacker said about Comodo that it is “a colossal pain in the posterior. It literally catches everything until you tell it not to.”. Același hacker a anunțat că ultimele versiuni Comodo sunt mai ușor de ocolit decât cele mai vechi, dar unul dintre angajații Comodo a anunțat că exploit-ul folosit de CIA nu mai este de actualitate de multă vreme.

Kaspersky:

Due to the fact that the antivirus has a flaw in its source code, CIA has managed to easily bypass Kaspersky’s protection. Eugene Kaspersky a anunțat că cele două vulnerabilitați folosite de către CIA au fost deja descoperite și eliminate.

Avira:

The CIA hacker has announced that he has bypassed Avira protected systems easily. The firm announced that they have patched the flaw a few hours after the vulnerability has been leaked and that there isn’t any proof that the users were affected by the bug.

AVG:

CIA had a trick to theoretically bypass AVG, but one of the technology officers at AVG announced that the flaw CIA would be using is obsolete today.

F-Secure:

The same as Avira, the CIA hackers did not have to work hard in order to bypass this AV’s security.

Bitdefender:

It looks like CIA had a hard time trying to crack Bitdefender’s security and it’s not certain if the agency managed to bypass it or not.

Categories
Hackers and hacks News

StoneDrill Malware destroys the data on the infected computers

Kaspersky Lab has recently discovered StoneDrill, a new type of malware that destroys all the files on the infected computer for good. The malware features anti-detection techniques and espionage tools and has infected computers in the Middle East and Europe.

It is similar to Shamoon, which wiped clean about 35.000 computers in an oil and gas company in the Middle East, back in 2012, and left 10% of the world’s oil at risk.

Shamoon 2.0 has reappeared in 2016 and StoneDrill is very similar to it, but has extra features. The virus infects th computer, injects itself into the memory process of the default browser, fools the security solutions present with two anti-emulation techniques and after it has successfully disguised, it start destroying files.

Kaspersky Lab also found a StoneDrill backdoor, used for espionage purposes. For now, the security researchers did not discover how the malware spread.

The best way to protect against all sorts of attacks is to use security software, strong password rules and be paranoid enough to think that your security will be breached and implement a backup solution, so that everything destroyed or infected can be successfully restored.

For more information, see this article from Kaspersky’s securelist.com website.

StoneDrill Malware destroys the data on the infected computers

Categories
Editorials and informational articles Tops

Best free password managers in 2017

In this article I will make a top of the best free password managers in 2017, providing a short description for each worth mentioning service. If you don’t know this yet, password managers centralize all your passwords into one single password and helps you remember your passwords, create new one or protect your passwords against strangers.

You should also read this article, which helps you create strong passwords and how to remember them.

So, here is the top.

LastPass:

LastPass is probably the most popular free, cross-platform password manager application. It can be used on both desktop (running Windows, Linux or Mac OS X) and mobile (running Android or iOS).

Among others, it autocompletes your passwords on websites and introduces your personal information you use to fill your forms. It is also capable of generating random strong passwords and it stores them automatically for you in the vault, alerting the users when they need to change the password or when they use the same more than once.

While it is free to use, if you want to sync your passwords between your phone and desktop, you need to pay a $1 fee per month.

Dashlane:

Dashlane is yet another free, cross-platform password manager working for both desktops (Windows and Mac OS X) and mobiles (Android and iOS). It can store your passwords, create and save new strong passwords for you and complete web forms with personal information. You only need to remember the master password to open the encrypted vault and you are good to go.

While you can use DashLane on multiple devices, you need to pay $3 a month for the premium version to sync passwords between devices. It also saves receipts from purchases, a feature which is not present on other passwords managers.

Sticky Password:

Sticky Password is a free, cross-platform password manager developed by the team behind the AVG antivirus. It can be installed on Windows, Mac OS X, Android and iOS and, the like the DashLine and LastPass, it requires a $20 yearly subscription in order to permit the users to sync passwords between their platforms. Also, it autofills online forms and generates random strong passwords.

The paid version of Sticky Password has a biometric confirmation feature, permitting the usage of fingerprint authentication to identify on a mobile device. Also, it syncs the passwords via WiFi, so you will not need to trust the cloud.

Keeper Security :

Keeper security password manager is yet another cross platform password manager. It can be used on all the main platforms, including: Windows, Linux, Mac OS X, Android and iOS and has a very simple and intuitive user interface.

The premium version supports Two-factor authentication and can be setup to delete all the records from the device if the master password is introduced more than five times incorrectly, keeping only the cloud copy.

For the premium version, the subscription fee is $10 for each device it is used on.

1Password:

1Password is a top password manager for Windows, Mac OS X, Android and iOS that provides a master password for all your passwords. Unlike the others it does not autofill internet forms automatically and for password sync between devices, you will need to buy the premium version, for a one time fee of $50.

It has an audit feature that will tell you to change the weak or old passwords and permits you to save personal information in the Digital wallet.

KeePassX:

And there is KeePassX, which is a free and open-source password manager for Linux, Mac OS X and Windows. It gets security updates very often and supports plugins for expanding the app’s features.

It is compatible with a big number of password apps for mobile phones, but this provides that the user uploads its encrypted password file to the cloud, where it gets used by the other app. So, a little difficult, but syncing passwords between platforms is free.

Unlike the others, KeePassX is a little more difficult to use than the others, but it’s not rocket science after all.

Categories
Editorials and informational articles

How to set up strong passwords and remember them

In this article we will tell you the necessary rules for setting up right and strong passwords.

The most important rules are the following:

  • Passwords must have minimum 12 characters.
  • Passwords must contain a mix of numbers, symbols, capital letters and lower-case letters.
  • Passwords must not be created by dictionary words
  • Passwords that replace letters with numbers in obvious words are still now good, despite the fact that they respect the rules.

While 39fkddf!#$32d is a very good password, respecting all the rules, it cannot be remembered easily, and a good password written on a sticky note or on the phone is even worst than a bad passwords that can be easily remembered.

The best way to create (and remember) a secured password is to think of a phrase you can easily remember and use only the first letters of each words, replacing some of them with numbers.

E.g: The ZeroViruses blog is written by two tech ninjas who love cats and beer. -> t0Vbiwb2TNwlc4&b3

Another method of setting such a strong password is to choose for words which are not unrelated to one another and mix them up with symbols and numbers: house summer beer ninja -> h0sUmb33rN!nj4!

Even passwords created by this methods are very difficult to remember, so here come the passwords managers. Basically, password managers provide a centralized vault for all your passwords and autofill them, in the right text boxes.

I introduce you LastPass:

LastPass is probably the most popular free, cross-platform password manager application. It can be used on both desktop (running Windows, Linux or Mac OS X) and mobile (running Android or iOS).

Among others, it autocompletes your passwords on websites and introduces your personal information you use to fill your forms. It is also capable of generating random strong passwords and it stores them automatically for you in the vault, alerting the users when they need to change the password or when they use the same more than once.

While it is free to use, if you want to sync your passwords between your phone and desktop, you need to pay a $1 fee per month.

You can download LastPass for free, from the official website.

Categories
Hackers and hacks News

1Password offers a 100.000$ bounty to the hackers that can crack their password vault

As you may know, a bug bounty program is a deal offered by websites to individuals who report bugs and discover exploits and vulnerabilities in their sites. If the hackers manage to penetrate the systems, they get rewarded. So far, Facebook, Yahoo, Google, Reddit, Square and Microsoft have successfully implemented such programs.

AgileBits, the team behind 1Password has invited the hackers to hack their password security system, for a 100.000$ bounty. At first, the prize was 25.000$, but it has been raised four times since than.

In order to get the money, the hackers need to demonstrate they can crack the 1Password password vault. The company even offers details about the existent problems, so that the hackers have a starting point.

If you are interested in such programs and have the skills needed, you can search for ‘jobs’ on these two platforms:

We will keep you informed whether someone manages to get the big prize or not. For more information, see this article from BetaNews.

Categories
News Security solutions and antivirus software

Symantec blocks Windows 10 build 15055 Update – Here’s how to fix this

As you may know, Microsoft has released Windows 10 build 15055 lately, but it gets blocked by some antivirus software. For example, Symantec does not permit the download process to finish and the error does not provide too much information.

Microsoft has been working with Symantec to fix this and the latest virus definitions should have fixed it already. So, if you have security software from Norton, you need to keep it up to date in order to be able to use Windows Updates and to download the modifications brought by build 15055.

In order to get the build 15055, it is mandatory for the Symantec users to have the latest virus definitions before the download process starts. If the download fails, the users should update the antivirus, restart the computer and try again the Microsoft download.

This is Dona Sarkar’s (the head of the Windows Insider program) annoucement:

“If you have Symantec/Norton anti-virus software installed on your PC, you should no longer get an 0x80070228 error when attempting to download this build. Symantec released updated anti-virus definitions last week that fixes this issue. Please make sure your Symantec/Norton anti-virus software has the most up-to-date anti-virus definitions BEFORE taking trying to install today’s build,”

Off-topic: We gave Norton Security 2017 a test drive and we really enjoyed the security software. If you want a free 90 days trial of this antivirus software, follow the instructions in this article.

Categories
Hackers and hacks News

The Dark Web is shrinking

Due to the recent hack of Freedom Housing II, the Dark Web has shrunk with about 85%. While the previous OnionScan report showed 30.000 Dark Web services, today are about 4.400 left.

The Freedom Hosting II hack has taken place in February has took down about 20% of the Dark Web, but since then, the number of such websites started to decrease. After this, OnionScan reported that many Dark Net services were offline. Another reason for this decrease is the fact that the SIGAINT, the email client that provided anonymous email exchanges has been taken offline.

This is how the Onion sphere looks like in March 2017, according to OnionScan:

  • HTTP Detected – ~4000
  • TLS Detected – ~250 (In line with previous counts, unaffected by FHII)
  • SSH Detected – ~270 (much lower, mostly due to the FHII hack)
  • FTP Detected – < 10 (much lower, probably due to FHII)
  • SMTP Detected – < 100
  • VNC Detected – < 10
  • Bitcoin Nodes Detected – ~220 (much higher, likely because of better bitcoin capability in OnionScan)

Due to the fact that some hidden services were misconfigured a thousand unique IP addresses have been leaked.

As you may know, the Dark Web websites use .onion domains (which are not actually domain names) and are accessible only via Tor. All the .onion traffic is managed by Tor servers, in order to provide anonymity for the users.