background preloader

Tools for a Safer PC

Tools for a Safer PC
An important aspect of securing any system is the concept of “defense-in-depth,” or having multiple layers of security and not depending on any one approach or technology to block all attacks. Here are some links to tools and approaches that I have found useful in stopping malware from invading a PC. Your mileage may vary. Learn, Memorize, Practice the 3 Rules Follow Krebs’s 3 Basic Rules for online safety, and you will drastically reduce the chances of handing control over your computer to the bad guys. In short, 1) If you didn’t go looking for it, don’t install it; 2) If you installed, update it. 3) If you no longer need it, get rid of it! Keep Up-to-Date with Updates! It shouldn’t be this way, but the truth is that most software needs regular updating. Put a Leash on Javascript Most Web sites use JavaScript, a powerful scripting language that helps make sites interactive. Firefox has many extensions and add-ons that make surfing the Web a safer experience. Microsoft EMET Avast AVG Free Related:  Security

Awesome-Hacking/README.md at master · Hack-with-Github/Awesome-Hacking The Scrap Value of a Hacked PC, Revisited A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can’t begin to fathom why miscreants would want to hack into his PC. “I don’t bank online, I don’t store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk? I recently updated the graphic (below) to include some of the increasingly prevalent malicious uses for hacked PCs, including hostage attacks — such as ransomware — and reputation hijacking on social networking forums. Next time someone asks why miscreants might want to hack his PC, show him this diagram. One of the ideas I tried to get across with this image is that nearly every aspect of a hacked computer and a user’s online life can be and has been commoditized. Tags: Scrap Value of a Hacked PC

10 comandos interesantes para Linux Los administradores de sistemas y usuarios avanzados siempre echan mano de su querida línea de comandos o terminal para realizar tareas de una forma más rápida y eficiente. Sin embargo, aún muchos son reacios a utilizarla porque creen que es algo demasiado complejo. A continuación, vamos a dar un repaso a una serie de comandos destinados a ejecutarse desde una terminal (incluso remotamente, sin necesidad de disponer de una interfaz gráfica), realizando ciertas tareas en muy poco tiempo y apenas algo de esfuerzo. La mayoría de estos comandos son programas que se pueden instalar facilmente mediante apt-get install (o el gestor de paquetes de tu distribución). 1. Es posible que queramos monitorizar el consumo de la conexión a Internet por parte del equipo en el que estamos, conociendo así el ancho de banda consumido. sudo wondershaper eth0 1024 512 El ejemplo anterior limita la conexión a 1024kbps de bajada y 512kbps de subida. 3. 4. 5. Lynx eog `lynx --dump xkcd.com | egrep imgs.xkcd` w3m 6.

Join the fight against phishing Transmit Data Through Sound: Quiet This library uses liquid SDR to transmit data through sound. This makes it suitable for sending data across a 3.5mm headphone jack or via speaker and mic. Quiet can build standalone binaries for encoding/decoding data via .wav files or for streaming through your soundcard via PortAudio. Dependencies Liquid DSP Be sure to work from the devel branchlibfec (optional but strongly recommended)Janssonlibsndfile (optional)PortAudio (optional) Build With the dependencies installed, run . Profiles The encoding and decoding processes are controlled by the profiles in quiet-profiles.json. Cable For cable transmission, use the cable- profiles. Ultrasonic The ultrasonic- profiles encode data through a very low bitrate, but the audio content lies above 16kHz, which should pass through audio equipment relatively well while being inaudible to the average person. Javascript binding for libquiet Javascript binding for libquiet allows sending and receiving data via sound card from any browser. Compatibility Usage

Security Tools Last week’s article about how to prevent CryptoLocker ransomware attacks generated quite a bit of feedback and lots of questions from readers. For some answers — and since the malware itself has morphed significantly in just a few day’s time — I turned to Lawrence Abrams and his online help forum BleepingComputer.com, which have been following and warning about this scourge for several months. This message is left by CryptoLocker for victims whose antivirus software removes the file needed to pay the ransom. To recap, CryptoLocker is a diabolical new twist on an old scam. The malware encrypts all of the most important files on a victim PC — pictures, movie and music files, documents, etc. — as well as any files on attached or networked storage media. “They realized they’ve been leaving money on the table,” Abrams said. Part of the problem, according to Abrams, is that few victims even know about Bitcoins or MoneyPak, let alone how to obtain or use these payment mechanisms.

¿Cómo vencer el miedo? | Psicología Positiva, es hora de cambiar tu vida ¿Quién no ha sentido miedo alguna vez? Él hace su aparición cuando menos necesitamos que lo haga, con tan sólo unos pocos minutos en nuestra mente ya puede apoderarse de nosotros y cuando nos percatamos de su presencia, ya es demasiado tarde y él ya tiene el control absoluto. El miedo puede ser experimentado en diversas ocasiones, pero sin duda la más molesta es cuando se hace ver en aquellas circustancias donde más necesitamos nuestro valor. “Roberto” en una de sus sesiones, me comentó que era el mejor de su clase, tenía una de las escolaridades más altas de la universidad. Era un estudiante ejemplar, un verdadero ganador. Sus calificaciones le ofrecieron varias oportunidades laborales, oportunidades que una a una fue perdiendo, siempre por la misma razón. “Lucas” era un conquistador nato, todo un casanova, siempre obtenía a la chica que quería, nadie podía decirle que no. Este miedo molesto proviene de varias fuentes, una de ellas es nuestra infancia. ¿Cómo podemos superar el miedo?

