MySQL Encryption at Rest – Part 2 (InnoDB)   
MySQL Encryption at RestWelcome to Part 2 in a series of blog posts on MySQL encryption at rest. This post covers InnoDB tablespace encryption. At Percona, we work with a number of clients that require strong security measures for PCI, HIPAA and PHI compliance, where data managed by MySQL needs to be encrypted “at rest.” As with all […]
          MarshallSoft dBase AES Library 4.1   
Visual dBase 256-bit AES encryption library
          Indeliblegain - Indeliblegain.com   
I'm not admin here!
QUOTE
Our program is intended for people willing to achieve their financial freedom but unable to do so because they're not financial experts.
indeliblegain.com is a long term high yield private loan program, backed up by Forex market trading and investing in various funds and activities. Profits from these investments are used to enhance our program and increase its stability for the long term.


Indeliblegain - indeliblegain.com

1% daily for 35 days
Plan Spent Amount ($) Daily Profit (%)
Plan 1 $5.00 - $100.00 0.45
Plan 2 $101.00 - $300.00 0.70
Plan 3 $301.00 - $500.00 1.00

2% daily for 35 days
Plan Spent Amount ($) Daily Profit (%)
Plan 1 $501.00 - $1500.00 1.30
Plan 2 $1501.00 - $3000.00 1.60
Plan 3 $3001.00 - $5000.00 2.00

3% daily for 35 days
Plan Spent Amount ($) Daily Profit (%)
Plan 1 $5001.00 - $7000.00 2.30
Plan 2 $7001.00 - $10000.00 2.65
Plan 3 $10001.00 - $50000.00 3.00

350% after 11 days
Plan Spent Amount ($) Profit (%)
Plan 1 $15000.00 - $50000.00 350.00

550% after 25 days
Plan Spent Amount ($) Profit (%)
Plan 1 $4500.00 - $50000.00 550.00

800% after 50 days
Plan Spent Amount ($) Profit (%)
Plan 1 $1000.00 - $50000.00 800.00

1100% after 100 days
Plan Spent Amount ($) Profit (%)
Plan 1 $100.00 - $50000.00 1100.00

QUOTE
SSL Encryption
DDos Protection
Licensed Script
Registrar ENOM, INC.
Created 2016-12-08
Expire 2018-12-08
NS NS1.INDELIBLEGAIN.COM NS2.INDELIBLEGAIN.COM
NS1.INDELIBLEGAIN.COM NS2.INDELIBLEGAIN.COM

Accept: PM

Join here: https://indeliblegain.com/
          Keeping Communications Private in the Age of Big Brother (a Practical HOWTO)   
I have decided to share with you something which I originally sent out to the key members of the Saker community: my recommendation on how to keep your private communications private in the age of “Big Brother” aka NSA, ECHELON, GCHQ, Unit 8200, etc. I have been interested in the topic of encryption for many...
          LuxNetwork picks Ciena    
Ciena announced that LuxNetwork of Luxembourg has selected its 6500 Packet-Optical Platform with integrated WaveLogic Encryption for a new 100 Gbit/s network designed to increase network capacity to support the growing bandwidth and security demands of the major financial sector companies, large enterprises and international wholesale customers.

LuxNetwork, a subsidiary of the NomoTech Group, specialises in providing high-speed, secure optical WAN connectivity to connect businesses to data centres and interconnect data centres. The service provider also offers a suite of managed services for enterprise customers and international telecom operators.

Operating its upgraded network that provides ten times the capacity of its previous system, LuxNetwork can offer higher-capacity services including 10 and 100 Gigabit Ethernet, 8 and 16 Gbit/s Fibre Channel, as well as encryption for protection of in-flight data. Additionally, enterprise and carrier customers are able to leverage dedicated, secure, high-bandwidth and scalable connectivity without the need to own the infrastructure.

The network upgrade will also allow LuxNetwork to consolidate and modernise its infrastructure and to realise operational efficiencies following the acquisition and integration of Telecom Luxembourg.



  • Last week, Ciena announced that Bouygues Telecom of France had selected the 6500 Packet-Optical Platform to enhance the efficiency, scalability and reliability of its network backhaul and aggregation infrastructure, as well as provide the foundation for its new SuperCore network.
  • The deployment was designed to increase capacity to 400 Gbit/s to support growing capacity demand and new high-bandwidth services, as well as allow Bouygues Telecom to expand its mobile and ISP offerings support future 5G services.


          IT Services Specialist II - Electronic Arts - Redwood City, CA   
MS Offce Suite, MS Visual Studio, Skype for Business, Oracle, OKTA, Adobe Suite, Cisco VPN, Virtual Machines, Data Encryption, Python, Tableau, Slack, Box, Maya...
From Electronic Arts - Tue, 13 Jun 2017 05:11:07 GMT - View all Redwood City, CA jobs
          Senior Sitecore Developer   
NJ-Park Ridge, RESPONSIBILITIES: Kforce has a client that is seeking a Senior Sitecore Developer in Park Ridge, New Jersey (NJ). Responsibilities: Participate in all aspects of application development and design including performance, scaling, coding, caching, security, encryption, state management, error logging and testing Work with development partners to implement and maintain applications Take a product thr
          AMD Ryzen PRO Family Announced With On-Chip Memory And Virtualization Encryption Engine   
AMD Ryzen PRO Family Announced With On-Chip Memory And Virtualization Encryption Engine AMD has been on a tear lately. After all of the hype and anticipation, AMD's Zen architecture has proven to be the real deal, and not just on the desktop. Last week saw the launch of AMD's EPYC 7000 series processors for data center servers, and now the chip designer is formally introducing its Ryzen PRO lineup. In case it its not clear at
          MarshallSoft FoxPro AES Library 4.1   
Visual FoxPro 256-bit AES encryption library
          Cryptsoft Extends Leadership in the Tape Storage Industry with Enterprise Licensee BDT Storage   

BRISBANE, Australia, June 29, 2017 /PRNewswire/ -- Cryptsoft, a leader in data encryption and key management technologies, today announced that BDT Storage GmbH (BDT) has signed an enterprise license for Cryptsoft's Key Management Interoperability Protocol (KMIP) technology. BDT will now...



          Re: crowbarDMG – Version 1.0   

What this does is call diskutil. You need to dig back to the old script based post. So no. I’m not a crypographer that can attack the encryption keys. This app was simply a learning project for xcode at the time. Doing the script you could attack a full disk rather than a dmg.


          MarshallSoft FoxPro AES Library 4.1   
Visual FoxPro 256-bit AES encryption library
          I got a message now what?   
I got to thinking while reviewing the latest Exchange Beta, "why make it easier to keep things in the Inbox?".

The Inbox is the most unstructured quagmire of information people manage (I would even argue over the OS file system). $.07 bet anyone? The fact that information is mainly intended to come inbound to an Inobx hampers activities such as content management, compliance and a litteny of others.

So...where in the new Exchange, functions such as autoarchiving, searching, routing control, encryption and auditing are important; the most important feature would be easily moving this data from my unstructured Inbox to a more structured application to be managed. We did the genesis of this a long time ago in Notes (e.g. move a message to a calendar entry or task or another db). I also know that the extensions in Notes and Outlook make this possible to program (i.e. we did this at Groove to move messages from Outlook to a Groove space but unfortunately that was taken away with the latest release). The point though is that this needs to be made easier for businesses to implement, should have more emphasis placed on it and should be more out of the box. Give me a generic target on disk where I can register something similar to an XSLT++ that defines a path, transport and data migration to move things from the Inbox to a target. Then allow me to embed that in the message window. Then for goodness sake ship some of them out of the box. Every messaging company has plenty of targets that they could pre-program.

More emphasis should be placed on the Inbox being viewed as a temporary holding spot instead of the eternal dumping ground. When things come in, act upon what needs action and place the information in the right context and then discard or archive what is left. Maybe it is that people get too many messages that makes this behavior unrealistic or maybe it is the fact that they have no other option but to just take the message and file it away.

I remember my mom used to tell me "when you have something in your hand it takes just as much work to put in the right place as the wrong place". Now I didn't buy into that much as a teenager. I only somewhat buy into it as an adult usually because I have to pick it up later anyway and that's the point! After someone opens, reads a message and puts it in a folder do you really think they are going to go back once a week and say "hmmm....what needs to be done with this to ensure compliance?". Someone needs to figure out the Interact/Act model to capture the users attention when they first open a message to say "this needs to be placed in context".
          Cisco Switch: How To Determine The SSH Version   
I was asked today how to determine what version of SSH you are running on your Cisco switching gear.  Two ways below.

cisco.stack#sh ssh
Connection Version Mode Encryption  Hmac         State                 Username
0          2.0     IN   aes256-cbc  hmac-sha1    Session started       shane
0          2.0     OUT  aes256-cbc  hmac-sha1    Session started       shane
%No SSHv1 server connections running.

cisco.stack#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 60 secs; Authentication retries: 2
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa {key}
cisco.stack#
          Cisco introduces new training and developer programs to accelerate adoption of intent-based networking   
Designed to be intuitive, Cisco's new network can recognize intent, mitigate threats through encryption, and learn over time LAS VEGAS, Cisco Live US — June 26, 2017 — Cisco today announced that its global ecosystem of customers, developers and partners are embracing the company's ambitious vision for a new era of networking. Unveiled last week, Cisco's new network can recognize intent, ...
          how to disable auto login wallet   
Hi, In a RAC database, I have a open keystore (wallet) with AUTOLOGIN. I would like to disable the AUTO LOGIN, but I am not sure of the correct procedure for that. select * from gv$encryption_wallet; WRL_TYPE WRL_PARAMETER ...
          VMware Tackles HCI Security with Unique Software-Defined Encryption   
Building a Secure Private Cloud with VMware vSAN Hyper Converged Architecture A financial firm recently shared with us that it was fending off 10,000 unauthorized hacking attempts per day.  A hospital shared their need to comply with the latest privacy regulations, and a transportation firm explained how decommissioned hard disk drives needed to be physically […]
          Acronis True Image 2016 19.0 Build 6595 Bootable ISO Multilingual | 537.2 Mb   
Acronis True Image 2016 19.0 Build 6595 Bootable ISO Multilingual | 537.2 Mb Acronis True Image 2016 - Protect your digital life with the #1 backup solution. Back up your entire computer including your operating system, applications and data, not just files and folders to an external hard drive or NAS. Restore backed up data including your operating system, application and all your data to your existing computer or an entirely separate piece of hardware, or restore specific data as needed. Industry's Fastest Backup and Recovery Up to 50% faster than the competition - save time and frustration with the industry's fastest backup and restore. Quick, Easy recovery Get your computer back to where it was at any given moment. Quickly restore from the cloud or your local storage with no need to reinstall your OS manually, or use any additional tools. Retention schemes and Advanced Backups Keep history of up to 20 last system states to roll back to different points in time whenever you need. Capture only changes made after an initial image backup, and save time and storage space. Security and Privacy Rest assured your data is safe with 256-bit encryption and a private, user-defined key. Flexible file recovery Choose only the files or folders you want to restore and get them back right away, without having to restore your entire system. Proven Backup Technology Millions of businesses and consumers worldwide trust the Acronis AnyData Engine - the most advanced backup technology. System Requirements: - Windows XP SP3 - Windows 7 SP1 (all editions) - Windows 8 (all editions) - Windows 8.1 (all editions) - Windows Home Server 2011 - Windows 10 - Windows Vista (all editions) is not supported What's new in Acronis True Image 2016: - Archiving. Free up disk space by smart archiving large or rarely used files to Acronis Cloud. - Online Dashboard. Protect multiple computers and mobile devices for yourself and your family, by using an online dashboard. - Mobile Backup. Back up your pictures, videos, contacts, and events from iPhones, iPads, Android smartphones and tablets, and Windows tablets, and transfer them to other devices. Back up Android Messages too! - Optimized Performance. Both local and online backups are now faster. Save time with the industry's fastest online backup and recovery - up to 50 percent faster than the competition. - Windows 10 Support. Optimized for the best Windows 10 experience. - Improved Backup Experience. Our team has been focused on delivering various improvements for your backup experience: redesigned and simplified backup creation and editing, easy backup naming, enhanced accessibility, improved keyboard support, and much more. - Multilingual Application. Easily change the language of your Acronis True Image. - Try&Decide is Back! Improved Try&Decide is available again. The Try&Decide feature allows you to create a secure, controlled, and temporary workspace on your computer without requiring you to install special virtualization software. Safely try new software, surf untrusted websites, or open suspicious files. - Multilingual boot media - Improved image recovery dialog - Improved "Too many activations" wizard - Bitlocker-encrypted partitions can now be backed up to Acronis Cloud - New login mechanism Home Page - http://www.acronis.com/ DOWNLOAD: http://nitroflare.com/view/6B2737931F8CD7D/vgv2b.rar
          Active Directory Administrator - (Boston)   
Job Description Job Description The successful candidate for this position will: Provide and maintain support for a robust and resilient infrastructure for DCMA's authorization and authentication requirements Maintain Support for the enterprise Active Directory environment and resolve any errors therein. Provide expertise on Active Directory integration and capacity planning May prepare and present management with reports on system availability, and communicate issues and recommended solutions in common terms to non-technical enterprise Active Directory stakeholders Function as a Senior Level Technical resource regarding Active Directory issues to messaging administrators, programmers, web developers, network security engineers, database analysts, field services technicians, network managers, and implementation teams Conduct Windows server administration Provide advanced trouble shooting of WSUS, DNS, DHCP, and IIS Diagnose and resolve production incidents in an analytical and methodical manner Build and maintain partnerships with agency and Active Directory support clients Develop, implement and update disaster recovery plans for supported systems Basic Qualifications Senior level experience managing large scale server environments Senior level experience troubleshooting server issues and diagnosing root cause of issue Knowledge of virtualization and server consolidation using VMware Virtual Infrastructure and associated tools. Must have in-depth experience in designing, managing, and supporting at a senior level: o Microsoft Active Directory infrastructure, including Hands-on experience administering Microsoft Active Directory o 2008/2012 in a multi-site and multi-domain organization o Microsoft WSUS infrastructure o ADFS infrastructure o DNS infrastructure o AD Replication Must be able to assess and review Enterprise server infrastructure, and take proactive measures to ensure continued stability, and assist in the development and/or revision of server based standards, guidelines and policies as determined by internal stake holders Must be able to Troubleshoot at a senior level issues with servers, server operating system and software, including experience troubleshooting issues in a high availability production environment, load balancers, disaster recovery and encryption Strong working knowledge of standards and protocols: TCP/IP, DNS, DHCP, WINS, SMTP, RPC, HTTPS; including knowledge of forest to forest trusts Scripting expertise on Windows Server 2008 – 2012 as well as knowledge of IIS and networking concepts, VPN’ s, etc. Must be willing to work on call and after hours to support Operations worldwide.
          Forum Post: RE: Change popup auto reboot time   
In your server navigate to Populations > Enterprise (if you want to change this for your entire organization) > File/Folder Encryption (FFE). Once in that policy area click "Show Advanced Settings" and scroll down to the User Experience section.
          The Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital Encryption   

          Senior Sitecore Developer   
NJ-Park Ridge, RESPONSIBILITIES: Kforce has a client that is seeking a Senior Sitecore Developer in Park Ridge, New Jersey (NJ). Responsibilities: Participate in all aspects of application development and design including performance, scaling, coding, caching, security, encryption, state management, error logging and testing Work with development partners to implement and maintain applications Take a product thr
          Sid Secure Messenger and File Transfer 0.8.7   
Sid is an secure messenger and file transfer with end-to-end encryption
          Folder Lock 7.7   
Folder Lock is a fast data encryption and password protection software for Windows. It can simultaneously encrypt, lock and password protect your files, folders, drives, USB drives and even CD/DVD-RW.
          vSAN Encryption, vSphere Replication and SRM – It just works!   

I’ve seen a few questions around this and I wanted to put together a quick post to put them to rest. Long story short, vSphere Replication and SRM work together the same with vSAN Encryption turned on as they do with it turned off. The reason for this is that vSAN encryption happens at the

The post vSAN Encryption, vSphere Replication and SRM – It just works! appeared first on Virtual Blocks.


          VMware Tackles HCI Security with Unique Software-Defined Encryption   

Building a Secure Private Cloud with VMware vSAN Hyper Converged Architecture A financial firm recently shared with us that it was fending off 10,000 unauthorized hacking attempts per day. A hospital shared their need to comply with the latest privacy regulations, and a transportation firm explained how decommissioned hard disk drives needed to be physically

The post VMware Tackles HCI Security with Unique Software-Defined Encryption appeared first on Virtual Blocks.


          AMD Ryzen PRO Family Announced With On-Chip Memory And Virtualization Encryption Engine   
AMD Ryzen PRO Family Announced With On-Chip Memory And Virtualization Encryption Engine AMD has been on a tear lately. After all of the hype and anticipation, AMD's Zen architecture has proven to be the real deal, and not just on the desktop. Last week saw the launch of AMD's EPYC 7000 series processors for data center servers, and now the chip designer is formally introducing its Ryzen PRO lineup. In case it its not clear at

          WSS4J/Axis2 API を使う: 第 1 回、WS-Security の署名と暗号化プロファイルを Axis2/Rampart の Web サービスに送信する   
Web サービスがセキュアに通信するために、また通信されるデータの正しさを保証するために、WS-Security 仕様ではいくつかのセキュリティー・プロファイルを規定しています。それらを使用することで、データの否認防止やデータの暗号化、ユーザー認証などを実現することができます。この記事では、WS-Security のプロファイル (UsernameToken、Timestamp、Signature、Encryption など) をどのようにして SOAP メッセージ・ヘッダーに含めて指定できるようにするのか説明します。
          FREAK vulnerability weakens secure Web sites   
(LiveHacking.Com) – FREAK (or ‘Factoring attack on RSA-EXPORT Keys’) is a newly disclosed vulnerability that can force browsers into using weaker encryption keys. Once the connection is using weaker keys then the traffic can be cracked relatively quickly. This then exposes all the information that was being sent over the secure connection. The vulnerability stems directly […]
          Apple release iOS 8.1 and Apple TV 7.0.1 with new security patches   
(LiveHacking.Com) – Apple has released iOS 8.1, primarily to activate Apple Pay, but also to patch five CVE-listed vulnerabilities including fixes for a Bluetooth flaw and  a fix for the infamous SSL 3.0 POODLE security vulnerability. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the moniker given to a flaw in the SSL 3.0 protocol. SSL 3.0 is […]
          Five Eyes Unlimited: What A Global Anti-Encryption Regime Could Look Like   
This week, the political heads of the intelligence services of Canada, New Zealand, Australia, the United Kingdom, and the United States (the "Five Eyes" alliance) met in Ottawa.  The Australian delegation entered the meeting saying publicly that they intended to "thwart the encryption of terrorist messaging." The final communiqué states more diplomatically that "Ministers and Attorneys General [...] noted that encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism. To address these issues, we committed to develop our engagement with communications and technology companies to explore shared solutions." What might their plan be? Is this yet another attempt to ban encryption? A combined effort to compel ISPs and Internet companies to weaken their secure products? At least one leader of a Five Eyes nation has been…
          Iperius Backup Full 4.9.4 DC 26.06.2017 Multilingual + Portable   
Iperius Backup Full 4.9.4 DC 26.06.2017 Multilingual + Portable | 9.8/9.9 Mb Iperius Backup is the perfect software to get the advantages of the many cloud storage services offered by well-known providers like Google or Microsoft. With a single application you will be able to easily save your files offsite to Google Drive, Dropbox or Microsoft SkyDrive. This backup task can be configured with a few clicks, and the result of this is the full security of automatic online backups, compressed and protected by an AES 256-bit encryption.
          OnlineShop 1.5   
Get more customers with your own online store! With this software you can setup your online store within a few minutes. You only have to enter a name and description for your products and make a few choices for the design and about the payment and shipping. All the rest will the software do for you! The software contains a logo creator. So you will be able to change the design for your needs. If you have html skills you will be able to change the templates and make them fit your needs perfectly. You do not need any server side scripts (no cgi, no php)! You can upload the html file to any website. The order form data will be submitted with 128 bit SSL encryption to the server.
          PDF Password Recovery 1.0.2   
Have you lost the password to remove the pdf encryption? Now you can not print or copy the content of your own pdf file? No problem! With PDF Password Recovery you can remove the password with one mouse click! New in this version: Support for 256 bit AES encryption
          is your website encrypted? (what’s an SSL certificate?)   

You know that little lock icon/green bar displayed next to the name of the website you're visiting? Have you ever wondered what needs to happen for that lock icon to display, and whether your website needs it? The padlock (and the use of "https" instead of simply "http") announces the presence of a Secure [...]

The post is your website encrypted? (what’s an SSL certificate?) appeared first on cyclone press.


          USN-3342-2: Linux kernel (HWE) vulnerabilities    

Ubuntu Security Notice USN-3342-2

29th June, 2017

linux-hwe vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.

USN-3333-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)

Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-4.8.0-58-lowlatency 4.8.0-58.63~16.04.1
linux-image-4.8.0-58-generic-lpae 4.8.0-58.63~16.04.1
linux-image-generic-hwe-16.04 4.8.0.58.29
linux-image-lowlatency-hwe-16.04 4.8.0.58.29
linux-image-4.8.0-58-generic 4.8.0-58.63~16.04.1
linux-image-generic-lpae-hwe-16.04 4.8.0.58.29

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242, LP: 1699772, https://www.ubuntu.com/usn/usn-3333-1


          Ubuntu Security Notice USN-3342-2   
Ubuntu Security Notice 3342-2 - USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
          OSB Cloud Module & S3 Server Side Encryption   
Hello,
...
          WIFI csengő Video HD IP kamera mobil riasztás - Jelenlegi ára: 23 375 Ft   
Main Functions: Brand new and high quality.
This is IP solution Doorbell Camera. It is adaptived Hi3518E chipset to make High resolution image up to 720P 1. 0 Megapixel HD video and images. You will enjoy this full HD vision.
All in one doorbell camera. It is a new generation and revolution compare with traditional doorbell. combining doorbell, interphone, cctv camera and alarm together to make a tiny unique desgin to save rooms and more devices. Only one doorcam would be fullfill all the funcitons, to bring you new kind of experience and live.
Wireless connection. Abandon all the wires and cables. You just need our doorcam and a smart phone(andriod or ios system )few second to connect then, you can see the video anywhere that your mobile under a wifi or network.
It is build in PIR and could be set several kind of alarm ways. realtime to alert your cellphone and you will know who would be in front of your door in real time.
Build in two way audio talk, whenever you are, you could talk with the person that ring your door bell and find a solution in remotely.
There is a sd card slot inside camera doorcam, you can insert a tf card up to 64gb for recording. please note the tf card is not included in this package
Build-in ir leds and dual IR-cut ot switch day or night automatically. the nigh vision is about 5M to 10M.
Reminder: The specific method of installation and use are described in detail in the specification.
ITEMS SPEC
Processor Hi3518E
Access Mode Scanning QR Code to get camera ID, search camera ID, type in camera ID
Control Protocol ONVIF 2. 0 protocol
P2P oversea P2P server
System Security Three access level user management
UID Technology Use API license encryption, high confidential
WiFi Setup Convenient and fast WiFi Setup by mobile phone
Storage Support Max 64GB TF card
Video
Video compression H. 264, Support three-stream
Resolution 720P
Sensor 1/4 inch 720p progressive scan CMOS sensor
Lens/View Angle 2. 8mm
Bit Rate CBR/VBR, output range: 128~4096kbps
Night Vision Dual IR-Cut filter auto switch, 10m IR distance
Audio
Compression format G711/AAC/ADPCM
Dual-Way-Audio Support
Network
Interface 1xRJ45 10/100M ethernet interface
Protocol TCP/IP, HTTP, TCP, UDP, SMTP, FTP, DHCP, DNS, DDNS, NTP, UpnP, RTSP, P2P etc.
Network Function Support Gmail/Yahoo Email alarm, FTP, support website update
Online visitor Support 4 users to watch online video synchronously
WiFi Standard Support IEEE 802. 11b/g/n
Alarm
Alert Way Support motion detection alarm, Email alert , upload image to FTP
Software
Monitor Software iOS(5. 0 or above), Android(2. 3 or above), IE, CMS(Windows)
Operation System Embedded Linux
Customization Support customized software in accordance with client's demand
Description: This product supports functions such as remote real-time video conversation, picture push, remote snapshot, remote recording, two-way audio, exception alert and remote unlocking.
2. when visitors touch the â? ścall buttonâ? ťin the door phone, the door phone camera will snap a picture of the visitor and send a call to your smart phone.
3. You can answer the call to enjoy the real time voice and video chatting with the visitors, and also take photos and record video of the visitors in the APP.
4. If the door phone connects to the electronic LOCK of your door, you can unlock the door with your smart phone. (Package does not include electronic LOCK)
5. If you miss any calls, you can check the records of visitors in your smart phone app.
Package Included: 1 x Power Interface Adapter Cable 2m
1 x Unlock Extended Cable 0. 5
1 x Screw
1 x Specification
1 x WIFI Video Doorbell
NO Retail Box. Packed Safely in Bubble Bag.
P072804
Vásárlással kapcsolatos fontos információk:
Köszöntjük oldalunkon!
Az adásvétel megkönnyítése érdekében, kérjük olvassa el vásárlási feltételeinket, melyeket rendelésével automatikusan elfogad.
Kedvezmény: Amennyiben termékeink közül minimum 50 db-ot vásárol, kedvezményt biztosítunk. Kérjük igényelje a kedvezményt ügyfélszolgálatunktól.
US hálózati csatlakozós termékeink esetén, külön rendelhető a termékeink között található US-EU átalakító adapter.
Fontos! Ha a leírásban NEM szerepel, hogy ? We dont offer color/pattern/size choice? (szín/minta/méret nem választható), akkor rendeléskor kérjük mindenképp írja bele a megjegyzés rovatba a kiválasztott színt/mintát/méretet, ellenkező esetben kollégáink véletlenszerűen postázzák. Ez esetben utólagos reklamációt nem fogadunk el.
Ahol a ? We dont offer color/pattern/size choice? kijelentés szerepel, sajnos nincs lehetőség szín/minta/méret kiválasztására. Ilyenkor kollégáink véletlenszerűen küldik a termékeket.
Kommunikáció: minden esetben kizárólag email-ben, mert így visszakövethetőek a beszélgetések.
Hibás termék: visszautaljuk a vételárat vagy újrapostázzuk a terméket megállapodástól függően, miután visszapostázta a megadott címre.
Visszautalás: a vételárat visszautaljuk, vagy a terméket újraküldjük ha nem érkezik meg a termék.
Ez esetben kérjük jelezze email-en keresztül, hogy megoldást találhassunk a problémára!
Garancia: 3 hónap! Amennyiben valóban hibás a termék, kérjük vegye fel velünk a kapcsolatot és kicseréljük vagy visszavásároljuk a terméket megegyezéstől függően.
Számlázás: Az elektronikus számlát (pdf. formátumú) Angliában regisztrált cégünk állítja ki, az ÁFA nem kimutatható, az utalás magyar céges számlánkra történik.
A szállítási idő: az összeg átutalása után 9-12 munkanap, de a postától függően előfordulhat a 25-35 munkanap is! A posta szállítási idejéért cégünk nem tud felelősséget vállalni, az említett szállítási idő tájékoztató jellegű!
Nagyon fontos! Kérjük ne vásároljanak akkor, ha nem tudják kivárni az esetleges 35 munkanap szállítási időt!
strong>Postázás: Termékeinket külföldről postázzuk.
Nagy raktárkészletünk miatt előfordulhat, hogy egy-két termék átmenetileg vagy véglegesen elfogy raktárunkból, erről mindenképp időben értesítjük és megfelelő megoldást kínálunk.
Utalás: Kizárólag átutalást (házibank, netbank) fogadunk el (bankszámláról bankszámlára),   Banki/Postai készpénz befizetést/Rózsaszín csekket ill. egyéb NEM!
Átutalásnál a rendelésszámot feltétlenül adja meg a közlemény rovatba, ellenkező esetben előfordulhat, hogy nem tudjuk visszakeresni a rendelését. Ebben az esetben nyilvánvalóan nem tudjuk a terméket postázni ill. Önt sem tudjuk értesíteni, hiszen nincs kiindulópontunk!
Fizetés/szállítás:
-2000Ft felett (postaköltséggel együtt) CSAK es KIZÁRÓLAG ajánlottan postázzuk a terméket az alábbiak szerint:
-Ajánlott posta esetén az első termékre a posta 890Ft , minden további 250 Ft/db.
- Sima Levélként 2000Ft alatt: az első termékre a posta 250Ft, minden további termék posta díja 250Ft/db.
Átvétel: azoknak a vásárlóknak akik nem veszik át a rendelt terméket a postától és visszaküldésre kerül a termék cégünkhöz, a postaköltség újbóli megfizetésével tudjuk csak újraküldeni, illetve amennyiben az összeget kéri vissza, a termékek árát tudjuk csak visszautalni, postaköltség nélkül. A termék átvétele az Ön felelőssége! Amennyiben a Mi hibánkból nem tudja átvenni, pl téves címzés miatt, így a postaköltség minket terhel.
Amennyiben a megrendelést követő 24 órán belül nem kap emailt tőlünk, ez azt jelenti, hogy az email cím (freemail és citromail esetén főleg) visszadobta a küldött email-t. Ilyenkor küldjön üzenetet egy másik e-mail címről.
Kellemes Vásárlást Kívánunk!
WIFI csengő Video HD IP kamera mobil riasztás
Jelenlegi ára: 23 375 Ft
Az aukció vége: 2017-07-01 03:01
          WIFI vezeték nélküli jeladó P2P 30fps Realtime Video - Jelenlegi ára: 11 475 Ft   
img alt="" src="http: //eachdesk. com/gallery3/30/f4/78058/078058-3-04. jpg" border="0" />
Features: WiFi transmission, no need router, no need internet.
Support iPhone, iPad, and Android phone.
Transmission distance with no obstacle 150meters.
The terminal shall support Android 2. 2 or above, and iOS shall support Version 4. 3 or above.
Easy installation.
Operations for Android(iOS) system client: 1. Search â? ťWIFI AVINâ? ť software from your google play(APP store), and install it.
2. Connect your phone with the camera by the WIFI named â? śWIFI AVINâ? ť.
3. Open the app â? śWIFI AVINâ? ť to get the video.
Specifications: Transmitting frequency: 2400MHz-2483. 5MH
Modem mode: 802. 11b: DSSS(CCK, DQPSK, DBPSK), 802. 11g/n: OFDM(BPSK, QPSK, 16QAM, 64QAM)
Transmission distance with no obstacle: >150m
Frame rate: 30fps
Video resolution: VGA
Video compression: H. 264
Wireless protocols: IEEE 802. 11b, IEEE 802. 11g, IEEE 802. n(1T1RModes)
Power supply: DC 12V
Consumption current: 150mA (Max)
Encryption mode: WPA2
Rainproof: Yes
Dimensions: 78*43*18mm
Operation tempreature: -10°C~+50°C
Operation humidity: 15%~85% RH
Applications: (For video transfer): 1. For Car reverse /backup system or CCTV camera system application.
2. For FPV system
Notice: When the background is black or the image is still, please exit the app, and check whether the wifi connection is normal. Then click again the app icon to enter into the software interface.
User could press the RESET button of the transmitter to renew the default factory SSID and password.
Package Included: 1 x Transmitter with Power & Video Cables
1 x Extent Power Cable
2 x Cable Ties
1 x Antenna
NO Retail Box. Packed Safely in Bubble Bag.
P066864
Vásárlással kapcsolatos fontos információk:
Köszöntjük oldalunkon!
Az adásvétel megkönnyítése érdekében, kérjük olvassa el vásárlási feltételeinket, melyeket rendelésével automatikusan elfogad.
Kedvezmény: Amennyiben termékeink közül minimum 50 db-ot vásárol, kedvezményt biztosítunk. Kérjük igényelje a kedvezményt ügyfélszolgálatunktól.
US hálózati csatlakozós termékeink esetén, külön rendelhető a termékeink között található US-EU átalakító adapter.
Fontos! Ha a leírásban NEM szerepel, hogy ? We dont offer color/pattern/size choice? (szín/minta/méret nem választható), akkor rendeléskor kérjük mindenképp írja bele a megjegyzés rovatba a kiválasztott színt/mintát/méretet, ellenkező esetben kollégáink véletlenszerűen postázzák. Ez esetben utólagos reklamációt nem fogadunk el.
Ahol a ? We dont offer color/pattern/size choice? kijelentés szerepel, sajnos nincs lehetőség szín/minta/méret kiválasztására. Ilyenkor kollégáink véletlenszerűen küldik a termékeket.
Kommunikáció: minden esetben kizárólag email-ben, mert így visszakövethetőek a beszélgetések.
Hibás termék: visszautaljuk a vételárat vagy újrapostázzuk a terméket megállapodástól függően, miután visszapostázta a megadott címre.
Visszautalás: a vételárat visszautaljuk, vagy a terméket újraküldjük ha nem érkezik meg a termék.
Ez esetben kérjük jelezze email-en keresztül, hogy megoldást találhassunk a problémára!
Garancia: 3 hónap! Amennyiben valóban hibás a termék, kérjük vegye fel velünk a kapcsolatot és kicseréljük vagy visszavásároljuk a terméket megegyezéstől függően.
Számlázás: Az elektronikus számlát (pdf. formátumú) Angliában regisztrált cégünk állítja ki, az ÁFA nem kimutatható, az utalás magyar céges számlánkra történik.
A szállítási idő: az összeg átutalása után 9-12 munkanap, de a postától függően előfordulhat a 25-35 munkanap is! A posta szállítási idejéért cégünk nem tud felelősséget vállalni, az említett szállítási idő tájékoztató jellegű!
Nagyon fontos! Kérjük ne vásároljanak akkor, ha nem tudják kivárni az esetleges 35 munkanap szállítási időt!
strong>Postázás: Termékeinket külföldről postázzuk.
Nagy raktárkészletünk miatt előfordulhat, hogy egy-két termék átmenetileg vagy véglegesen elfogy raktárunkból, erről mindenképp időben értesítjük és megfelelő megoldást kínálunk.
Utalás: Kizárólag átutalást (házibank, netbank) fogadunk el (bankszámláról bankszámlára),   Banki/Postai készpénz befizetést/Rózsaszín csekket ill. egyéb NEM!
Átutalásnál a rendelésszámot feltétlenül adja meg a közlemény rovatba, ellenkező esetben előfordulhat, hogy nem tudjuk visszakeresni a rendelését. Ebben az esetben nyilvánvalóan nem tudjuk a terméket postázni ill. Önt sem tudjuk értesíteni, hiszen nincs kiindulópontunk!
Fizetés/szállítás:
-2000Ft felett (postaköltséggel együtt) CSAK es KIZÁRÓLAG ajánlottan postázzuk a terméket az alábbiak szerint:
-Ajánlott posta esetén az első termékre a posta 890Ft , minden további 250 Ft/db.
- Sima Levélként 2000Ft alatt: az első termékre a posta 250Ft, minden további termék posta díja 250Ft/db.
Átvétel: azoknak a vásárlóknak akik nem veszik át a rendelt terméket a postától és visszaküldésre kerül a termék cégünkhöz, a postaköltség újbóli megfizetésével tudjuk csak újraküldeni, illetve amennyiben az összeget kéri vissza, a termékek árát tudjuk csak visszautalni, postaköltség nélkül. A termék átvétele az Ön felelőssége! Amennyiben a Mi hibánkból nem tudja átvenni, pl téves címzés miatt, így a postaköltség minket terhel.
Amennyiben a megrendelést követő 24 órán belül nem kap emailt tőlünk, ez azt jelenti, hogy az email cím (freemail és citromail esetén főleg) visszadobta a küldött email-t. Ilyenkor küldjön üzenetet egy másik e-mail címről.
Kellemes Vásárlást Kívánunk!
WIFI vezeték nélküli jeladó P2P 30fps Realtime Video
Jelenlegi ára: 11 475 Ft
Az aukció vége: 2017-07-01 03:00
          iPhone 4 Siri port made legally possible by Apple with iOS 5.0.1 update today   
Earlier today we reported that Apple’s iOS 5.0.1 update today was the first iPhone 4S firmware build that’s both official and has an accessible encryption key for its main file system, thus meaning that browsing the device’s main file system with your PC is now possible. From a later tweet by iOS hacker @MuscleNerd, it seems that Apple has made … Continue reading
          Cyber Security Volume I: Hackers Exposed for $15   
Learn How to Stop Hackers, Prevent Tracking, & Counter Government Surveillance
Expires May 20, 2022 23:59 PST
Buy now and get 87% off

KEY FEATURES

Internet security has never been as important as it is today with more information than ever being handled digitally around the globe. In the first course of this four volume bundle, you'll get an introduction to hacking and how to protect yourself and others. You'll develop an understanding of the threat and vulnerability landscape through threat modeling and risk assessments, and build a foundation for which to expand your security knowledge.

  • Access 117 lectures & 11 hours of content 24/7
  • Explore the Darknet, malware, exploit kits, phishing, zero day vulnerabilities, & more
  • Learn about global tracking & hacking infrastructures that nation states run
  • Understand the foundations of operating system security & privacy functionality
  • Get a crash course on encryption, how it can be bypassed, & what you can do to mitigate risks
  • Discover defenses against phishing, SMShing, vishing, identity theft, & other cons

PRODUCT SPECS

Details & Requirements

  • Length of time users can access this course: lifetime
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Compatibility

  • Internet required

THE EXPERT

Nathan House has over 24 years experience in cyber security where he has advised some of largest companies in the world, assuring security on multi-million and multi-billion pound projects. He is CEO of Station X, a cyber security consultancy. More recently Nathan acted as the lead security consultant on a number of the UK's mobile banking and payment solutions helping secure to date over £71Bn in transactions.

His clients have included; BP, ExxonMobil, Shell, Vodafone, VISA, T-mobile, GSK, COOP Banking Group, Royal Bank of Scotland, Natwest, Yorkshire bank, BG Group, BT, London 2012.

Over the years he has spoken at a number of security conferences, developed free security tools, and discovered serious security vulnerabilities in leading applications. Nathan's qualifications and education include:

  • BSc. (Hons) Computing 'Networks & Communication' 1st Class Honors
  • SCF : SABSA Charted Architect Foundation
  • CISSP : Certified Information Systems Security Professional
  • CISA : Certified Information Systems Auditor
  • CISM : Certified Information Security Manager
  • ISO 27001 Certified ISMS Lead Auditor
  • CEH : Certified Ethical Hacker
  • OSCP : Offensive Security Certified Professional

          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
webfork,
I'm beginning to think they've started celebrating the 4th over there at VeraCrypt;)

Earlier today I went to https://www.veracrypt.fr/en/Downloads.html
and version 1.20.3.4 was there, I downloaded it and it was 28661KB.

https://launchpadlibrarian.net/32613235 ... 201.20.exe

The file I downloaded stated such.

Now I stopped by there and it's back to version 1.19.

Maybe, 1.20 is buggy? Either the version is buggy or the developers need a vacation :)

Wishing you and everyone a safe and happy 4th of July :)
          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
There was Windows installer on SF when I updated the entry
Where do you think I get this link
Very strange
Maybe some critical bugs were spotted after release
Entry reverted
          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
Userfriendly wrote:
Wait for it to show up here https://www.veracrypt.fr/en/Downloads.html or https://launchpad.net/veracrypt/+download. Windows download isn't up on this page either. But I found a direct link elsewhere https://launchpadlibrarian.net/32613235 ... 201.20.exe

That's very odd. Adding a quick note to the entry.
          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
Userfriendly wrote:
Wait for it to show up here https://www.veracrypt.fr/en/Downloads.html or https://launchpad.net/veracrypt/+download. Windows download isn't up on this page either. But I found a direct link elsewhere https://launchpadlibrarian.net/32613235 ... 201.20.exe


Thanx for the link. I'll add it to my list.

I was basically baffled because other dl links were at SF for 1.20 but not for Windows.

I've been using this link when and if original link isn't available...
http://files.snapfiles.com/directdl/Ver ... 201.20.exe

I've not had any downloading problems at Snapfiles just in case it's on your do not dl from here list:)
          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
Wait for it to show up here https://www.veracrypt.fr/en/Downloads.html or https://launchpad.net/veracrypt/+download. Windows download isn't up on this page either. But I found a direct link elsewhere https://launchpadlibrarian.net/32613235 ... 201.20.exe
          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
Hi all,
Well, I'm baffled as to where the Windows download is.
abc, where did you find the Download link?
https://sourceforge.net/projects/veracr ... e/download

I've tried the link with several SF mirrors and no go.

Oh where oh where is the Windows 1.20 download link?

Anyone got the answer or suggestions. Whatever will solve the dilemma is fine :)
          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
billon wrote:

hi Bilion
thanks for the link
but i can't find the exe for windows

a screenshot
http://i.imgur.com/mfJVPRL.png
          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
@ giulia:

https://sourceforge.net/projects/veracrypt/files/VeraCrypt%201.20/
          Veracrypt - volume encryption (TrueCrypt Fork) {RE}   
hi
the site report that's a new version 1.2
but the in the homepage and link points to 1.19
https://www.veracrypt.fr/en/Downloads.html
          Looking Forward To Next 20 Years Of A Post-Reno Internet   

Earlier this week, we wrote a little bit about the 20th anniversary of a key case in internet history, Reno v. ACLU, and its important place in internet history. Without that ruling, the internet today would be extraordinarily different -- perhaps even unrecognizable. Mike Godwin, while perhaps best known for making sure his own obituary will mention Hitler, also played an important role in that case, and wrote up the following about his experience with the case, and what it means for the internet.

The internet we have today could have been very different, more like the over-the-air broadcast networks that still labor under broad federal regulatory authority while facing declining relevance.

But 20 years ago this week, the United States made a different choice when the U.S. Supreme Court handed down its 9-0 opinion in Reno v. American Civil Liberties Union, the case that established how fundamental free-speech principles like the First Amendment apply to the internet.

I think of Reno as "my case" because I'd been working toward First Amendment protections for the internet since my first days as a lawyer—the first staff lawyer for the Electronic Frontier Foundation (EFF), which was founded in 1990 by software entrepreneur Mitch Kapor and Grateful Dead lyricist John Perry Barlow. There are other lawyers and activists who feel the same possessiveness about the Reno case, most with justification. What we all have in common is the sense that, with the Supreme Court's endorsement of our approach to the internet as a free-expression medium, we succeeded in getting the legal framework more or less right.

We had argued that the internet—a new, disruptive and, to some large extent, unpredictable medium—deserved not only the free-speech guarantees of the traditional press, but also the same freedom of speech that each of us has as an individual. The Reno decision established that our government has no presumptive right to regulate internet speech. The federal government and state governments can limit free speech on the internet only in narrow types of cases, consistent with our constitutional framework. As Chris Hanson, the brilliant ACLU lawyer and advocate who led our team, recently put it: "We wanted to be sure the internet had the same strong First Amendment standards as books, not the weaker standards of broadcast television."

The decision also focused on the positive benefits this new medium had already brought to Americans and to the world. As one of the strategists for the case, I'd worked to frame this part of the argument with some care. I'd been a member of the Whole Earth 'Lectronic Link (the WELL) for more than five years and of many hobbyist computer forums (we called them bulletin-board systems or "BBSes") for a dozen years. In these early online systems—the precursors of today's social media like Facebook and Twitter—I believed I saw something new, a new form of community that encompassed both shared values and diversity of opinion. A few years before Reno v. ACLU—when I was a relatively young, newly minted lawyer—I'd felt compelled to try to figure out how these new communities work and how they might interact with traditional legal understandings in American law, including the "community standards" relevant to obscenity law and broadcasting law.

When EFF, ACLU and other organizations, companies, and individuals came together to file a constitutional challenge to the Communications Decency Act that President Bill Clinton signed as part of the Telecommunications Act of 1996, not everyone on our team saw this issue the way I did, at the outset. Hanson freely admits that "[w]hen we decided to bring the case, none of [ACLU's lead lawyers] had been online, and the ACLU did not have a website." Hanson had been skeptical of the value of including testimony about what we now call "social media" but more frequently back then referred to as "virtual communities." As he puts it:

"I proposed we drop testimony about the WELL — the social media site — on the grounds that the internet was about the static websites, not social media platforms where people communicate with each other. I was persuaded not to do that, and since I was monumentally wrong, I'm glad I was persuaded."

Online communities turned out to be vastly more important than many of the lawyers first realized. The internet's potential to bring us together meant just as much as the internet's capacity to publish dissenting, clashing and troubling voices. Justice John Paul Stevens, who wrote the Reno opinion, came to understand that community values were at stake, as well. In early sections of his opinion, Justice Stevens dutifully reasons through traditional "community standards" law, as would be relevant to obscenity and broadcasting cases. He eventually arrives at a conclusion that acknowledges that a larger community is threatened by broad internet-censorship provisions:

"We agree with the District Court's conclusion that the CDA places an unacceptably heavy burden on protected speech, and that the defenses do not constitute the sort of 'narrow tailoring; that will save an otherwise patently invalid unconstitutional provision. In Sable, 492 U. S., at 127, we remarked that the speech restriction at issue there amounted to ' 'burn[ing] the house to roast the pig.' ' The CDA, casting a far darker shadow over free speech, threatens to torch a large segment of the Internet community."

The opinion's recognition of "the Internet community" paved the way for the rich and expressive, but also divergent and sometime troubling internet speech and expression we have today.

Which leaves us with the question: now that we've had two decades of experience under a freedom-of-expression framework for the internet—one that has informed not just how we use the internet in the United States but also how other voices around the world use it—what do we now need to do to promote "the Internet community"?

In 2017, not everyone views the internet as an unalloyed blessing. Most recently, we've seen concern about whether Google facilitates copyright infringement, whether Twitter's political exchanges are little more than "outrage porn" and whether Facebook enables "hate speech." U.K. Prime Minister Theresa May, who is almost exactly the same age I am, seems to view the internet primarily as an enabler of terrorism.

Even though we're now a few decades into the internet revolution, my view is that it's still too early to make the call that the internet needs more censorship and government intervention. Instead, we need more protection of the free expression and online communities that we've come to expect. Part of that protection may come from some version of the network neutrality principles currently being debated at the Federal Communications Commission, although it may not be the version in place under today's FCC rules.

In my view, there are two additional things the internet community needs now. The first is both legal and technological guarantees of privacy, including through strong encryption. The second is universal access—including for lower-income demographics and populations in underserved areas and developing countries—that would enable everyone to particulate fully, not just as consumers but as contributors to our shared internet. For me, the best way to honor the 40th anniversary of Reno v. ACLU will be to make sure everybody is here on the internet to celebrate it.

Mike Godwin (mnemonic@gmail.com) is a senior fellow at R Street Institute. He formerly served as staff counsel for the Electronic Frontier Foundation and as general counsel for the Wikimedia Foundation, which operates Wikipedia.



Permalink | Comments | Email This Story

          Motorola MBP160 Digital Audio Baby Monitor   

The Motorola MBP160 Digital Audio Monitor uses DECT interference free technology that offers a strong wireless connection, which means better range and less chance of missing something important.

The high sensitivity microphone will reassure you that you hear every clear sound coming from your baby’s room, so you can be there when your little one needs you. You can adjust the volume of the sound to best suit your surroundings, so you can keep up with your little one.

The long range of up to 300 metres means that you are able to take your parent unit around your home without any audio distortion.

Features:

  • High sensitivity microphone
  • Visual sound level indicator
  • DECT interference free technology
  • Low battery alert
  • Maximum 300 metre range
  • Volume control
  • Secure data encryption

Regular Price: £39.99

£25.71


          Motorola MBP8 Digital Audio Monitor   

The Motorola MBP8 Digital Audio Monitor is a great choice if you’re looking for a simple, but effective solution to your baby monitoring needs.

The system relies on 1.8GHz DECT (Digitally Enhanced Cordless Telecommunications) technology to provide a fast and reliable connection between the baby and parent units and benefits from secure data encryption.

Featuring a 50 metre indoor range, complete with built in out-of-range warning and a Plug N Go system, that allows you to plug it straight into a socket without any complicated setup.

The baby unit acts as a night light for your child, to give them a sense of security and comfort in the dark.

The system is equipped with a high sensitivity microphone that picks up every sound and also benefits from an Eco Mode for reducing power consumption.

Both the baby and parent unit plug directly into a socket.

motorolano1a.jpg

Regular Price: £28.99

£25.00


          Motorola MBP36S Video Baby Monitor    

1 year warranty included


 

Key Features of the Motorola MBP36S

3.5-inch LCD Colour screen

2.4 GHz FHSS technology

Two-way communication

Infrared night vision

Room temperature monitor

Data encryption for security

Camera features 300-degree Pan, Tilt, and Zoom

Up to 200 metres range

Out-of-range warning

Features five built-in lullabies

 

 

The Motorola MBP36S Digital Video Baby Monitor has a large 3.5" LCD colour screen which offers real-time video and sound from your baby's room and features infrared night vision, making the monitor perfect for use at night.

The MBP36S benefits from a 300-degree motorised pan, tilt and 2x zoom function that can be controlled remotely from the parent unit and has a comfortable 200 metre range that features an out-of-range warning to provide extra reassurance as you move around your home. 

 A 2-way speaker system allows you to hear your baby clearly, and gives you the option to comfort and sooth your baby through the unit.

You can ensure that your baby’s room never gets too hot or cold, thanks to the room temperature sensor which is displayed on the LCD display and the five built in lullabies are perfect for helping to sooth your baby to sleep.

When being used in battery mode, the screen will go blank after two minutes of inactivity, at which point the unit enters a power saving mode.

 

 

Awards:

 

Regular Price: £159.99

£114.99


          Motorola MBP36S Baby Monitor & Babysense 5 Breathing Monitor Bundle   
Key Features of the Babysense Key Features of the MBP36S
  • 2 Sensor pads
  • High pitch alarm
  • Indicates loss or partial loss of breathe
  • Alarm sounds after 20 second of no movement
  • Alarm also sounds if the sensors detect less than 10 movements a minute
  • parent unit fits directly on to the cot
  • Can be used in cots, cribs or Moses baskets
  • Use 1 or 2 pads depending on situation
  • 3.5 inch Colour LCD screen
  • 2.4 GHz FHSS technology
  • Two-way communication
  • Infrared night vision
  • 5 LED alerts for sound-activated lights
  • Room temperature monitor
  • Data encryption for security
  • Pan, tilt, and zoom
  • Up to 200 metres range
  • Out-of-range warning
  • Five lullabies built in

The BabySense 5 Sensor Matt Monitor uses modern Technology to ensure your baby is kept safe at night. The monitor incorporates 2 high quality sensor pads which fit directly under your baby's mattress, these detect the movement created by the rise & fall of the chest. If no movement is detected after 20 seconds the monitor will sound a high pitch alarm waking both you and your baby, the alarm will also sound if the sensors detect less than 10 movements a minute as this indicates partial loss of breathe.The monitor has been designed to use either 1 or 2 of the sensor pads provided, they fit directly under your baby's mattress laying on the base of the bed, the two pads ensure maximum surface area is covered.

 

The Motorola's MBP36S Digital Video Baby Monitor has a 3.5" LCD screen which offers perfect sound clarity and shows real-time video and sound in your baby's room.  The MBP36S has 200 metres with an out-of-range warning which allows you to move around the house or the garden comfortable. The Video Monitor will give you the reassurance that your child is resting peacefully and equipped with infrared night vision means you can also stay in touch with what's going in your baby's room without any lights on.

The MBP36S also features two-way communication, so you can speak or sing to your baby remotely or communicate with a partner in the room. The MBP36S's is also equipped with a room temperature sensor which is reported on the receiver's LCD display and five polyphonic lullabies to lull your child to sleep.

Regular Price: £229.99

£179.99


          Swann IP-3G ConnectCam 500 Wireless Baby Monitor   

The Swann IP-3G ConnectCam 500 WiFi Baby Monitor is a compact, cost-effective solution for indoor surveillance and remote monitoring during daytime. It offers excellent bandwidth efficiency and image quality.

With the flexibility to operate the camera with or without a network cable the ConnectCam can be placed anywhere within your 802.11b/g wireless network range. Utilising SSID filtering and powerful 64/128 bit WEP encryption, the ConnectCam helps to protect your wireless network camera from illegal intrusion.

Please note there is no microphone on this camera.

Regular Price: £102.99

£99.90


          Comment on FMS.NEXT Feature Open Thread by Robert M. Hall   
Here are some requests for FMS that relate more to music streaming and the player itself:1) The ability to handle all non-standard sampling rates in MP3's (odd rates, and MP3 Pro headers) that otherwise produce the "chipmunk" effect.2) Better calculation of the duration of VBR mp3's - currently it can be way off and using CBR mp3's is not the most efficient use of bandwidth/resources.3) Support for more ID3 tags - including retrieving image data - there are some nice AS3 based solutions - but it would be great if the FMS server could return that info as native objects or as bitmap data directly.4) Dynamic VBR streaming of MP3 data from .wav and .aiff sources and live data sources (alternative to nelly moser for live audio)5) Licensing model just for streaming audio6) Licensing model just for streaming out videos7) Licensing model just for streaming media (audio/video) without other features8) Plugable encryption for securing streams - IE: we can plug in our own routine in AS2.0 or AS3.0 for byte encryption on server and client side.9) Multiple audio tracks synched to one video source10) Multiple video tracks synched to one audio source - ie multiplexed and muxed streaming of multiple assets through one netstream11) More documentation with more examples on real world usage12) Standardized framework for allowing CDN networks deploying FMS to provide server side AS or a subset of server side AS scripts to CDN service subscribers that is easy to manage and push out to all edge servers. IE: autosync to all servers from one app source, with granular control over server side AS.More to come...Thanks!Rob
          Switel BCF900 Digital Video Monitor 3.5"    

Switel SCF900 Video Digital Baby Monitor has a large 3.5" screen which makes seeing your beautiful baby so easy. With high specifications such as an eco-friendly auto shut off mode, night vision, and lullabies which help soothe your baby to sleep. Switel is part of Swiss Telecom a premium brand priding themselves on making some of the highest quality communication products and the Switel BCF900 Video Baby Monitor is no exception. The Switel vertical Pivoting Camera will sit nicely in the baby room or nursery and has a low glow nightlight with built in night vision. You can also run the Baby Unit on batteries for added portability.

Specifications and Features:

  • 3.5" High Definition screen on parent unit
  • Digital sound 
  • Full Encryption for maximum privacy
  • Multi Channel can take up to 4 cameras
  • Mains or Battery Operation
  • Battery Pack and Charger for Parent Unit (baby unit requires AA batteries)
  • 3 Lullabies
  • 2 way communication Talk-Back
  • Night Light operates Manually or Auto and can be Sound Acivated
  • VOX - you can select continuous or AUTO monitoring
  • Manual or AUTO Nightlight

This product is delivered free to most UK addresses

 

Regular Price: £179.99

£135.07


          Mattias Geniar: Ways in which the WannaCry ransomware could have been much worse   

The post Ways in which the WannaCry ransomware could have been much worse appeared first on ma.ttias.be.

If you're in tech, you will have heard about the WannaCry/WannaCrypt ransomware doing the rounds. The infection started on Friday May 12th 2017 by exploiting MS17-010, a Windows Samba File Sharing vulnerability. The virus exploited a known vulnerability, installed a cryptolocker and extorted the owner of the Windows machine to pay ransom to get the files decrypted.

As far as worms go, this one went viral at an unprecedented scale.

But there are some design decisions in this cryptolocker that prevent it from being much worse. This post is a thought exercise, the next vulnerability will probably implement one of these methods. Make sure you're prepared.

Time based encryption

This WannaCry ransomware found the security vulnerability, installed the cryptolocker and immediately started encrypting the files.

Imagine the following scenario;

  • Day 1: worm goes round and infects vulnerable SMB, installs backdoor, keeps quiet, infects other machines
  • Day 14: worm activates itself, starts encrypting files

With WannaCrypt, it took a few hours to reach world-scale infections, alerting everyone and their grandmother that something big was going on. Mainstream media picked up on it. Train stations showed cryptolocker screens. Everyone started patching. What if the worm gets a few days head start?

By keeping quiet, the attacker risks getting caught, but in many cases this can be avoided by excluding known IPv4 networks for banks or government organizations. How many small businesses or large organizations do you think would notice a sudden extra running .exe in the background? Not enough to trigger world-wide coverage, I bet.

Self-destructing files

A variation to the scenario above;

  • Day 1: worm goes round, exploits SMB vulnerability, encrypts each file, but still allows files to remain opened (1)
  • Day 30: worm activates itself, removes decryption key for file access and prompts for payment

How are your back-ups at that point? All files on the machine have some kind of hidden time bomb in them. Every version of that file you have in back-up is affected. The longer they can keep that hidden, the bigger the damage.

More variations of this exist, with Excel or VBA macro's etc, and all boil down to: modify the file, render it unusable unless proper identification is shown.

(1) This should be possible with shortcuts to the files, first opening some kind of wrapper-script to decrypt the files before they launch. Decryption key is stored in memory and re-requested whenever the machine reboots, from its Command & Control servers.

Extortion with your friends

The current scheme is: your files get encrypted, you can pay to get your files back.

What if it's not your own files you're responsible for? What if are the files of your colleagues, family or friends? What if you had to pay 300$ to recover the files from someone you know?

Peer pressure works, especially if the blame angle is played. It's your fault someone you know got infected. Do you feel responsible at that point? Would that make you pay?

From a technical POV, it's tricky but not impossible to identify known associates for a victim. This could only happen a smaller scale, but might yield bigger rewards?

Cryptolocker + Windows Update DDoS?

Roughly 200.000 affected Windows PCs have been caught online. There are probably a lot more, that haven't made it to the online reports yet. Those are quite a few PCs to have control over, as an attacker.

The media is now jumping on the news, urging everyone to update. What if the 200k infected machines were to launch an effective DDoS against the Windows Update servers? With everyone trying to update, the possible targets are lowering every hour.

If you could effectively take down the means with which users can protect themselves, you can create bigger chaos and a bigger market to infect.

The next cryptolocker isn't going to be "just" a cryptolocker, in all likeliness it'll combine its encryption capacities with even more damaging means.

Stay safe

How to prevent any of these?

  1. Enable auto-updates on all your systems (!!)
  2. Have frequent back-ups, store them long enough

Want more details? Check out my earlier post: Staying Safe Online – A short guide for non-technical people.

The post Ways in which the WannaCry ransomware could have been much worse appeared first on ma.ttias.be.


          Verizon to launch Samsung ATIV Odyssey Windows Phone 8   
Verizon Samsung ATIV Odyssey

Samsung announced that the Samsung ATIV Odyssey will be available in the coming weeks at Verizon Wireless Communications Stores and online. The ATIV Odyssey boasts a 4-inch Super AMOLED touchscreen display (800x480) and is equipped with a 1.5 GHz dual-core running Windows Phone 8 operating system. It features a 5-megapixel rear-facing camera with LED flash, full 1080p recording and 1080p playback,1.2MP Front-facing camera, WiFi, 1GB of RAM, 8GB of on-board storage (supports up to 64GB microSD card) and 2100 mAh battery.

Other features include - unique Samsung sharing applications such as Photo Editor, Mini Diary and Now, an application that provides weather, news, stock and currency updates instantly.

The ATIV Odyssey is enterprise ready with enhanced security features to offer customers an extremely powerful business tool that keeps sensitive company data secure. Security solutions include advanced Microsoft Exchange ActiveSync features and policy control and on-device AES 256-bit encryption.


          O CANADA AVOIDS GENDER NEUTRAL LIBERAL POLITICALLY CORRECT REDICULAS NONESENSE UNTILL NEXT YEAR AT LEAST.   
JEWISH KING JESUS IS COMING AT THE RAPTURE FOR US IN THE CLOUDS-DON'T MISS IT FOR THE WORLD.THE BIBLE TAKEN LITERALLY- WHEN THE PLAIN SENSE MAKES GOOD SENSE-SEEK NO OTHER SENSE-LEST YOU END UP IN NONSENSE.GET SAVED NOW- CALL ON JESUS TODAY.THE ONLY SAVIOR OF THE WHOLE EARTH - NO OTHER. 1 COR 15:23-JESUS THE FIRST FRUITS-CHRISTIANS RAPTURED TO JESUS-FIRST FRUITS OF THE SPIRIT-23 But every man in his own order: Christ the firstfruits; afterward they that are Christ’s at his coming.ROMANS 8:23 And not only they, but ourselves also, which have the firstfruits of the Spirit, even we ourselves groan within ourselves, waiting for the adoption, to wit, the redemption of our body.(THE PRE-TRIB RAPTURE)

Dreams of a gender-neutral O Canada are over — for now-[CBC]-YAHOONEWS-June 28, 2017

Canadians will not be singing a gender-neutral national anthem on Canada Day after a bill before Parliament to officially change the lyrics has stalled.The House of Commons overwhelmingly passed a private member's bill last summer that would alter the national anthem by replacing "in all thy sons command" with "in all of us command" as part of a push to strike gendered language from O Canada.Although the bill sailed through the House with government approval, Conservative senators opposed to the changes have scored a victory in the Red Chamber. A yearlong campaign successfully punted a vote on the bill until the fall, at the earliest, and even then the legislation faces an uncertain future."I'm trying to protect the tradition rather than, you know, water it down with a politically correct version that is historically inaccurate," Conservative Senator David Wells said in an interview with CBC News on Tuesday."I don't misrepresent why I'm [using parliamentary stall tactics] … I don't like this bill, and I will do what I can to ensure it doesn't pass."Wells and a number of other senators have said they oppose efforts to tinker with the lyrics written by a man long dead.(The lyrics have been changed since they were first penned by Robert Stanley Weir in 1908, but not since O Canada officially became the country's national anthem in 1980.) The late Liberal MP Mauril Bélanger introduced the bill, and many MPs backed the legislation as a salute to a colleague on his death bed."The bill was passed in the House compassionately and out of sadness for a dying colleague. While that is touching, it is not the way we make public policy in this country and it is not the way we do our legislation," Ontario Conservative Senator Lynn Beyak said.A flurry of amendments were introduced to the bill in the last few weeks of the parliamentary sitting — all failed to pass in the face of opposition from most Liberal and Independent senators — which dragged out debate considerably. Parliament rose for summer break before a final vote at third reading could be held.Ramona Lumpkin, the chancellor of Mount Saint Vincent University in Halifax, and a strong proponent of the bill, said she was deeply disappointed by the developments."We're so close and I really regret that there are a few senators who seem to have dug in and decided to delay. I hope it's not a permanent block," said Lumpkin, in an interview with CBC News."It's not as if the words were brought down from Mount Sinai on stone tablets like the Ten Commandments, they are words created by humans and subject to change as our social and cultural conditions change, and thank goodness they do," she said.Wells said national symbols cannot be altered to simply adhere to the "flavour of the day." He said Canadians were not consulted by the government and that there hasn't been an adequate conversation about a fairly significant change."I'll be working my hardest to delay this bill until there's a full debate," he said. "I get a lot of emails, and many comments to me personally, from people who don't want to see the anthem change, who see it as a part of our tradition and who see this attempt to change it as political correctness run amok. It is a slippery slope. Calls for inclusion will always be there, but my belief is all Canadians are already included in the national anthem."He said pictures adorning the walls of the Senate depict men in combat during the First World War. "Would we now airbrush females into those pictures to accurately reflect what it might be today with those pieces of Canadians' history? My answer is no, that would be an abomination, and I think that's what it is with the anthem as well."If the bill is amended in the Senate it would be sent back to the House for another vote. As per parliamentary rules, because Bélanger is dead, MPs will have to unanimously agree to replace him as sponsor or the bill drops from the order paper; that is unlikely given entrenched opposition from some corners of the chamber."That worries me," Lumpkin said. "I know language matters and I talk to students and young women regularly who still feel their voice doesn't carry as strong as the voice of their male friends. I think the gesture, even though it's symbolic, would say a lot to those young women."The Liberal government could also choose to introduce legislation of its own — with the same wording — to avoid some of the problems that often befall private member's bills; namely, the government could invoke time allocation to prevent procedural time delays.

DANIEL 7:23-24
23 Thus he said, The fourth beast (EU,REVIVED ROME) shall be the fourth kingdom upon earth,(7TH WORLD EMPIRE) which shall be diverse from all kingdoms, and shall devour the whole earth, and shall tread it down, and break it in pieces.(TRADING BLOCKS-10 WORLD REGIONS/TRADE BLOCS)
24 And the ten horns out of this kingdom are ten kings(10 NATIONS-10 WORLD DIVISION WORLD GOVERNMENT) that shall arise: and another shall rise after them; and he shall be diverse from the first, and he shall subdue three kings.(EITHER THE EUROPEAN UNION DICTATOR BOOTS 3 COUNTRIES FROM THE EU OR THE DICTATOR TAKES OVER THE WORLD ECONOMY BY CONTROLLING 3 WORLD TRADE BLOCS)

REVELATION 17:9-13
9 And here is the mind which hath wisdom. The seven heads are seven mountains, on which the woman sitteth.(THE VATICAN IS BUILT ON 7 HILLS OR MOUNTAINS)
10 And there are seven kings: five are fallen,(1-ASSYRIA,2-EGYPT,3-BABYLON,4-MEDO-PERSIA,5-GREECE) and one is,(IN POWER IN JOHNS AND JESUS DAY-6-ROME) and the other is not yet come; and when he cometh, he must continue a short space.(7TH-REVIVED ROMAN EMPIRE OR THE EUROPEAN UNION TODAY AND THE SHORT SPACE IS-7 YEARS.THE EUROPEAN UNION WILL HAVE WORLD CONTROL FOR THE LAST 3 1/2 YEARS.BUT WILL HAVE ITS MIGHTY WORLD POWER FOR THE FULL 7 YEARS OF THE 7 YEAR TRIBULATION PERIOD.AND THE WORLD DICTATOR WILL BE THE BEAST FROM THE EU.AND THE VATICAN POPE WILL BE THE WHORE THAT RIDES THE EUROPEAN UNION TO POWER.AND THE 2 EUROPEAN UNION POWER FREAKS WILL CONTROL AND DECIEVE THE WHOLE EARTH INTO THEIR DESTRUCTION.IF YOU ARE NOT SAVED BY THE BLOOD OF JESUS.YOU WILL BE DECIEVED BY THESE TWO.THE WORLD POLITICIAN-THE EUROPEAN UNION DICTATOR.AND THE FALSE PROPHET THAT DEFECTS CHRISTIANITY-THE FALSE VATICAN POPE.
11 And the beast that was, and is not, even he is the eighth, and is of the seven, and goeth into perdition.
12 And the ten horns which thou sawest are ten kings, which have received no kingdom as yet; but receive power as kings one hour with the beast.
13 These have one mind, and shall give their power and strength unto the beast.

Heres the scripture 1 week = 7 yrs Genesis 29:27-29
27 Fulfil her week, and we will give thee this also for the service which thou shalt serve with me yet seven other years.
28 And Jacob did so, and fulfilled her week:(7 YEARS) and he gave him Rachel his daughter to wife also.
29 And Laban gave to Rachel his daughter Bilhah his handmaid to be her maid.

DANIEL 9:26-27
26 And after threescore and two weeks(62X7=434 YEARS+7X7=49 YEARS=TOTAL OF 69 WEEKS OR 483 YRS) shall Messiah be cut off, but not for himself: and the people of the prince that shall come shall destroy the city and the sanctuary;(ROMAN LEADERS DESTROYED THE 2ND TEMPLE) and the end thereof shall be with a flood, and unto the end of the war desolations are determined.(THERE HAS TO BE 70 WEEKS OR 490 YRS TO FUFILL THE VISION AND PROPHECY OF DAN 9:24).(THE NEXT VERSE IS THAT 7 YR WEEK OR (70TH FINAL WEEK).
27 And he ( THE ROMAN,EU PRESIDENT) shall confirm the covenant (PEACE TREATY) with many for one week:(1X7=7 YEARS) and in the midst of the week he shall cause the sacrifice and the oblation to cease,(3 1/2 yrs in TEMPLE ANIMAL SACRIFICES STOPPED) and for the overspreading of abominations he shall make it desolate, even until the consummation, and that determined shall be poured upon the desolate.

Opinion-G20 is 'test run' for Trump-era climate governance By Simon Schunz-euobserver

BRUSSELS, 27. Jun, 09:06-Weeks after US president Donald Trump announced the US' withdrawal from the Paris climate agreement, the debate is still raging on in regard to the possible implications of his decision.Some fear a global domino effect, with more countries renouncing climate protection pledges and ceasing domestic emission reduction efforts.Others argue that the Paris accord's architecture is sufficiently resilient, and that efforts to keep global temperature increases to "well below 2°C" – as stipulated by the agreement – will endure.Activities at the sub-national level in the US also seem to support the argument that the agreement will prevail and domestic opponents of Trump’s decision have mobilised remarkably quickly.Cities and states with progressive climate policies joined forces across the US, committing themselves to honouring the Paris agreement.For instance, support came via the bipartisan "US Climate Alliance" of states – including heavyweights such as California and New York – and the "We Are Still In" initiative, which involves hundreds of businesses, investors, and institutes of higher education.Moreover, these sub-national players are linking up with leading nations to create innovative climate diplomacy networks: California and China have held talks to collaborate on emission reduction efforts, while several US states have intensified climate cooperation with Canada.Though these developments enhance the Paris agreement’s chances of survival, they will not be enough.Fight for survival-The resilience of the agreement hinges on how other major emitters will react to Trump’s break.To pursue effective global climate governance, these countries must repeat the steps taken in the run-up to the 2015 Paris climate meeting, where a strategy of "multiple bilateralism" between US-China, China-India and China-EU (among others) served to build trust and resolve crunch issues.The emerging consensus among key emitters was translated into cooperation in the world’s club governance fora (G7, G20) and fed into the multilateral negotiations, leading to the Paris agreement’s ultimate entry into force.True to this spirit, six members (plus the EU) were already pressuring the US to remain committed to the Paris agreement at the recent G7 summit in Sicily. Not that it seemed to do much good, as Trump withdrew from the climate pact a few days later.The next litmus test for effective global climate governance comes in July, when leaders from countries accounting for 80% of global emissions meet for the G20 summit in Hamburg, Germany, on 7-8 July.With the US thrusting itself into isolation, the German G20 presidency will seek to gather the broadest possible support for the Paris agreement.But a question remains: is a G20 entente possible? It might be, if others show the way.Climate leaders-From the G7, the EU and Canada display the clearest leadership ambitions.EU heavyweights have signalled their "strongest commitment" to uphold their pledges to combat climate change.In his reaction to Trump’s Paris exit, Canada's prime minister, Justin Trudeau, confirmed his country's "unwavering commitment to fight climate change".The Canadian government has also vehemently denied recent reports that Trudeau wished to scrap references to climate from the draft G20 declaration, in order to appease the US government.But leaders need followers. And whether followers can be mobilised depends on how G20 members define their interests – economically and politically.Economically, many G20 countries appear to believe the energy transition – accelerated by the Paris Agreement – must continue.Investing in low-carbon development is no longer seen as a burden on growth prospects. If anything, there is a growing consensus that Trump’s decision will put the US at risk of lagging behind technologically.Politically, the relationship between G20 countries and the US (particularly the Trump administration) is tricky.Are countries like Australia, Japan, Turkey and the UK willing to risk relations with the president of a key ally by adopting a confrontational attitude over climate change? The answer depends heavily on whether the German G20 presidency can dispel their concerns by convincingly demonstrating that the world is changing – because it is.-Changing world-At an EU-China summit the day after Trump’s announcement, a draft joint declaration on climate change characterised the Paris Agreement as “an historic achievement further accelerating the irreversible global low greenhouse gas emission and climate resilient development” and outlined numerous joint actions.Although it was ultimately withheld due to trade-related differences, this declaration contains the blueprint for a shifting centre of gravity in global climate governance to Eurasia.If supported by India's prime minister, Narendra Modi, who has reiterated support for the Paris Agreement, a solid pro-climate coalition including three of the world’s top four emitters would emerge.Cooperation with Canada, and with the sub-national forces in the US, could then provide additional momentum to convince other G20 members.As a major guiding forum, the G20 represents a test run for the future of global climate governance during the Trump era.The direction this governance will take, depends heavily on the strength of emerging partnerships, and their ability to convince others to join them regardless of US policies.If the will is robust enough, this "multiple bilateralism" could bring about the dawn of a new era, and the successful implementation of the Paris Agreement.If it fails, however, global climate politics faces a complicated, daunting future.Dr Simon Schunz is a Research Fellow at the United Nations University Institute on Comparative Regional Integration Studies (UNU-CRIS), and a professor of EU International Relations and Diplomacy Studies at the College of Europe in Bruges. He is also a visiting professor at the University of Leuven.

Opinion-EU parliament should befriend transparency By Sylvie GUILLAUME and Danuta HUEBNER-euobserver

BRUSSELS, 27. Jun, 17:24-A few days ago, an NGO representative expressed her concerns about the way the European Parliament was dealing with the European Commission’s proposal for a revised inter-institutional agreement on a “mandatory transparency register”.The proposal was submitted by the EU commission on 28 September 2016 and aimed at including the Council of the EU, where representatives of member states sit, as a new partner within the framework.Following the commission's proposal, the EU parliament’s Conference of Presidents entrusted us, as the responsible lead negotiators - supported by a contact group composed of one MEP from each political group - with developing a draft negotiating mandate.We organised five contact group meetings, where detailed discussions provided the opportunity for all political groups to give their input and ideas. It led to the endorsement of a balanced text on 11 April this year.We enriched our deliberations by means of a half-day meeting between the contact group and the involved NGO representatives - including Nina Katzemich from the website LobbyControl, and others from organisations such as Transparency International, Civil Society Europe and Corporate Europe Observatory.We listened carefully to their concerns, many of which we had already incorporated into our work, such as the necessity to enlarge the definition of lobbying and to include an independent observer in the management structure of the transparency register.We also discussed how we to pursue the negotiations with the EU commission and the council in order to get those concerns taken on board.Instead of the expected swift adoption of the mandate, which would signal the parliament’s readiness to enter into negotiations, we were deeply troubled to find that the item had been taken off the agenda of the Conference of Presidents on successive occasions.-Horse-trading-It appeared that some MEPs used procedural manoeuvres and political horse-trading to achieve repeated postponements of the adoption of the mandate, even though a large majority in parliament supported its content.It seems that it is sometimes those who believe themselves to be on the path of righteousness, who are most willing to misuse our system of procedures to score cheap political points.We found it disturbing that some wilfully ignored parliament’s power to determine its own internal organisation.It has also saddened us to see that some of those who claim to be at the forefront of stemming the tide of populism, do not seem to mind riding on that very same tide when it serves their own political ends.However, we were glad to see that the Conference of Presidents finally adopted the mandate two weeks ago on 15 June, in the very same form that had been proposed by the contact group.Following its adoption, the mandate was immediately published on the EU parliament’s website.Regarding the free and independent mandate of MEPs - enshrined in EU primary law - it is noteworthy that the independence of elected representatives is a cornerstone of a representative democracy and a principle this is not easily dismissed.Therefore, any limitation on MEPs in the exercise of their free mandate must be proportionate and cannot, for example, unduly restrict his or her right to seek information.Moreover, a principle enshrined in primary law cannot be altered by secondary law, let alone by an inter-institutional agreement.The mandate adopted on 15 June is based on a long line of parliament’s decisions regarding its relations with interest representatives.It reflects the position of a broad majority of MEPs and it constitutes a solid base for negotiations on a significant improvement to the current transparency register and a widening of its scope.-Negotiating framework-The mandate should be understood as a framework for the negotiations.Parliament’s position will continue to be adapted as the negotiations progress. Once the negotiations are concluded, parliament will adopt follow-up decisions with respect to its internal organisation, in order to implement the new inter‑institutional agreement.But the European Parliament still remains committed to pushing for a transparency regulation that would go beyond an inter-institutional agreement and lay down the relevant provisions on transparency and the register in secondary law.One should not forget the progress that parliament has achieved so far in this field. It initiated the Transparency Register as early as 1996, as well as a Code of Conduct with a commitment for registered lobbyists to act in accordance with high ethical standards.Parliament is, and remains, the most open EU institution, which can be seen with the web-streaming of its meetings and the ability for citizens to visit all of its buildings.Furthermore, parliament decided that registration on the transparency register was to be made a requirement to be invited as a speaker at committee hearings and to receive a long-term access badge for its premises.It also put in place a voluntary legislative footprint last year, and it encourages its MEPs to meet only with registered organisations.Katzemich considers the EU commission to have made a big step in 2015 by publishing meetings of commissioners, heads of cabinets and directors‑general.Certainly, this is true. However, this measure was decided by the commission with a view to its own internal organisation and cannot be easily translated to other institutions such as EU parliament or the council, both of which have a different set-up.Furthermore, the commission’s system is not without its flaws and has room for improvement, as Transparency International and other organisations regularly report.As the EU parliament's lead negotiators, we are particularly committed to getting the council on board and to adding significant value compared to the current framework.Three principles-A new register should encompass the following three principles.First, the widest possible scope of application for EU institutions and other bodies, including meaningful participation of the council.Next, a comprehensive and clear framework, without weakening the current system, for the regulation of interest representation activities.Finally, structures and resources that guarantee effective implementation.One of the main issues is that the new inter-institutional agreement provides a framework for coordination among the EU institutions, while at the same time fully respecting their different competences and prerogatives.-The mandate-The approach we have developed in our mandate would allow for:- The full respect of MEPs' independent mandate.- An inclusive transparency policy for all types of interest representative, as with the current register that features over 11200 registered interest groups from all over the world.- The possibility to maintain the wider definition of lobbying, covering both direct and indirect interest representation (as with the current system).- The full respect for each institutions’ needs, e.g. in the case of parliament as an open house but also with the need to know, for security reasons, who is coming in and why.- More flexibility in respect to the EU institutions’ roles and structures (parliament cannot simply duplicate rules that were designed for the commission).- Better quality information on the database – making the register more reliable as a source of information for the institutions themselves and for the general public.The quality of the new system will depend on how far the council can be convinced to match the parliament’s and commission’s commitment to transparency.We would therefore advise to look at the whole picture and analyse the situation comprehensively, especially with a view to scrutinising the council’s approach.It takes time to change long-standing practices, but we are fully committed to forge ahead, knowing that a pragmatic and constructive approach will yield the best results.Transparency certainly is one important aspect of ensuring citizens’ trust in the EU institutions. But it is not the only one. Keeping true to the facts is another.Sylvie Guillaume is a vice-president of the European Parliament, and Danuta Huebner is the chair of the constitutional affairs committee-Correction: The article's footnote originally said that Danuta Huebner is the chair of the foreign affairs committee, when in fact, she is the chair of the constitutional affairs committee

EU Commission could get say on Russia gas pipeline By Andrew Rettman-euobserver

BRUSSELS, 27. Jun, 09:29-EU states have given initial backing for the European Commission to negotiate the legal model of the Nord Stream 2 gas pipeline with Russia.Pablo Micallef, a spokesman for the Maltese EU presidency, told EUobserver that “some 13” member states spoke out on the plan when EU energy ministers met for informal talks in Brussels on Monday.The incoming Estonian EU presidency is now expected to convene a working group to take things forward.The Danish energy minister, Lars Christian Lilleholt, who was among the 13 EU backers, said: “I’m very satisfied. It was the best thing that could have come out of the meeting”.The mandate will have to be formally approved later down the line in a “reinforced qualified majority” vote by member states, a higher than usual threshold of 72 percent of EU countries representing 65 percent of its population.Maros Sefcovic, the EU energy commissioner who drafted the proposal, told the Reuters news agency: “I’m definitely optimistic about getting the [formal] mandate, but I know this is just the beginning of the debate."Nord Stream 2 is to concentrate 70 percent of Russian gas supplies to Europe in one route to Germany under the Baltic Sea.But its critics, which include the Nordic states, the Baltic countries, Poland, and the US, say it would harm EU energy security and undermine Ukraine, a Western ally, by making Ukraine’s transit pipes obsolete.-EU laws-Anna-Kaisa Itkonen, the Commission’s energy spokeswoman, told EUobserver on Tuesday that the Commission wanted to talk to Russia on whether the offshore part of Nord Stream 2 should be covered by the EU’s so-called third energy package.That EU law would oblige Russian state firm Gazprom to open up its Nord Stream 2 monopoly to EU competitors - a demand which led Russia to stop a previous project, the South Stream pipeline under the Black Sea to Bulgaria.But Itkonen said the talks would “not [be] about a [Commission] veto, it is not about the future of the pipeline, not about the Commission approving it or not”.She said the Commission-Russia talks would be designed to give “legal certainty” on Nord Stream 2 and that they would be “nothing spectacular or extraordinary” because EU officials had held similar discussions with “third countries” on other projects.The Nord Stream 2 regulatory framework is currently being negotiated between Germany and Russia.German, Austrian, French, and Anglo-Dutch firms - Uniper, Wintershall, OMV, Engie, and Shell - are to take part in the project, with Germany and Austria keen to press ahead.Neither the German nor the Austrian minister spoke out on Monday, EU sources told Reuters, but Germany and Austria recently attacked the US over its threat to impose sanctions on Nord Stream 2 investors.“We decide who supplies us with energy and how they do it”, the German and Austrian foreign ministers said in a joint statement on 15 June.-Ukraine unhappy-Pavlo Klimkin, the Ukrainian foreign minister, told Reuters in Paris on Monday that Nord Stream 2 "would have disastrous consequences for the energy security of the European Union and would make the EU dependent on one source.""Maybe some companies will benefit for the time being, but in the long-run it will lead nowhere”, he said.He added that there was no progress on Russia ending hostilities in east Ukraine."How can you trust Russia in setting up a unique source of gas supply?”, he said, referring to broader EU and US concerns over Russia’s aggressive behaviour toward neighbouring states.

Focus-Nordics consider alternative to EU emissions trading system By Lisbeth Kirk-june 28,17-euobserver

Copenhagen, Today, 07:44-If the European emissions trading system is not reformed to work efficiently, a Nordic carbon price floor could be introduced to secure future green investments in the region, according to a new strategic review of energy co-operation by the Nordic Council.The plan, which has been in preparation for over a year, is penned by Finnish businessman Jorma Ollila, who had formerly chaired Royal Dutch Shell for almost ten years and was the chairman and CEO of Nokia.It comes at a crucial time, just as the final talks on reforming the EU's carbon trading scheme are due to take place in Brussels.On Tuesday (27 June), representatives of the EU member states, the European Parliament and the European Commission met for one of the final meetings on how the EU’s flagship climate instrument – the EU Emissions Trading System (EU ETS) – should look in the 2021-2030 period.But before the real talks have even started, hopes of reforming the EU system to work efficiently are fading.”I think everyone realises that this is not enough. The [EU] proposal will not deliver a carbon price that we need to decarbonise the industry sectors,” said Femke de Jong, EU policy director for Carbon Market Watch.Her organisation brings together more than 800 NGOs and academics from 70 different countries, working to make the carbon market “an effective climate mitigation tool.””I think it is only logical to have a debate on how we can complement the system. A carbon floor price – at least at the regional level – seems a realistic option,” de Jong said.-Nordic energy union-Norway and Sweden are strong on hydropower, Norway produces oil and gas, Denmark has wind, while Finland and Sweden have built nuclear plants and are pushing for more bio-fuels as a future energy resource.Some 20 years ago, these countries decided to connect their national electricity grids with water reservoirs, allowing hydropower to serve as a kind of Nordic battery to compensate for periods without wind, for example.”There were significant benefits, welfare benefits, lower electricity prices and easier management of the generation of electricity in tough times or during high peak demand in winter times,” Ollila pointed out.This Nordic solution, Ollila said, has been "managed historically very well". He added that since the EU is looking into different prospects for the energy union, there is an opportunity to learn from "what has been done in Nordic countries over the past 20 years."In addition to Nordic carbon trade, Ollila also suggested a Nordic export strategy for green energy solutions, alignment of research and using the whole Nordic area as a testbed.Nuuk in Greenland has been suggested to become a testbed for the full deployment of electric vehicles, and Reykjavik in Iceland may become a testing ground for infrastructure and systems that can support electrification of visiting cruise and fishing ships.The Faroe Islands may become the place for the development of battery technology and energy storage.-Green transition and growth-Put together, the Nordic region today is one of the 12 largest economies in the world and it is already living proof that the green transition is not incompatible with economic growth.However, the Nordics must become even greener to complete their transition into renewable energy, the Nordic Council report said."The energy transition is already underway – but if the Nordic countries do not participate to the fullest, the jobs will be created elsewhere," warned Jorma Ollila."The renewables will take off faster than what was thought only five years ago. So, the role of the renewables will grow quite significantly," he added."The focus should be on securing the most efficient green transition. If the ETS does not provide this, it may be relevant and timely to discuss a joint Nordic approach to support the schemes for renewable energy," Ollila's report concluded.”Another approach could be to discuss the introduction of a Nordic carbon price, based on the United Kingdom’s carbon price floor, in order to secure stronger incentives for the green transition,” it said.-UK leads the way-The prospect of a regionalised European carbon trading system in the future is not limited to the Nordic area. For instance, the UK already introduced a carbon price floor in 2013.”So far, the only country in Europe that has a carbon floor price is the UK. There it was very effective. They introduced a carbon floor price in 2013 and it has resulted in UK coal emissions falling by almost 60% last year," Femke de Jong said, adding: "So it is really significant."She goes on to say that: "It can be a very effective instrument to – at least in the intermediate time – to make sure that the carbon price reflects the damage cost of the pollution to the society.”Under the UK carbon floor price system, carbon emission prices rise automatically – currently at 18 pounds sterling (€20) from 2016 to 2020.Currently the carbon price in Europe stands at €5, but it should rise to €40 to meet the objectives of the Paris climate agreement and rise further to €100 in 2030.-Regional carbon trade-”Ideally, this should be solved at the EU level, but if this is not possible in the short-term, it makes sense to go for a regional solution,” de Jong said.”France has been pushing for it very much in the past and we think that now, with Macron [as president of France], he will also push for that," she added."Let's see," she said, "maybe after the German elections, there can also be a regional carbon price in Western Europe – with Germany, maybe Belgium, the Netherlands and France."Linking the Nordic carbon trade to the British system might be made complicated by the Brexit process, however.”I think it might be tricky for the Nordic countries to join the UK system,” said de Jong.”It is still an open question if the UK will withdraw from the ETS or not. Maybe it is also an idea to team up more with other countries that are contemplating this,” she suggested.

Luxembourg not a tax haven, claims PM By Nikolaj Nielsen-june 28,17-euobserver

Luxembourg, Today, 08:42-Luxembourg continues to refute any notion that it is a tax haven, despite widespread evidence of dubious schemes that it cuts global tax bills for big firms."We were never a tax haven," Luxembourg's prime minister, Xavier Bettel, told EUobserver on Tuesday (27 June).Bettel's comments follow a grilling of Luxembourg's former prime minister and current European Commission president, Jean-Claude Juncker. Juncker in late May told the European Parliament that he was unable to explain why the Grand Duchy "didn't want to remove tax secrecy."But Bettel, who was fielding a wide range of questions from reporters at an event hosted by the European Investment Bank in Luxembourg, defended the country's tax policies by saying it was one of the first places to push transparency and the exchange of tax rulings with other member states."It is important for me that we have common rules and Luxembourg was one of the first one for transparency," he said.Luxembourg was rocked by scandal following media revelations in late 2014 that exposed how nearly 340 companies secured secret deals that shaved billions of euros from taxes, which were due to be paid elsewhere.The revelations ushered in a raft of new EU and national legislation to increase tax transparency and weed out abuse.The scandal also triggered a probe by the European Parliament, which slammed Luxembourg for allowing corporations to dodge "tax that could have been used to build schools, hospitals or pay down national debt."A report by the Brussels-based NGO, Eurodad, had also revealed last December that Luxembourg had in fact increased the number of so-called tax rulings in the wake of the 2014 media revelations by some 50 percent.The issue saw former PricewaterhouseCoopers (PwC) employee Antoine Deltour face prison time for leaking the secret rules to the media, posing larger questions on whistleblower protection laws.But Bettel maintained that his country was fully compliant with tax standards and had not committed a crime."There are over 20 countries in Europe doing [tax] rulings," he noted, echoing a similar refrain to his predecessor, Juncker.Luxembourg, under Juncker's decade-long leadership of the country, had also repeatedly blocked the rolling back of aggressive tax planning schemes throughout the EU, according to a cache of German cables leaked earlier this year.Bettel also opposes any pan-EU taxation system and refuses to impose any sort of tax on financial transactions.The financial transaction tax, also known as the FTT, aims to raise money for the public good by imposing a 0.1 percent tax on shares and bonds, and 0.01 percent on derivative products."I am fully against and I will block that," said Bettel. But he noted that other member states are free to move ahead on the file as part of a two-speed Europe.He also added that people in Luxembourg should not have to pay more tax only "because other countries were not responsible with public finances."

New cyberattack wallops Europe; spreads more slowly in US-[The Canadian Press]-YAHOONEWS-June 27, 2017

PARIS — A new and highly virulent outbreak of data-scrambling software — apparently sown in Ukraine — caused disruption across the world Tuesday. Following a similar attack in May , the fresh cyber-assault paralyzed some hospitals, government offices and major multinational corporations in a dramatic demonstration of how easily malicious programs can bring daily life to a halt.Ukraine and Russia appeared hardest hit by the new strain of ransomware — malicious software that locks up computer files with all-but-unbreakable encryption and then demands a ransom for its release. In the United States, the malware affected companies such as the drugmaker Merck and Mondelez International, the owner of food brands such as Oreo and Nabisco.Its pace appeared to slow as the day wore on, in part because the malware appeared to require direct contact between computer networks, a factor that may have limited its spread in regions with fewer connections to Ukraine.The malware's origins remain unclear. Researchers picking the program apart found evidence its creators had borrowed from leaked National Security Agency code, raising the possibility that the digital havoc had spread using U.S. taxpayer-funded tools."The virus is spreading all over Europe and I'm afraid it can harm the whole world," said Victor Zhora, the chief executive of Infosafe IT in Kyiv , where reports of the malicious software first emerged early afternoon local time Tuesday.In Ukraine, victims included top-level government offices, where officials posted photos of darkened computer screens, as well as energy companies, banks, cash machines, gas stations, and supermarkets. Ukrainian Railways and the communications company Ukrtelecom were among major enterprises hit, Infrastructure Minister Volodymyr Omelyan said in a Facebook post .The virus hit the radiation-monitoring at Ukraine's shuttered Chornobyl power plant, site of the world's worst nuclear accident, forcing it into manual operation.Multinational companies, including the global law firm DLA Piper and Danish shipping giant A.P. Moller-Maersk were also affected, although the firms didn't specify the extent of the damage.Ukraine bore the brunt with more than 60 per cent of the attacks, followed by Russia with more than 30 per cent , according to initial findings by researchers at the cybersecurity firm Kaspersky Lab. It listed Poland, Italy and Germany, in that order, as the next-worst affected.In the U.S, two hospitals in western Pennsylvania were hit; patients reported on social media that some surgeries had to be rescheduled. A spokeswoman for Heritage Valley Health System would say only that operational changes had to be made. A Wellsville, Ohio, woman at one of its hospitals to have her gallbladder removed said she noticed computer monitors off and nurses scurrying around with stacks of paperwork.Security experts said Tuesday's global cyberattack shares something in common with last month's outbreak of ransomware, dubbed WannaCry . Both spread using digital lock picks originally created by the NSA and later published to the web by a still-mysterious group known as the Shadowbrokers.Security vendors including Bitdefender and Kaspersky said the NSA exploit, known as EternalBlue, lets malware spread rapidly across internal networks at companies and other large organizations. Microsoft issued a security fix in March, but Chris Wysopal, chief technology officer at the security firm Veracode, said it would only be effective if every single computer on a network were patched — otherwise, a single infected machine could infect all others."Once activated, the virus can automatically and freely distribute itself on your network," Ukraine's cyberpolice tweeted.Bogdan Botezatu, an analyst with Bitdefender, compared such self-spreading software to a contagious disease. "It's like somebody sneezing into a train full of people," he said.Ryan Kalember, a security expert at Proofpoint, said one reason the attacks appeared to be slowing down was that the ransomware appears to spread only when a direct contact exists between two networks — such as when a global company's Ukraine office interacts with headquarters.But once it hits a computer on a network, it spreads quickly, even among computers that have applied the fix for the NSA exploit."It's more harmful to the organization that it affects, but because it's not randomly spreading over the internet like WannaCry, it's somewhat contained to the organizations that were connected to each other," Kalember said.Botezatu said the new program appeared nearly identical to GoldenEye, a variant of a known family of hostage-taking programs known as "Petya." It demanded $300 in Bitcoin.Unlike typical ransomware, which merely scrambles personal data files, the program wreaking havoc Tuesday overwrites a computer's master boot record, making it tougher to restore even a machine that has been backed up, said Kalember.It may have first spread through a rogue update to a piece of Ukrainian accounting software called MEDoc, according to tweets by the country's cyberpolice unit. It said a rogue update seeded the infection across Ukraine. In a lengthy statement posted to Facebook, MEDoc acknowledged having been hacked.The motives of those behind the malware remain unknown. Ukraine has been a persistent target of pro-Russian hackers, who are blamed for twice shutting down large swaths of its power grid in the dead of winter and sabotaging its elections system in a bid to disrupt May 2014 national elections.Emails sent Tuesday to an address posted to the bottom of ransom demands went unreturned. That might be because the email provider hosting that address, Berlin-based Posteo, pulled the plug on the account before the infection became widely known.In an email, a Posteo representative said it had blocked the email address "immediately" after learning that it was associated with ransomware. The company added that it was in contact with German authorities "to make sure that we react properly."___Bajak reported from Houston. Associated Press writers Anick Jesdanun in New York, Vladimir Isachenkov in Moscow, Larry Rosenthal in Beaver, Pennsylvania and Jan M. Olsen in Copenhagen, Denmark, contributed to this report.Raphael Satter And Frank Bajak, The Associated Press.

Trudeau appoints his first climate change ambassador with revamped mandate-[The Canadian Press]-YAHOONEWS-June 27, 2017

OTTAWA — Prime Minister Justin Trudeau has tapped a long-time Canadian diplomat to step into a revamped role of Canada's ambassador for climate change.Canada hasn't had such an ambassador since January 2015.Jennifer MacIntyre fills the role as of Tuesday, with a mandate to push Canada's international relationships on the climate change file, including promoting Canadian clean technology businesses abroad.She is the fifth person to hold the title of ambassador for climate change — but the first where the role is not the equivalent of Canada's chief negotiator for climate change treaties.As such she will not be on hand next week when Trudeau sits down with other G20 leaders in Germany where the Paris climate change agreement will be front and centre.Instead her role is to find ways for Canada to take advantage of any international opportunities for trade and investment that climate change policies bring.MacIntyre spent most of the last four years as the ambassador to Switzerland and Liechtenstein.The Canadian Press.

NATO chief: US allies to spend $12 billion more this year-[The Canadian Press]-YAHOONEWS-June 28, 2017

BRUSSELS — NATO's chief says U.S. allies are projected to spend around $12 billion more on defence this year, after President Donald Trump berated them for failing to boost military budgets.NATO Secretary-General Jens Stoltenberg said Wednesday that "we have really shifted gears. The (spending) trend is up and we intend to keep it up."Unveiling new figures, Stoltenberg said European allies and Canada have increased spending by almost $46 billion over the last three years.He said 25 of NATO's 29 allies aim to raise defence spending in 2017.Only the United States, Britain, Estonia, debt-burden Greece and Poland met NATO's spending targets last year. Romania says it will meet the 2 per cent of GDP guideline this year, while Latvia and Lithuania plan to in 2018.The Associated Press.

STORMS HURRICANES-TORNADOES

LUKE 21:25-26
25 And there shall be signs in the sun,(HEATING UP-SOLAR ECLIPSES) and in the moon,(MAN ON MOON-LUNAR ECLIPSES) and in the stars;(ASTEROIDS ETC) and upon the earth distress of nations, with perplexity;(MASS CONFUSION) the sea and the waves roaring;(FIERCE WINDS)
26 Men’s hearts failing them for fear,(TORNADOES,HURRICANES,STORMS) and for looking after those things which are coming on the earth:(DESTRUCTION) for the powers of heaven shall be shaken.(FROM QUAKES,NUKES ETC)

Wind fans the flames of Utah fire that has burned 13 homes-[The Canadian Press]-YAHOONEWS-June 28, 2017

SALT LAKE CITY — Firefighters are bracing for more high winds Wednesday as they try to slow a southern Utah wildfire that has burned 13 homes and forced the evacuation of 1,500 people.Firefighters are hoping to be able to put out hot spots on the southern end of the fire to allow residents to return to the ski town of Brian Head. Homes there have been evacuated since June 17 when authorities say it was started by someone using a torch tool to burn weeds on private land.The fire is the largest in the nation at 78 square miles (201 square kilometres ).The blaze is one of several in the West. Crews in California were making gains against two new fires that spread quickly, and firefighters in Idaho battled five lightning-sparked wildfires burning in grass and brush.

The Associated Press
WORLD POWERS IN THE LAST DAYS (END OF AGE OF GRACE NOT THE WORLD)

EUROPEAN UNION-KING OF WEST-DAN 9:26-27,DAN 7:23-24,DAN 11:40,REV 13:1-10
EGYPT-KING OF THE SOUTH-DAN 11:40
RUSSIA-KING OF THE NORTH-EZEK 38:1-2,EZEK 39:1-3
CHINA-KING OF THE EAST-DAN 11:44,REV 9:16,18
VATICAN-RELIGIOUS LEADER-REV 13:11-18,REV 17:4-5,9,18

WORLD TERRORISM

OH BY THE WAY WHEN THE MEDIA SAYS ALLU-AK-BAR MEANS GOD IS GREAT LIE. IN ISLAM ALLU-AK-BAR MEANS OUR GOD IS GREATER OR GREATEST. THIS IS HOW THE MEDIA SUCK HOLES UP TO ISLAMIC-QURANIC-MUSLIMS. BY WATERING DOWN THE REAL MEANING OF THE SEX FOR MURDER DEATH CULT ISLAM. TO MAKE IT SOUND LIKE A PEACEFUL RELIGION (CULT OF DEATH AND WORLD DOMINATION).

GENESIS 6:11-13
11 The earth also was corrupt before God, and the earth was filled with violence.(WORLD TERRORISM,MURDERS)(HAMAS IN HEBREW IS VIOLENCE)
12 And God looked upon the earth, and, behold, it was corrupt; for all flesh had corrupted his way upon the earth.
13 And God said unto Noah, The end of all flesh is come before me; for the earth is filled with violence (TERRORISM)(HAMAS) through them; and, behold, I will destroy them with the earth.

GENESIS 16:11-12
11 And the angel of the LORD said unto her,(HAGAR) Behold, thou art with child, and shalt bear a son, and shalt call his name Ishmael;(FATHER OF THE ARAB/MUSLIMS) because the LORD hath heard thy affliction.
12 And he (ISHMAEL-FATHER OF THE ARAB-MUSLIMS) will be a wild (DONKEY-JACKASS) man;(ISLAM IS A FAKE AND DANGEROUS SEX FOR MURDER CULT) his hand will be against every man,(ISLAM HATES EVERYONE) and every man's hand against him;(PROTECTING THEMSELVES FROM BEING BEHEADED) and he (ISHMAEL ARAB/MUSLIM) shall dwell in the presence of all his brethren.(LITERAL-THE ARABS LIVE WITH THEIR BRETHERN JEWS)

ISAIAH 14:12-14
12  How art thou fallen from heaven, O Lucifer,(SATAN) son of the morning!(HEBREW-CRECENT MOON-ISLAM) how art thou cut down to the ground, which didst weaken the nations!
13  For thou hast said in thine heart, I will ascend into heaven, I will exalt my throne above the stars of God: I will sit also upon the mount of the congregation, in the sides of the north:
14  I (SATAN HAS EYE TROUBLES) will ascend above the heights of the clouds; I will be like the most High.(AND 1/3RD OF THE ANGELS OF HEAVEN FELL WITH SATAN AND BECAME DEMONS)

JOHN 16:2
2 They shall put you out of the synagogues: yea, the time cometh, that whosoever killeth you will think that he doeth God service.(ISLAM MURDERS IN THE NAME OF MOON GOD ALLAH OF ISLAM)

Trudeau touts open Canadian immigration system in face of Trump travel ban-[CBC]-YAHOONEWS-June 27, 2017

Prime Minister Justin Trudeau says he will continue to promote Canada's open immigration policy on the world stage as controversy rages over U.S. President Donald Trump's travel ban.Trudeau said Tuesday during a news conference in Ottawa to wrap up the parliamentary sitting that government officials have had "multiple conversations" with the U.S. administration about protecting Canadian rights in the face of immigration decisions south of the border."But at the same time, Canadians have been very clear that we see immigration as a net positive, that we know we don't have to compromise security to build stronger, more resilient communities," he said. "I will continue to stand for Canadian values and Canadian success in our immigration system as I always have, whether it's in Washington or in Hamburg next week or elsewhere around the world."On Monday, the U.S. Supreme Court allowed a limited version of Trump's ban on travel from six mostly Muslim countries to take effect.The justices will hear full arguments in October, but in the meantime, the court said Trump's ban on visitors from Iran, Libya, Somalia, Sudan, Syria and Yemen could be enforced if those visitors lack a "credible claim of a bona fide relationship with a person or entity in the United States."-Trudeau defends sniper role-In the wide-ranging news conference in the National Press Theatre, Trudeau was asked about topics ranging from trade concerns with the U.S. to recent news that a Canadian special forces member had shot and killed an ISIS fighter at a record distance for a sniper.Trudeau called the sniper actions "entirely consistent" with the role of troops in northern Iraq. The "advise and assist" mission has always had an element of defending Canadian forces as well as our coalition partners, he said."That is something that is integral to this mission, and that is something that has always been followed," he said.NDP Leader Tom Mulcair has said the incident suggests Canadian forces are actually involved in direct combat in Iraq, and has called on Trudeau to provide the public with more details on the role of the mission.Trudeau said the incident should be "celebrated" for demonstrating the excellence in training and performance of duties by the Canadian Forces.National Defence said the sniper, part of the Joint Task Force 2 special forces unit, was supporting Iraqi forces when he shot an enemy fighter from 3,540 metres away.That is more than a kilometre farther than the previous record, held by a British sniper who shot a Taliban fighter in Afghanistan in 2009.Trudeau also said he broke his key electoral promise to reform Canada's electoral system because there was no compromise from other parties, and he didn't want to use his Liberal majority to ram through fundamental change."There was no path to do that."-'No path' on electoral reform-Trudeau said Liberals preferred a ranked ballot system, while the NDP wanted a proportional voting system that would have led to "fragmented" parties.Conservatives wanted to keep the status quo, he said."It was a very difficult decision for me," Trudeau said in describing his decision to break the promise.Asked about when the government will eliminate the deficit, Trudeau said his government is targeting billions in new spending on infrastructure and other services Canadians need and will not put a timeframe on when it will "arbitrarily" balance the books.Trudeau also touted what he sees as the government's key accomplishments so far, namely helping improve the quality of life for the middle class and taking steps to tackle the opioid crisis before taking questions.The prime minister also reacted to a new round of anti-dumping tariffs imposed on Canada's softwood lumber industry by the U.S. Department of Commerce. He said he is focused on being "constructive" and working toward a deal that will help protect thousands of jobs in Canada.Earlier Tuesday, the prime minister issued a statement to mark Multiculturalism Day.'Differences make us strong'"Canadians come from every corner of the world, speak two official languages and hundreds more, practise many faiths, and represent many cultures," he said. "Multiculturalism is at the heart of Canada's heritage and identity, and as Canadians, we recognize that our differences make us strong."Canada's tradition of multiculturalism has meant fresh perspectives and new answers to old problems, Trudeau said.Noting that Canada is celebrating both the 150th anniversary of Confederation and the 35th anniversary of the Canadian Charter of Rights and Freedoms, Trudeau said the milestones are a reminder of the values that unite Canadians: Openness, inclusion and deep respect for our differences."Whoever we are, wherever we come from, these values bring us together as equal members of this great country," he said.

U.S.-led coalition envoy visits Syria to discuss Raqqa aftermath-YAHOONEWS-[Reuters]-June 28, 2017

BEIRUT (Reuters) - Brett McGurk, the U.S. special envoy to the coalition against Islamic State visited north Syria on Wednesday and met the council planning to run Raqqa after its capture from the jihadists to assure it of support, one of its members said.The U.S.-led coalition is supporting the Syrian Democratic Forces (SDF), an alliance of Kurdish and Arab militias that began fighting inside Raqqa three weeks ago.The SDF announced the creation of the Raqqa Civil Council in April to replace militant rule in a city that has for three years been Islamic State's de facto capital in Syria.McGurk has met the council in Ain Issa in north Syria twice before in meetings that were not publicized, a member of the Raqqa Civil Council, Omar Alloush, said.Colonel Ryan Dillon, spokesman for the coalition, said coalition members are routinely in northern Syria working with the SDF and other local entities including the council. He could not confirm McGurk's visit on Wednesday and referred queries to the special envoy's office.Alloush said McGurk and other coalition officials, including its deputy commander Major General Rupert Jones, promised infrastructure help but did not discuss how much money was available."They did not specify any sum, but they decided we will support first removing mines, lifting rubble, maintenance of schools, then electricity stations and water," Alloush said.This month, volunteers at the council told Reuters they had informed the coalition it would take about $10 million a year to restore power and water supplies, roads and schools.(Reporting by Tom Perry; Writing by Angus McDowall; Editing by Louise Ireland)

Cluster bombs kill at least 15 in eastern Syria-[The Canadian Press]-YAHOONEWS-June 28, 2017

BEIRUT — A cluster bomb attack on an Islamic State-held village in eastern Syria killed at least 15 people on Wednesday, activists said, the latest in a series of devastating airstrikes along the Euphrates River ValleyTwo Syrian monitoring groups, Deir Ezzor 24 and Justice For Life, said the weapons were dropped on the village of Doblan by an unidentified jet. Russian, Syrian, and U.S.-led coalition aircraft are all known to operate in the area.Cluster bombs are designed to spread small bomblets across a wide area, but many fail to explode, endangering civilians long after the fighting has ended.Omar Abou Layla, the head of Deir Ezzor 24, said 15 bodies, including of women and children, were recovered in the village. He said residents expect to find many more killed.Ali Rahbe, of Justice For Life, said local informants counted at least 35 dead in the village, which is between the IS strongholds of al-Mayadeen and Boukamal.The Britain-based Syrian Observatory for Human Rights put the initial toll at 30 dead.At least 57 people were killed in an airstrike on an IS-run jail in the Euphrates River Valley on Monday. Activists said that airstrike was carried out by the U.S.-led coalition. The coalition said it was looking into the reports.Turkey's military meanwhile said it returned fire after an attack by Syrian Kurdish forces.A statement Wednesday said the People's Protection Units, or YPG, fired on Turkish territory overnight with anti-aircraft weapons from Syria's Afrin region. Turkish artillery units returned fire, destroying the "detected targets."The YPG is the main component of the Syrian Democratic Forces, a U.S.-backed militia that is battling the Islamic State group in the extremists' de facto capital, Raqqa. Turkey views the YPG as an extension of the Kurdish insurgency raging in its southeast.Turkey was angered by a U.S. decision last month to arm the Syrian Kurds, fearing the weapons will end up in the hands of Kurdish rebels in Turkey.The Associated Press.

Philippines says beheaded civilians found in rebel-held town-[Reuters]-By Kanupriya Kapoor-YAHOONEWS-June 28, 2017

MARAWI CITY, Philippines (Reuters) - Five decapitated civilians were found in a Philippine city occupied by Islamist rebels on Wednesday, the military said, warning the number of residents killed by rebel "atrocities" could rise sharply as troops retake more ground.The discovery of the five victims among 17 bodies retrieved would be the first evidence that civilians trapped in besieged Marawi City have been decapitated during the five-week stand by militants loyal to the Islamic State group, as some who escaped the city have previously reported.Some 71 security forces and 299 militants have been killed and 246,000 people displaced in the conflict, which erupted after a failed attempt on May 23 to arrest a Filipino militant commander backed by Islamic State's leadership.President Rodrigo Duterte promised to destroy the militants in Marawi and said the Philippines was now dealing with "a very dangerous situation" due to young Muslims inspired by the "mass insanity" of Islamic State."All they do is just to kill and destroy, and killing in a most brutal way," he said at an event where he received hundreds of sniper and assault rifles donated by China to help the military campaign in Marawi."They enjoy decapitating people in front of cameras. They have to be dealt with, with the same ferocity but not the brutality," he said.The information about the beheadings came via a text message to reporters from Lieutenant Colonel Emmanuel Garcia of the Western Mindanao Command. Garcia did not respond to repeated requests for details.A civilian rescue worker, Abdul Azis Lomondot, told Reuters body parts were found, but with "no proof of beheading".Military spokesman Jo-Ar Herrera said bodies were found separately in two groups, of 12 and five, but he was unable to confirm if the five were beheaded.The battle entered its 36th day on Wednesday, with intense gunfights and bombing in the heart of the town and black-clad fighters seen from afar running between buildings as explosions rang out.The rebels' hold on Marawi, while incurring the full force of a military for years trained by its U.S. counterparts, has much of the region on edge, concerned that Islamic State's influence may run deeper than thought.Those fears are also being felt in Malaysia and Indonesia, whose nationals are among the Maute group of rebels fighting in Marawi, suggesting the group may have built a cross-border network that has gone largely undetected.-RISING TOLL-Military spokesman Restituto Padilla earlier said it was likely that many civilians had been killed and the death toll - at 27 before the latest 17 were announced - was only what the authorities could confirm independently and escapees had reported many in the area of fighting."(It) may increase significantly," Padilla told reporters. "There have been a significant number that have been seen."Padilla said the cause of all of those deaths would be "atrocities committed by the terrorists".Among those atrocities, the army says, have been residents being forced to loot homes, take up arms or become sex slaves.Videos have appeared this month on the website of Islamic State's Amaq news agency and its social media channels of hostages in Marawi pleading for their lives, saying they would be beheaded if air strikes were not stopped. Clips have also appeared of kneeling captives, shot in the head from behind.Reuters was unable to confirm the authenticity of the footage.The military has so far been reluctant to discuss the possibility that the real impact of the fighting on civilians could be far more severe than has been reported.It has played down the impact of daily air strikes and mortar assaults aimed at rebel sniper positions, which have reduced areas of the lakeside town to rubble and alarmed people stuck there, some of whom have said the shelling was a bigger threat than the militants.Military spokesman Padilla said troops needed more time to finish what was a tricky mission, complicated by trapped civilians, hostages and booby traps.(For a graphic on battle for Marawi, click http://tmsnrt.rs/2sqmHDf)(Additional reporting by Neil Jerome Morales in MANILA; Writing by Martin Petty)

CHINA AND KINGS OF THE EAST MARCH TO ISRAEL 2ND WAVE OF WW3 (200 MILLION MAN ARMY)

REVELATION 16:12-16
12 And the sixth angel poured out his vial upon the great river Euphrates;(WERE WW3 STARTS IN IRAQ OR SYRIA OR TURKEY) and the water thereof was dried up, that the way of the kings of the east might be prepared.(THE TURKEY ATATURK DAM ON THE EUPHRATES CAN BE SHUT AND DRIED UP ALREADY BY TURKEY)
13 And I saw three unclean spirits like frogs come out of the mouth of the dragon,(SATAN) and out of the mouth of the beast,(WORLD DICTATOR) and out of the mouth of the false prophet.(FALSE POPE)
14 For they are the spirits of devils, working miracles, which go forth unto the kings of the earth and of the whole world, to gather them to the battle of that great day of God Almighty.(WERE 2 BILLION DIE FROM NUKE WAR)
15 Behold, I come as a thief. Blessed is he that watcheth, and keepeth his garments, lest he walk naked, and they see his shame.
16 And he gathered them together into a place called in the Hebrew tongue Armageddon.(ITS AT THIS TIME I BELIEVE WHEN AMERICA GETS NUKED BY RUSSIA ON THE WAY TO THE MIDEAST)

DANIEL 11:44 (2ND WAVE OF WW3)
44 But tidings out of the east(CHINA) and out of the north(RUSSIA, MUSLIMS WHATS LEFT FROM WAVE 1) shall trouble him:(EU DICTATOR IN ISRAEL) therefore he shall go forth with great fury to destroy, and utterly to make away many.( 1/3RD OF EARTHS POPULATION)

REVELATION 9:12-18
12 One woe is past; and, behold, there come two woes more hereafter.
13 And the sixth angel sounded, and I heard a voice from the four horns of the golden altar which is before God,
14 Saying to the sixth angel which had the trumpet, Loose the four(DEMONIC WAR) angels which are bound in the great river Euphrates.(WORLDWIDE WAR)(TURKEY-IRAQ-SYRIA)(EUPHRATES RIVER CONSISTS OF 760 MILES IN TURKEY,440 MILES IN SYRIA AND 660 MILES IN IRAQ)
15 And the four(DEMONIC WAR) angels were loosed,(WORLDWIDE WAR) which were prepared for an hour, and a day, and a month, and a year, for to slay the third part of men.(1/3 Earths Population die in WW 3 2ND WAVE-2 billion)
16 And the number of the army of the horsemen were two hundred thousand thousand:(200 MILLION MAN ARMY FROM CHINA AND THE KINGS OF THE EAST) and I heard the number of them.
17 And thus I saw the horses in the vision, and them that sat on them, having breastplates of fire, and of jacinth, and brimstone: and the heads of the horses were as the heads of lions; and out of their mouths issued fire and smoke and brimstone.(NUCLEAR BOMBS)
18 By these three was the third part of men killed, by the fire, and by the smoke, and by the brimstone, which issued out of their mouths.(NUCLEAR BOMBS)

<
          HTTP Cookie Hijacking in the Wild: Security and Privacy Implications   
The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access […]
          Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files   

I am doing some work involving encryption and decryption and due to US export restrictions on crypto - standard Java has limits on key lengths.

The error shows in the form:

2012-08-07 11:05:19 HTTP JVM: java.security.InvalidKeyException: Illegal key size or default parameters
2012-08-07 11:05:19 HTTP JVM: at javax.crypto.Cipher.a(Unknown Source)
2012-08-07 11:05:19 HTTP JVM: at javax.crypto.Cipher.init(Unknown Source)
2012-08-07 11:05:19 HTTP JVM: at javax.crypto.Cipher.init(Unknown Source)
2012-08-07 11:05:19 HTTP JVM: at JavaAgent.NotesMain(JavaAgent.java:163)
2012-08-07 11:05:19 HTTP JVM: at lotus.domino.AgentBase.runNotes(Unknown Source)
2012-08-07 11:05:19 HTTP JVM: at lotus.domino.NotesThread.run(Unknown Source)

So after some googling I found out about the Unlimited Strength Jurisdiction Policy files and downloaded them from Oracle only to be greeted by:

2012-08-07 13:05:37 HTTP JVM: Exception in thread "AgentThread: JavaAgent"
2012-08-07 13:05:37 HTTP JVM: java.lang.NoClassDefFoundError: javax.crypto.b (initialization failure)
2012-08-07 13:05:37 HTTP JVM: at java.lang.J9VMInternals.initialize(J9VMInternals.java:140)
2012-08-07 13:05:37 HTTP JVM: at javax.crypto.KeyGenerator.getInstance(Unknown Source)
2012-08-07 13:05:37 HTTP JVM: at JavaAgent.NotesMain(JavaAgent.java:148)
2012-08-07 13:05:37 HTTP JVM: at lotus.domino.AgentBase.runNotes(Unknown Source)
2012-08-07 13:05:37 HTTP JVM: at lotus.domino.NotesThread.run(Unknown Source)

Even more research revealed that IBM has rolled its own Unlimited Strength Jurisdiction Policy files and they can be downloaded here:

http://www-128.ibm.com/developerworks/java/jdk/security/

The link requires you to log in either with your partner ID or the ID you use when buing Domino.

After changing the files at \Domino\jvm\lib\security everything is working great!


          Linksys AC1200 Dual-Band Smart WiFi Router(WRT1200AC) - $67.99 FS @ Staples   

Rating: 0 Posted By: Sleepthieves
Views: 895 Replies: 3

Linksys AC1200 Dual-Band Smart WiFi Router(WRT1200AC) - $67.99 FS @ Staples

Amazonalso has this price. Everyone elseis selling it for near double.

Trusted Reviews

  • Wireless speeds up to 400 Mbps plus 867 Mbps for fast network access
  • Connects up to 10 devices in large homes
  • Ideal for video streaming, heavy browsing, and next-generation online gaming
  • WPA2 encryption, SPI firewall, and guest security features offers security and flexible administration
  • USB 3.0 and eSATA/USB 2.0 ports allow for connecting network storage devices
  • Adjustable, high-gain antennas provide enhanced speeds
  • LinksysSmart Wi-Fi with Network Map enabled lets you easily see and manage all connected devices on your network
  • Includes four Gigabit Ethernet ports for fast wired access
  • 1.3GHz dual-core ARM processor supports multiple high-bandwidth connections

          IDrive Unlimited Mobile Backup lifetime subscription (60% discount)   
Your phone holds a ton of valuable personal information and digital assets, and IDrive is here to make sure your digital life is safe, backed up, and secured with 256-bit AES encryption. This unlimited lifetime mobile backup plan allows you to back up your contacts, photos, videos, calendar events, and more on up to 5…
          Официальный анонс процессоров бизнес-класса AMD Ryzen PRO   
Сегодня у AMD есть как минимум два повода отпраздновать локальный успех. Первый — публикация оверклокером Романом «Der8auer» Хартунгом видеоролика с разгромной критикой настольной платформы Intel X299/LGA2066, второй — анонс Саннивейлом семейства 14-нм процессоров бизнес-класса Ryzen PRO для корпоративного сегмента рынка. Новые CPU родственны актуальным моделям Ryzen и отличаются от них расширенной поддержкой. Премьеру моделей Ryzen 3 PRO можно расценивать как генеральную репетицию перед появлением бюджетных чипов Ryzen 3 для розницы. Фактический релиз процессоров Ryzen 7 PRO, Ryzen 5 PRO и Ryzen 3 PRO состоится осенью, а пока AMD и её партнёры готовят почву для успешной реализации соответствующих систем в сборе. Близкое родство Ryzen PRO и Ryzen означает, что с большой долей вероятности новинки будут поддерживаться уже выпущенными материнскими платами AM4. Тем не менее для активации некоторых продвинутых технологий, таких как прозрачное шифрование памяти (Transparent Secure Memory Encryption, TSME), могут понадобиться специальные прошивки UEFI или даже новый чипсет.
          Delete ViACrypt Ransomware With Latest Guide: (Restore .via Files)   

What is  ViACrypt Ransomware ViACrypt Ransomware is another malware that has made its identification as cryptovirus. Later the encryption process, a ransom note is delivered by this ransomware with the suggestion of making payment. The files which get encrypted may...
Read more

The post Delete ViACrypt Ransomware With Latest Guide: (Restore .via Files) appeared first on Remove Malware Virus.


          IAM Consultant - The Herjavec Group - Canada   
Experience with J2EE technologies, scripting, directories, certificates (PKI), and encryption are highly desirable....
From The Herjavec Group - Wed, 17 May 2017 15:13:43 GMT - View all Canada jobs
          The Best Online Backup Services - What Do They Offer?   
You may not realize this now but the best online backup services can actually help you a lot. Whether you are a student dealing with schoolwork, or just your average user with a decent volume of files, photos, and personal documents in your hard drive, using online backup solutions is still applicable to you. Other than keeping your data secure in a location that isn't susceptible to theft or damage caused by various disasters, backup services also protect them from falling into the wrong hands. But finding the best online backup services is crucial for you to get all the advantages of this backup method.

First is the price. Most online backup services are priced about the same, around $5 per month, which you can opt to pay monthly or at the discounted annual fee. But that's just for the basic service. You can also avail of other additional services like network backup for an added fee. On the other hand, there are also online backup services that come for free, for some companies on a limited trial basis, and for others, for a limited storage capacity. While these offers are not uncommon and are done for promotional purposes, be wary of those backup services that are offered at no cost at all. While they need not cost a lot, the online backup solutions shouldn't come totally free or you would wonder how the company can give service.

Getting immediate access to your files may not really be extremely important to you. For instance, if you are simply looking for a space to store your photos in, you do not always need them at a moment's notice. Nevertheless, if you are a student or a businessman, you need a service which does not ask you to wait for a day before you can retrieve your files. Different companies provide different levels of access to the files that you store - which is why getting one which perfectly suits your needs is highly important.

And then you also have to think about the actual software that you'd need to install on your computer. Is it user-friendly enough for you? Would you have to deal with a lot of technical stuff that you're not comfortable with. Most backup software are designed to be as simple and convenient as possible for the user but you'd need to find out which you would be most happy to work with. Remember that online backups are there to make backing up your data easier without having to go through hoops for it. The best online backup services make sure you get that.

Lastly, you need a secure service. Most companies offer encryption of your stored information as it travels between your computer and theirs. However, some companies can offer more than that. You can find companies which scatter your files across their services making it impossible for any outsider to decipher any important data. You may also choose to put a password on your files. All these added services work together to give you the top-level security that you need. But to make sure that a service is right for your needs, just read a few reviews, like the Carbonite backup review.
          Why Backup Your Computer Files?   
You may not think you have a good reason to backup your computer information. You're not a bank protecting thousands of customers from losing their financial information, nor are you a government body storing personal data for millions of people. But that doesn't mean that the pictures and e-mails and recipes on your drive aren't priceless. To you, they hold memories perhaps of an entire lifetime. While losing those things may not impact anyone but you, you owe it to yourself to protect the things that you love. Protecting your computer's files is a necessity in the digital age when so many people keep so much of themselves on their computer.

Some have kept certain files for years. And this was always done in the same old process. First, you buy a stack of floppy disks or CDs which can be costly. You organize your files in such a way that everything in one category would fit into the disk space. Then, you label each disk before finally storing the information - which usually takes lots of space and hours of time. In storing your files, you need to be extra careful since a few scratches or a several drops of water could be enough to erase all your hard work and stored data. You may buy a protective safe for your disks but this would mean additional expenses on your part.

It's a good thing that recent developments in technology have given way to better methods when it comes to data backups and storage. External hard drives are already available that allow you to just plug and backup. It has become as simple as that. And your files are organized exactly the way they were in your computer's hard drive so the process should only take a few minutes of your time. External hard drives also let you store so much data -- up to several terabytes. For many who don't have an idea how big a terabyte is, one terabyte can hold up to 200,000 photos at 5MB each.

However, not everybody is open to buying a new and costly hard drive. Yes, it offers comfort to most people since it allows you to keep all of your files at your reach, but hard drives can also be daunting to some people.

For these types of computer users, a good option for ensuring that your data is safe from all possible causes of data loss would be to avail of online backup services being offered by many companies, one example of which is Carbonite backup. With this backup method, you don't need to be a techie because most of these online storage solutions are very user-friendly. And, you get the guarantee that your data is being kept away from prying eyes using advanced encryption technology and stored in servers located in a protected area.
          Should I Worry About the Safety of My Files with Carbonite?   
More people are now discovering the wisdom of using online storage services as a reliable method for having a backup of one's important files, as compared to keeping local backups such as external hard drives. What they all want to know now is "How safe are online backup facilities like Carbonite"?

The process that they go through is extensive and thorough to make sure that they have all of your files and that they are securely encrypted, so as to prevent theft and loss. I have checked them out thoroughly because I use this service myself and had the same concerns before. From protecting files that have been stored over time to those that we have just saved, Carbonite Backup gets them, encrypts them, stores them, and keeps them safe.

As they say, anything is possible so there is still that slimmest of chances that some untoward incident may happen to put your files at risk, but the probability of this happening is very low - perhaps close to none. Carbonite's servers are maintained with the highest levels of professionalism and with the most advanced technology.

If mere words of assurance are not enough for you to completely believe in this online backup company's capabilities, allow me to quickly explain what goes on behind the scenes when Carbonite backs up and stores your files. Before the actual transfer, your data is protected by the 448-bit encryption. Then when the transfer process commences, the files go through further encryption using the Secure Socket Layer (SSL) to guarantee that no theft or loss takes place while data transmission is on going. These two encryption methods are among the best today and no one has ever breached them. When your files reach Carbonite's serves, they remain in that encrypted state until you retrieve them.

If you need to access your files, Carbonite has encryption keys to unlock your data and only a few select people at Carbonite have access to these encryption key codes. Even the database that stores the encryption keys is encrypted as well. Carbonite stores over 25 billion files and there is no ordinary employee that has access to any of the files.

Now that you understand what they do to keep your files safe and secure, you should have all of your questions answered. If you are using an external hard drive as your backup method or not using any backup at all, you are taking some horrible risks that could end up being detrimental to your data. You can lose everything to theft, scams, house fires or equipment failure. The biggest risk you are taking is not using Carbonite for your computer backup of all of your files and records.

Is Carbonite the best online backup solution provider? Visit us and take a look at the complete review of Carbonite online backup and determine yourself if it is. Our website also has reviews of other service providers and other facts on computer backup.
          Mozy Pro Reviewed: Is It What Your Business Needs?   
Mozy Pro is the online backup solution offered by Mozy that is designed for the needs of small and medium businesses. This Mozy Pro review evaluates the features of the service, its advantages, and the areas where it can do better.

Mozy Pro Basic Features

Mozy Pro, typically named 'Pro' as are many apps that are geared toward businesses, is the professional version of Mozy Home. Mozy Pro includes all the features of Mozy Home in addition to more advanced features in support of office managers, IT professionals and businesses. A license is needed for every computer that is backed up. It can be either a desktop license at a cost of $3.95 plus $0.50/GB per month, or you can get a server license if you have servers that need to be backed up. Those cost $6.95/month with the same GB charge.

The server license costs more because it comes with many features that would be needed for a server including Windows Server OS support, network share support and backup and restore of Exchange email server and SQL server. These are products that would be typically installed on a server. For security Mozy employs 128 bit SSL encryption while performing the file upload for backup and 448 bit Blowfish encryption or 256-bit AES encryption on your files while they are stored on their backup servers. For business, knowing their data is securely encrypted is invaluable.

Advantages

No matter the license you choose, server or desktop, Mozy Pro will ensure good quality services, security and comprehensive backup package at an affordable price.

Aside from putting all the stops when it comes to security, Mozy Pro has also placed the user's convenience and ease of use at the top of its priority. The service supports both Windows and Mac, and gives the user an option of to set it on automatic or scheduled mode of backup.

Mozy Pro supports Excahnge, SQL, and network drives. It also has advanced administrative features for complex business setups.

The Cons of Mozy Pro

Mozy Pro is not without its flaws, though. Some users of this online storage and backup facility have pointed out that the technical support provided is rather slow and at times not helpful at all. Problems in connecting to Mozy's servers have also been experienced by some users, and the software itself has been reported by some as "buggy."

We have also read some reviews which report that when the backup quota is reached the backup will just fail. So, to make sure that your backup process will continue successfully you will have to check your account regularly to see how much storage space you have left. This can become tedious and burdensome.

The last complaint seems to one that is common to many backup solutions and that is the restore process can take a long time. Additionally, it can take Mozy up to 24 hours to retrieve the data before the restore process can even begin. Businesses have a difficult time doing without their information for that long and may find this is not an acceptable situation.

Mozy Pro Review Summary

On the whole, while this service isn't perfect it is a secure and an affordable solution for small and medium businesses. The other benefit is that a business can be up and running with the service almost immediately. So for businesses without IT departments or those that just want a simple online backup solution, Mozy Pro is certainly worth consideration. And since they offer month-to-month plans, businesses can test the service without committing to a long-term contract.

Be sure to read the full evaluation of Mozy Pro here to decide if it is the best online storage tool for your business needs!
          Five Questions To Ask When Looking For The Best Online Storage Service   
There are a lot of online storage services available today but the key to having complete confidence that your files and data are securely backed up is choosing the best online storage solution there is.

The need for high-quality online backup services was determined first of all by the gradual transition towards a paperless society. In a matter of few seconds important data and information can be irretrievably rendered. But this situation can be avoided by simply subscribing to an online backup facility.

And if you think that backup functions are all these services can offer, think again. Here is a rundown of what other benefits can be had from storing your data "in the cloud."

Data Loss Protection. Computer crashes, hard drive failure, even natural disasters can bring about loss of data. Whether one loses important business documents or personal files, the damage can be just as equally difficult to recover from.

File Access Anytime, Anywhere. Even if external hard drives may provide secure protection against data loss, this does not enable you to have remote access of the files anywhere in the world as long as an internet connection is available.

File Sharing. You will be able to share with your loved ones and family your latest pictures and even with your business partners your latest proposals. Online storage backup services with file sharing ease your work towards other people and support good-quality communication.

After analyzing these benefits, the ultimate question is what to look for in a storage service. Therefore, when you will find yourself comparing various backup solutions, you should ask yourself the following five questions:

What features come with the package?

Most online backup services offer as basic features like file storage, file sharing, automatic backup, fast file upload and download, and remote file access. To be efficient, you must identify the ones you need the most and look for the best online storage services within that category.

How secure is the service?

Security is a big issue for many online storage users. Unlike external hard drives where you have physical control over your files, you may think that online services can put your confidential files at a risk of unauthorized access. The good news is, online storage backups use encryption technology and password protection to ensure that your files are completely secure.

How do I decide what is the best value for the money?

Many online storage services come for free and these may be worth looking into. However, paying a small fee can also give you access to some of the better features such as unlimited storage space.

Is it easy to use?

Storage services should be as user-friendly as possible else you risk the possibility of not being able to backup your files properly. If a software seems too complicated to use, by all means scratch it off your list.

Is there technical support when I need it?

While using the online backup service you might run into some technical problems that require technical support. You must be prepared for such situations by making sure that the chosen online storage service offers good-quality tutorials, customer service, or even online and chat support.

Now that are aware of what features to look for when finding the best online storage service, be sure to read the online backup reviews of the two most common and widely used companies that provide easy-to-use and very affordable online backup for home users!
          E-voting: should we use it?   
There are multiple methods of voting and, for many years, a paper-based method has been preferred (in the UK, the United States and many other countries). However, in recent years there has been movements towards electronic methods. Several people have pointed out flaws, but there are also some great benefits. So, should we change to e-voting and what version of it should we use?

Governmental stances
The Institute for Public Policy Research published a background paper called E-voting: Policy and Practice and it revealed that the UK government has plans to implement an e-voting system as a way of increasing voter turnout. In the government paper In the Service of Democracy, there were four things listed that could help to achieve their goal:
  • Online electoral register
  • Online registration and online applications for postal votes
  • Online and text voting
  • Electronic counting and collating of election results
The United States have had e-voting systems for a number of years. In March 2002, California approved the Voting Modernization Bond Act, which allowed the purchase of modern electronic voting systems to replace their existing punch-card method.

The following shows the state's committment to this form of voting:
"In December 2003 California Secretary of State Kevin Shelley released My Vote Counts: California's Plan for Voting in the 21st Century, which outlines California's plan for complying with the Help America Vote Act (HAVA). The state expects to receive over $100 million in HAVA funds. In November 2003 the Secretary of State issued a position paper on the deployment of touch-screen voting systems in California."
E-counting
The Electoral Reform Society disapprove of most of the current state of e-voting in their policy document that can be found here. However, one thing they do approve of is electronic counting of paper ballots. They feel it speeds up the whole process and if it failed, you could always do a manual count as there is a paper-baseed element to it. The IPPR document mentioned earlier also details the benefits of e-counting and goes on to say that "In India the electronic system allowed the results to be announced a matter of hours after the polls closed".

I'm glad that there is approval for electronic counting and I can understand why some people would want a paper backup. However, there really is no need for paper providing the technology is implemented properly. For example, you could have a voting machine using RAID 1, which means that if the primary disk fails, you still have the information on the second disk and you could even remove it and do the counting on another system. If you have to use paper ballots, you could always do multiple electronic counts (possibly on more than one machine) to ensure accuracy. That would reduce the amount of staff/volunteers required and therefor reduce costs.

Machine voting
The following is from the Electoral Reform Society's policy:
"To minimise the risk of fraud, voting machines should produce voter verifiable audit trails. Rather than the voter completing a ballot paper, the machine should produce a ballot paper which the voter verifies and then puts in a ballot box. Should there be a dispute over the result, the paper ballots should be regarded as the definitive votes rather than those recorded on the machines.

Additionally, there should be safeguards equivalent to those described for e-counting."
I get the impression that they would be happy happier if machines weren't used as their suggestion still goes through the same amount of paper as a non-electronic system, therefore reducing the machine to 'an extra hurdle', which could potentially slow things down.
"Following the March 2004 primary election, the performance of Diebold touch-screen systems used in some California counties came under increased scrutiny. In public hearings conducted by the Secretary of State's Voting Systems and Procedures Panel, it was confirmed not only that uncertified versions of Diebold software had been used in some counties, but that some of the software had been inadequately tested and had performed poorly, resulting in lost and miscast votes"
If you read the quote above, you can see why some people would stop trusting machine voting. However, that situation wasn't totally the fault of the machines. It was the counties at fault for not implementing approved systems.

Remote voting
I can understand why the ERS don't approve of this as networks can be hacked and if you have unsupervised locations, there's the possibility of coercion. Despite this, you could still have polling stations with electronic voting machines until the security for remote voting has been suitably improved.

Security
In all the articles and research about e-voting, the biggest problem is security (especially in the case of remote voting). The IPPR document states that
  • ID cards and/or passwords could be stolen
  • If passwords are to be used, they would need to be short so they can be remembered, but that makes them more vulnerable
  • Biometrics could be used, but there would be a huge cost (the UK government estimates £31bn)
  • Viruses, firewall holes and network hacking
  • Voting programs are made by commercial sources. In the US there were calls to make the code 'open source' to ensure transparency, but doing that would mean voting systems could be hacked more easily
The last two problems could instantly be solved by not having remote voting until security has improved. You could just have unnetworked voting terminals and put together the totals at the end of the voting period. With biometrics, there is a long-term benefit, so the high cost might be worth it. Biometric cards would definitely be better than standard ID cards.

So, how would you improve security so that remote voting could be trusted? Well, you could use strong encryption on the database where the votes are kept. You could also use SQL stored procedures for website logins. This has been proved to protect against things such as SQL injection. There's also RAID, mirrored servers and making sure the server is in a physically secure location. Some would say that encryption can be weak, but there are also extremely strong varieties.

Paper-based systems
Dr. Rebecca Mercuri is a noted expert in this field and was involved with the decision to have a hand recount of votes in Florida in the 2000 US Presidential election. She strongly opposes any 100% electronic method (so she'll probably not be happy with the fact that 23 US states don't require paper records of votes). In this article, she mentions the problems in California. What Dr. Mercuri fails to realise is that is was at least partly the fault individual counties for not using approved versions of the Diebold voting system. She also doesn't consider the fact that a lot of security problems are caused by the machines being networked (they don't have to be). E-voting speeds up the counting process and can help people with disabilities, so there is benefits.

Disabled people
According to the IPPR background paper, privacy is increased for disabled people (this is because they can use the same systems instead of going to a separate location). The height of the machines could also be increased or decreased for those with back problems (or for people in wheelchairs). You could also have audio versions of the ballot for those who are blind. E-voting can therefore make democracy more inclusive.

Trials
In Britain there were several trials (15 in total) and the most notable ones were in Swindon and Sheffield. In both cases the voter turnout increased. In Swindon, 61% of voters in a survey felt that e-voting was better and 94% stated that they would use e-voting again in a general election. In 2002 (the Swindon trial), turnout was as high as 31.2%. This may seem low, but it's still a significant increase compared to previous years (for further details of the trials, see the E-voting: Policy and Practice document).

Usage in the student movement
Many student unions across the country have recently started to use e-voting and most seem to include remote voting in their implementation because it means people don't necessarily have to go to the campus just to vote (they may not necessarily have lectures/seminars/labs on that day). At Hull University Union, the first year of e-voting had had 1718 voters, which was a 25% increase on the 06/07 total. There has been a lot of controversy with remote voting though. The University of Essex's student union had to change the result of their presidential election because there was electoral misconduct and an unusually large number of votes coming from certain IP addresses. This could have meant that people were taking others over to a particular machine and influencing the way they vote. Coercion might have happened, but cancelling all the votes from those IP addresses could mean that some perfectly legitimate votes were made useless. They should have got the usernames and investigated those people instead.

Conclusion
There are (currently) a number of security issues with e-voting and many of those are linked to remote voting. This is unfortunate because remote voting allows greater flexibility. However, there are ways to improve security. E-counting and machine voting definitely have benefits and there is no reason why they cannot be used straight away (providing approved systems are implemented).

So, what do you think?

Technorati tags: E-voting, Technology
          European Parliament seeks to stop government encryption backdoors   

The battle is uphill, but that hasn't deterred certain EU leaders from throwing down the gauntlet against enemies of encryption backdoors.

The post European Parliament seeks to stop government encryption backdoors appeared first on TechGenix.


          New Berkman Klein Center study examines global internet censorship   
A sharp increase in web encryption and a worldwide shift away from standalone websites in favor of social media and online publishing platforms has altered the practice of state-level internet censorship and in some cases led to broader crackdowns, a new study by the Berkman Klein Center for Internet & Society at Harvard University finds.
          Comment on Kenrazy – Ile Kitu by play poker for money no deposit   
Any pupil of poker historical past will inform you - this is a powerful query to answer. The Income Tax Act, 1961, Abroad Change Administration Act (FEMA) 1999, Anti Money Laundering Regulation, Data Know-how Act, 2000, Indian Enjoying Act, and so forth would collectively govern the approved obligation of on-line poker web pages in India. The software is dependable, functional and has greater than a a hundred features and customization options making 888 a superb option for multitabling. Related as in the previous instance, if two or more gamers have straight in a single hand, the winner is taken into account a participant with the best card within the straight. Chips arrived in good condition although some of the chips has some traces / smudges on the printing. Second, by no means-especially in a game based on variants-underestimate your opponent. Beneath we'll outline the foundations and payouts related to Final Texas Maintain ‘Em. I began playing poker because I felt I good in all probability make some money and stayed at it as a result of I cherished the sport. Enduring heavy swings in his early days, he figured that the only option to make poker worthwhile was to present it all his time. The range of limits also caters for novices, with cash games starting at $0.01/0.02. In addition to Texas Holdem poker, many other poker variants are provided. Is he the perfect participant at present, after all not but when talking corridor of fame and the most effective general poker player on this planet over time, there could be no different pick. With 2014 almost over, we at PokerTube have determined to try some attainable trends and changes for poker community player site visitors in 2015. When gamers are ahead more often than not as they wager into the pot, they are going to be successful poker players. In case you're just looking to go time or refine your abilities, the free gaming websites such as these on Fb are the best way to go. We value the safety of our gamers taking part in at To guarantee a completely secure, secured as well as a snug gameplay, through the use of SSLv3/TLSv1 encryption algorithms, environment friendly collusion detecting methods and real random quantity era (RNG) we ensure that our gamers are taking part in safely in our website. We encourage you to attempt to play different on line casino games, including the entertaining and enjoyable 3 card poker recreation, however first study the game, follow with play money and then begin enjoying with real money at small amounts to get more expertise and confidence. He has achieved eight bracelets of World Sequence of Poker and made to the ultimate desk thirty-5 instances. Ivey is among the few poker gamers to achieve the biggest cash video games in each reside and online play, whilst notching victories in the world's largest tournaments seemingly at will. Final year, they joined the Chico poker network, and have grown this part of their brand to turn into the 2nd largest US pleasant poker site. And this is because it provides builders a narrower scope over which to provide their poker apps. I am speaking about curiosity from poker websites, training sites, coaching presents, staking provides, interview requests, joint ventures, you identify it. PokerLauncher is India's leading platform for online poker offers bringing curated provides to gamers. EBay determines this value via a machine-discovered model of the product's sale prices inside the last ninety days. I like playing at totally different poker websites and since the entire sites I discussed above take this deposit option, it permits me to use my bankroll in any respect three of the sites from the same ewallet. In his New York Occasions obituary, Chip Reese was referred to as the best cash game poker participant of all time. Completely different poker sites supply different sizes of freerolls, prizes in cash, or merchandise. A gaggle, named the Public Curiosity Litigation, filed a case in opposition to assorted gaming organizations along with on-line poker india the Mahalaxmi Cultural Affiliation, Madras City Membership (India) Pvt Ltd, Madras Darkhorse Farm & Land Growth Pvt Ltd, and Madras Sakthi Recreation Centre. The actual query is when the authorized poker and on line casino betting websites will begin to hit the net. There is a very thin line between a cyber crime and a recreation of enjoyable and talent and a slight mistake or negligence can make the poker exercise a punishable offence in India. The gamers who are still in the hand enter into a 3rd spherical of betting, at the end of which the bets are collected and positioned in the pot. To me, an expert poker participant is solely somebody who earns their total living taking part in poker, both offline or on-line. On this on-line poker variant, a participant has to make use of two out of 4 gap playing cards and three from the board to make a excessive hand or a low hand combination. Handheld devices like Android telephones/tablets/phablets, and other handheld gadgets like iPhones/iPads are fashionable gadgets used to play Poker video games. So the player with worst Teen Patti sequence in accordance with the a standard Teen Patti game beats the player with one of the best Teen Patti sequence. Two years later, the Calcutta High Courtroom asked the police to refrain from harassing golf gear offering poker to its patrons as a play poker on-line india results of poker won't be categorized as enjoying in the state. You might be questioning in the event you log onto an online poker website in the early hours of the day for instance that there is probably not many players also logged in and playing. Wait till you actually obtain our poker software program program that is made In India, create a star poker account and get to the deposit half. So now that you're aware of the Bonus Pai Gow Poker guidelines, give on-line Bonus Pai Gow Poker a attempt, and have fun playing poker online at Wild Jack! Of all the poker rooms you may choose, is without doubt one of the most superb, namely because it is the official poker web site of the well-known Borgata Hotel On line casino & Spa. The authorities are mainly involved with football betting networks - individuals inserting bets reside in Baht, utilizing Thai bank accounts to maneuver cash round. The game lasted over 200 hours and was watched by thousands of people across 151 international locations on the Twitch community. Merely open the web site from your browser to take pleasure in no-problem no obtain poker video games with practical casino sounds and exciting graphics, the game and its poker odds has no difference than enjoying Texas holdem in a real casino or the poker rooms on-line. How they play: Fish love taking part in ridiculous palms more than they love calling bets for no good purpose. The platform conducts tournaments on a daily basis, partaking plenty of gamers with attractive presents and whopping prize money. Launched in Oct 2013, the Amator is the results of detailed authorized research by Vipin Chaudhary, a passionate poker participant and lawyer by career. To help you know which internet sites to avoid we maintain a listing of unsafe or disreputable sites. We each logged in to our accounts at Silver Oak Casino and began playing 25 cent Joker Poker. After taking part in it in backrooms and all kinds of shady locations, in 1967, four Texas highway-gamblers Crandell Addington, Roscoe Weiser, Doyle Brunson, and Amarillo Slim moved to Las Vegas the place poker had already been authorized for 36-years. Stay tuned at PokerNews as extra news develops within the Indian playing marketplace. Opening a Precise Cash account with us takes simply moments - merely hit Play for Precise Money, fill out the online type and make your preliminary deposit to acquire your 200% Welcome Bonus. Additionally they have a greater fame within the poker group, whereas I've heard quite a lot of stories about bwin treating poker players very badly. As probably the most nicely-recognized Indian poker player, and if all the things goes well this week, a pleasant chunk of money will probably be extracted back to the Motherland, the place it's Diwali, the one time of yr when gambling is untabooed and everybody gets drunk and loses their cash playing Teen Patti, poker's loud, crass cousin, largely to a bunch of loud, crass cousins. Battle the federal government's ban on your favorite game, and earn again your title as the Governor of Poker! Of course enjoying poker on a world degree must be guided and performed with International Tips. Sandholm also explained that the AI did not study from mimicking human poker players and analyzing historical information, however from game theory. He also offered Webb $three million for partial rights to three-card poker - which Webb agreed too. It implies that the algorithm could have a lot better implications for solving issues in the real world. Interestingly, in these the place gambling is taken into account as a vice, many players still play online poker and are usually not prosecuted vigorously in a way one would anticipate. At The Great Grind I write about poker technique, ideas, and all the other elements concerned in beating the game. Now as the match progresses you possibly can fluctuate this quantity up or down slightly, primarily based in your stack dimension. If the Dealer doesn't qualify then the Play Guess is returned to the player and the Ante guess is paid at even cash 1:1. Poker770 is a highly regarded poker rooms amongst players looking for for a good no deposit poker bonus. The difficulty with making deposit's to poker accounts from India using a Skrill account includes the way the account's set up. For those who join a Skrill account and also you say during join that you won't be using your card to make poker deposits, the card will not work at playing websites. I entered a match on the Seminole Arduous Rock Lodge and Casino in Hollywood, Florida, about 20 minutes from my residence in South Florida. Trump Plaza had a partnership with Betfair that allowed Betfair to function an online casino in NJ. Play three-card poker online and uncover the fun of quick play and easy fun! I started taking part in online poker from the final one yr and am planning to extend the ratio in direction of tournaments going ahead. One pair is a poker hand that comprises two playing cards of the identical rank, plus three unpaired cards. An internet poker website's software is arguably crucial consider choosing a room if you're going to be taking part in quite a bit. Poker is a fairly simple game that you just solely have to do a minimal to succeed - studying the abilities, cultivating the flexibility to be stoic, and being stage-headed on a regular basis. Courts in India have not but obtained a possibility to verify these arguments, although two terse Excessive Court docket orders have indicated that the result of poker-related litigation is also constructive. With a inhabitants of over a billion folks, it could well solely be a superb thing for players to have loads of choice whereby poker site to play at. In actuality, a analysis suggests that four out of 5 poker gamers in the US use such medicine. Chris Moneymaker as an newbie poker participant received the 2003 World Series of Poker Main Occasion as a digital unknown. Born in Finland, and inspired by his fellow nation man Patrik Antonius, Ilari has made a number of stay appearances cashing in huge, proving to the world that he is not your common online grinder. This newest edition of Governor of Poker is Youda Video games' first foray into the world of multiplayer poker. For those who're looking for a relaxing recreation experience in a bus or in bathroom, this card sport is an ideal choice. He performed forward of his time and everyone else performed to catch up. Poker has the identical connotation as martial arts, it is a whole lot of completely different video games as for martial arts it's a lot of different kinds but when it game to poker Doyle was capable of play all of the games and win. As an alternative, the court prevented the issue (paywall), saying that the original case did not really confer with playing Rummy for cash. This on line casino app is appropriate with iOS devices (iPhone 3+ mobiles that run on iOS4 or past), iPads on iOS 4 or beyond and virtually every Android +four cellular machine amongst different telephones. Many poker players enjoy the flexibility of cash games compared to tournaments the place you might be usually locked in for a good period of time. Phrases & Situations Apply to all 888 Poker bonus codes and offers, for current phrases and situations click the banner advert. At some poker websites, the watch for a low restrict single desk SNG can be less than a minute during peak occasions. You could make sure that each desk you play at is beatable - and be ready to move seats or sport when you end up sat with no ‘tender spots'. The location presently affords four poker variants- No Limit Texas Hold'em, Pot Restrict Omaha, Omaha Hello/Lo and Loopy Pineapple at numerous stakes. Most forms of poker represented including: Chinese, OFC, Pineapple, Stud, Razz, Stud08, 2-7 TD, 2-7 SD, 5C Draw, Badeucy, Badacey, HORSE, Seller's Choice, 7game-12game combine, and extra. Bonomo states that the alleged rapist was released from his sponsorship contract, however this person in all probability didn't give up poker. As at all times in poker there are numerous options that the Hero may have taken to play this hand just a little better. KhelPlay brings you a platform the place you'll be able to play Poker games online and On-line Poker video games of your alternative. But the story doesn't finish right here, we being coolest online Indian poker website, redeem your free chips as real cash. Improve your game with PokerTracker four, the business leading evaluation and HUD software for poker players. http://www.vietnamhat.com.vn/index.php/en/component/k2/itemlist/user/873371
          How to get private encrypted notes with Standard Notes   
If you're looking for a cloud-based note taking tool that offers solid encryption and ease of use, Standard Notes could be exactly what you need.
          Guia Interativo sobre SSL    
SSL Certificates
symantec-wss.com

Veja o guia interativo da Symantec sobre a segurança em seus negócios e utilização da criptografia em servidores web.

https://www.symantec



ensure safe online transactions for your business, protecting your customers from internet security threats. Our interactive guide covers everything you need to get started, with an introduction to new encryption technology.
          SCCM/App Compat Engineer -   
Imaging dev/test
? Develop OS image for win7 Enterprise on Lenovo hardware, review existing customer image(s) and recommend options
? Develop SCCM OSD / MDT based automated image install with core applications included
? As part of image installation, develop automated user state migration process for laptop refresh/replace
? Provide recommendations for commonality of OS image across physical hardware and virtualized environments
? Specify settings for enterprise security & manageability, MBAM / BitLocker drive encryption and for user experience virtualization (UE-V)
? Specify any/all dependencies on Active Directory, Group Policy, SCCM, server infrastructure, networking and storage
Application management & compatibility
? Specify & recommend settings for SCCM based application installs
? Drive and contribute to application compatibility testing for Office 2013, IE11, Adobe Acrobat/Flash and Java Runtime
? Work with application SMEs to provide application remediation assistance in Office, IE etc.
Deployment
? Lead in conducting a large scale desktop refresh (600+ machines) to move all systems to the common standard
We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          Application System Engineer (Java, XSLT, Datapower)   
<span>Details:<br><ul>
<li>Acts in the highest level technical role as an individual contributor and/or team lead for the most complex computer applications and/or application initiatives. &nbsp;</li><li>Utilizes a thorough understanding of available technology, tools, and existing designs. &nbsp;</li><li>Works on the most complex problems where analysis of situations or data requires evaluation of intangible variance factors. &nbsp;</li><li>Plans, performs, and acts as the escalation point for the most complex platform designs, coding, and testing. &nbsp;</li><li>Leads most complex multiple modeling, simulations, and analysis efforts. &nbsp;</li><li>Acts as expert technical resource to programming staff in the program development, testing, and implementation process.: 10+ years application development and implementation experience.</li></ul>
&nbsp;<br>Job Description:<br><ul>
<li>Datapower developer. ******** Job Description Lending Grid middleware platform currently hosts 200+ business services and integration solutions with over 2 billion annual transactions.</li><li>A key capability of the platform includes the Integration Bus (ESB) realized through IBM Datapower XI-50/XI-52 appliances. </li><li>Team is looking for strong technical candidate with good experience developing integration solutions on Datapower with advanced XSLT skills. </li><li>The selected candidate will act as a senior technical developer with hands-on analysis, design, and development responsibilities. </li></ul>
&nbsp;<br>Additional responsibilities include: <br>&bull; Lead integration projects using multiple architectural styles on the Lending Grid platform using SOAP/WSDL, REST and EDA through the Lending Grid Integration Bus <br>&bull; Design and document complex technical integration solutions <br>&bull; Develop and implement complex solutions <br>&bull; Manage Software Development Life Cycle of solutions through multiple non-production and production environments; including automation of deployments <br>&bull; Provide support for Level1 and Level2 teams Basic Qualifications 7+ years application development and implementation experience. Minimum Qualifications<br>&bull; Experience and technical knowledge of web services, service-oriented architecture (SOA), and Enterprise Service Buses (ESB)<br>&bull; Experienced WebSphere Datapower XI-52 solution developer <br>&bull; Expertise in XML, XSLT, and XPATH <br>&bull; Experience using and writing various scripting languages (unix shell, python, ant, etc.) &bull; Working knowledge of SOMA, SOAP, REST/ROA interfaces <br>&bull; At least 4 years of Web Services architecture, design, development, Integration skills on a Java/J2EE platform <br>&bull; Strong debugging and problem solving skills with excellent understanding of system development methodologies, techniques and tools <br>&bull; Very strong soft skills (written/oral communication, customer service, team player, self-starter, pro-active, problem solver, work independently without lot of direction) Preferred Skills <br>&bull; Familiar with general security concepts (authentication, authorization, encryption, digital signatures), PKI concepts, and SSL <br>&bull; DataPower troubleshooting, services instrumentation, monitoring and logging <br>&bull; Experience with various tools including SoapUI and JMeter. <br>&bull; Experience with version control systems such as CVS and SVN <br>&bull; Experience with developing messaging solution using IBM WebSphere MQ <br>&bull; Experience opening PMR and trouble tickets to IBM <br>&bull; Experience with performance testing/monitoring and tuning<br>&nbsp;<br></span>
          Build Engineer   
This Build Engineer
- Understand various Encryption algorithms, managing certificates and Java Key stores.
- Code Release and Code merge and other release level activities using subversion
- Strong Working knowledge of Unix, Python, Ant maven and other building and script
- Proficient in Continuous Integration builds using Hudson/Jenkins
- Good understanding the programming languages like Java, .Net etc.
- Involved in writing Perl and shell scripts for compilation and deployment process and experienced in writing ANT scripts for making all the files local to the server.
- Familiar with HTTP, HTTPS, SFTP and FTP protocols,
- Work with the team of Build engineers to ensure improvements are made to the build processes.
- Foster building of reusable components which can be used across the projects.
- Good understanding of Jira as Defect tracking, Release management tools.
- Perform POCs of various tools and processes to improve Build processes. We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          Senior Network Engineer/Architect   
<span>Senior Network Engineer/Architect Job<br>&nbsp;<br>The ideal candidate for this Senior Network Engineer job will have solid network design experience. This Senior role will be THE Senior Technical person on the team. They are using Juniper Firewalls, routers and VPN, but they are constantly assessing their environment so need someone that is open to change and would be comfortable when they move to more of a cisco environment. So Cisco product experience is highly desired along with:<br>&bull; Understand scalability, architecture but ok with being a hands on engineering<br>&bull; Leadership skills/ Mentorship to more junior team members<br>&bull; Will lead some projects on occasion so any type of Project Management experience is great-even if on a very small scale (1-2 people)<br>&bull; No Data Center technologies- separate group handles everything Data Center related so Load Balancer experience isn&rsquo;t required<br>&bull; Security background would be good to have (PCI Compliance is something they are going through now)<br>&bull; Communication skills are going to be very important, as well as ambition.<br>&bull; Career potential to go into management or technical expert type of role whichever they would prefer<br>&bull; Scalability is important<br>&bull; 50/50 Split between Architecture vs. Engineering at first but will move more down the architecture path<br>&bull; Any IPS and IDS experience would be great to have<br>&bull; Split Tunneling, Ongoing Configuration<br>&nbsp;<br>The APG IT Senior Network Engineer role provides thought and technology leadership across a variety of network platforms. The role will focus on architecture and design of high quality network solutions.<br> You will be responsible for ensuring that the overall solution design meets business requirements, conforms to industry best practices, and is a cost effective solution. Work closely with management and project stakeholders across the organization. Has the ability to work collaboratively and effectively with all levels of management and staff within the organization. <br> Responsible for creating clear and maintainable designs, configuration templates, and reviewing the implementation plans of team members.<br> Expected to ensure long-term strategic solutions are effectively architected, and implemented. High degree of interaction with onsite/offsite vendor architects and engineers.<br>&nbsp;<br>AREAS OF RESPONSIBILITIES:<br>Network Architecture<br>&bull; Maintaining a current understanding of industry best-practice architecture and considerations<br>&bull; Participating in enterprise-wide design and architecture discussions as a trusted expert<br>&bull; Development and maintenance of long-term architecture for network systems<br>&bull; Identification of network metrics that can be tracked and optimized over a systems lifecycle<br>&bull; Validation that solution designs conform to reference architecture<br>&bull; Providing APG a competitive advantage with high performing technology solutions <br>&nbsp;<br>Network Engineering<br>&bull; Development and maintenance of service design and configuration templates<br>&bull; Creation of implementation and support documentation for external teams<br>&bull; Taking engineering-level ownership of full system lifecycle (Proof-of-Concept, Design, Validation, Quality Assurance, and Optimization)<br>&bull; Ensuring solution designs are value-oriented<br>&bull; Continually providing input towards system and process improvements <br>&nbsp;<br>Leadership<br>&bull; Reviewing technical designs and configuration templates for other team members<br>&bull; Prioritizing technical solution needs<br>&bull; Providing technology, solution and design training <br>&nbsp;<br>Program/Project Management<br>Responsible for directing work efforts to achieve the following:<br>&bull; Determines network solutions to meet pre-defined business requirements, functional designs, and architectural design documents for diverse population of unique end users <br>&bull; Develops conceptual architecture, flowcharts, diagrams to illustrate sequence of steps required for technical implementations <br>&bull; Participates in project team meetings and provides estimates for network task completion<br>&bull; Manages &amp; prioritizes team&rsquo;s workload to meet specified due dates<br>&bull; Provides status on assigned tasks <br>&nbsp;<br>Network Management<br>Delivers reliable and quality infrastructure into the production environment, while meeting the following objectives:<br>&bull; Ensuring streamlined network software releases on a predetermined agreed to schedule<br>&bull; Providing operational support and oversight for network monitoring toolsets <br>&bull; Providing technical leadership, clarity and direction for on-site resources and vendor teams<br>&bull; Auditing deployed systems to ensure compliance with technical standards <br>&nbsp;<br>Experience Requirements: <br>&bull; 7+ years leading complex network software and hardware implementation solutions<br>&bull; 7+ years of experience with network or systems engineering<br>&bull; 5+ years of experience with VPN technologies (site-to-site, DMVPN, Pulse/Anyconnect)<br>&bull; 5+ years of experience with using IP routing protocols, including OSPF and BGP<br>&bull; 5+ years of experience with using LAN switching technologies<br>&bull; 5+ years of experience with network security (incl. firewalls, IPS, content filtering, encryption) <br>&nbsp;<br>Awareness of the following components would be beneficial:<br>&bull; Datacenter and infrastructure operations<br>&bull; Load balancing, software-defined networking, Network Access Control (NAC)<br>&bull; Experience with PCI and PII compliance <br>&nbsp;<br>Educational Requirements:<br>&bull; BS degree in computer related field or equivalent work experience <br>&bull; Vendor certifications a plus (CCNP/JNCIP, CCIE/JNCIE Preferred)<br>&bull; Information security certifications &ndash; Nice to have <br>&nbsp;<br>&nbsp;<br></span>
          QA for App, DW, Mobile - 70%Auto - Financial Services -   
Multiple openings
Relocation and H1 transfer are considered (must have 36+ month validation)
No remote/telecommute FTE: $PAY = $90-100K depending on previous earning history and interview.
Hiring Process: Oral quiz over phone; On-line Technical test; phone interview; on-site interview; hiring decision

Salary: Ideally $90K, Max. $100K

Position: 70% Automation/30% Manual


CLIENT is creating a QA Scrum team with individuals experienced testing in the following areas: Data Warehousing, Mobile, & App. Development. These QAEs will be deployed to various development teams as needed. Hence, the need for individuals testing different things.



Manager Preferences! = Agile, Automation, & ability to create test plans.Job Responsibilities:
?Provides guidance and subject matter expertise to engineers on testing and Quality Assurance (QA) methodologies and processes
?Works with engineers to drive improvements in code quality via manual and automated testing
?Responsible for managing the definition, implementation, and integration of quality principles into the design and development of software and IT processes
?Involved in the review of requirements specifications for weaknesses in function, performance, reliability, scalability, testability, usability, and security and compliance testing, and provides recommendations
?Plans and defines testing approach, providing advice on prioritization of testing activity in support of identified risks in project schedules or test scenarios
?Develops test plans, testing resource requirements, and overall scheduling of testing activity
?Responsible for developing manual and automated test cases and configurations needed to meet testing of business requirements
?Executes test cases/scripts to ensure delivery of quality software applications
?Monitors and tracks resolution of defects, coordinating with engineers in order to prevent, report, and resolve
?Designs, monitors, and analyzes quality assurance metrics such as defect, defect counts, test results, and test status
?Identifies opportunities to adopt innovative technologies
?This ?rebel with a cause? looks beyond the obvious for continuous improvement opportunities

Required Skills/Qualifications:
? 3+ years of experience in IT, with an emphasis on QA, and proven ability in writing test cases, running functional, automated, or performance tests, and managing defects
? Experience with Agile, other rapid application development methods, and Waterfall SDLC ? Solid experience in test-driven development, unit testing, functional testing, system integration testing, regression testing, GUI testing, web service testing, and browser compatibility testing
? Experience in working with testing automation tools like JMeter, HP Load Runner, HP Quality Test Professional or, HP Quality Center, open source tools Selenium (Selenium IDE, Selenium RC, Selenium Web Driver), JUnit, Eclipse, and preparation of automation test framework
? Strong written and verbal communication skills
? Ability to effectively interpret technical and business objectives and challenges
? Ability to think abstractly and deal with ambiguous/under-defined problems
? Demonstrated willingness to learn new technologies and takes pride in how fast they develop working software

Educational requirement:
? Bachelor's or master's degree in computer science, computer engineering, or other technical discipline, or equivalent work experience, is preferred

Preferred Additional:
? Ability to enable business capabilities through innovation is a plus
? Experience with coding skills across a variety of platforms (JAVA, HTML5, DB2, XML, and Mainframe Cobol) is a plus
? Knowledge of web security and encryption technology is a plus
? Any of the following test certifications - QAI, ASQ, IIST, ISEB, ISTQB - are a plus
? Experience with payments technology and industry is a plus
? Call center experience a plus We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          Software Quality Assurance Engineer -   
Job Responsibilities:
? Provides guidance and subject matter expertise to engineers on testing and Quality Assurance (QA) methodologies and processes
? Works with engineers to drive improvements in code quality via manual and automated testing
? Responsible for managing the definition, implementation, and integration of quality principles into the design and development of software and IT processes
? Involved in the review of requirements specifications for weaknesses in function, performance, reliability, scalability, testability, usability, and security and compliance testing, and provides recommendations
? Plans and defines testing approach, providing advice on prioritization of testing activity in support of identified risks in project schedules or test scenarios
? Develops test plans, testing resource requirements, and overall scheduling of testing activity
? Responsible for developing manual and automated test cases and configurations needed to meet testing of business requirements
? Executes test cases/scripts to ensure delivery of quality software applications
? Monitors and tracks resolution of defects, coordinating with engineers in order to prevent, report, and resolve
? Designs, monitors, and analyzes quality assurance metrics