Canary: The first smart home security device for everyone Our Indiegogo campaign has ended but you can still pre-order Canary at:canary.is Canary is a single device that contains an HD video camera and multiple sensors that track everything from motion, temperature and air quality to vibration, sound, and activity to help keep you, your family and your home safe. Controlled entirely from your iPhone or Android device, Canary alerts you when it senses anything out of the ordinary — from sudden temperature changes that can indicate a fire, to the sound and movement that could mean an intrusion. Instantly receive, view and act on the alerts wherever you are. Over time, Canary learns your home’s rhythms to send you smarter alerts. Canary is the smartest way to stay secure. "A new startup called Canary is about to launch what could revolutionize the home security business" – Technabob "Canary is easy on the eyes and the smartphone interface looks equally appealing." – The Next Web "Canary helps the internet of things take on home security" – GigaOM

TOR Mail Encrypted Server: OnionMail TOR Mail Encrypted Server for Hidden Services OnionMail is an anonymous, encrypted mail server made to run on TOR network without losing the ability to communicate with the Internet. All OnionMail servers are configured as TOR hidden services and use SSL (via STARTTLS). To use OnionMail all you need is an email client connected to the TOR network – Example: Claws-Mail or Thunderbird. All OnionMail servers are connected in a ‘federated network’. Thanks to the TOR network nobody can know: Who are you.With whom you are communicating.If you are communicating.What are you reading or writing.Where are you.Where is the server.What you are doing. List of some OnionMail’s functions: Multiple instances of server. Password key derivation via multiple keyfiles and passwords.Deleting files with wipe by default.Message headers filtering to hide informations and sigint.POP3 TLS Access.SMTP TLS Access.User’s parameters.Exit node selection to connect to internet.M.A.T.

Copier and MFD Security - Information Security Guide - Internet2 Wiki Skip to end of metadataGo to start of metadata Other Hot Topics: Cloud Computing Security | Cloud Data Storage Solutions | Community Based Security Awareness | Full Disk Encryption | Managing Malware | Mobile Device Security | Social Networking Security | Statewide Longitudinal Data Systems Eight Steps to Secure Your Copier or Multi-Function Device (MFD) Configure copiers, printers, and other multi-function devices securely. Configure the device with a static IP address, using RFC1918 (non-routable) addressing if possible. Additional Resources for Copier & Multifunction Device (MFD) Security Higher Education Resources Industry & Other Resources Questions or comments? Contact us. Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Técnicas sencillas para combatir el miedo y la ansiedad Todos sentimos miedo o ansiedad en algún momento, sin que necesariamente se trate de un trastorno psicológico, pero aún así son sentimientos desagradables que nos pueden jugar una mala pasada, como impedirnos rendir bien en un examen o entrevista de trabajo, o tener problemas al relacionarnos con otra persona. Estas son algunas técnicas sencillas y fáciles de utilizar en cualquier momento en que sientas miedo, ansiedad o cualquier otra emoción desagradable. 1. Conviértete en el observador . Consiste en observar desde fuera tu miedo o ansiedad, como si fueras un observador externo. Observa el efecto que produce en ti, tu corazón latiendo, tus palmas sudorosas, tus pensamientos surgiendo en tu mente, y todo lo que haya en ese momento en tu mente o en tu cuerpo, pero siempre situándote desde fuera, como si observaras la lluvia desde tu ventana. 2. 3. 4. 5. También te puede interesar:

Facebook’s ticker privacy scare, and what you should do about it Amongst the recent new changes to appear on Facebook, there is a "ticker" (a rolling real time list of what your friends are doing). Not everyone has received it yet, because it's on a staggered rollout, but millions have already seen it. You'll find it on the right hand side of your Facebook page, in the collapsible chat bar. It's smashing if you want to keep fully up-to-date with your friends' activity, but there is a problem with it. The ticker makes it very simple for you to eavesdrop when one of your Facebook friends says something to someone you've never heard of - and even see what the stranger originally wrote too. Testing shows that your privacy settings are working the same as they did before, providing you used them in the first place. The appalling enforced eavesdropping in the ticker (your friend said something to someone you've never heard of) is the result of the lax or non-existent settings of your friends, so here's the deal.. 1. Still baffled? Public Friends

Pattern Matching Swiss Knife: YARA YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic. Let’s see an example: The above rule is telling YARA that any file containing one of the three strings must be reported as silent_banker. Pattern Matching Swiss Knife: Installation Download the source tarball and get prepared for compiling it: tar -zxf yara-3.1.0.tar.gz cd yara-3.1.0 . YARA uses GNU autotools, so it’s compiled and installed in the standard way: . Some YARA’s features depends on the OpenSSL library. The following modules are not copiled into YARA by default: cuckoomagic If you plan to use them must pass the corresponding --enable-<module name> arguments to theconfigure script. For example: . Installing on Windows dummy my_first_rule

Security Metrics

Related: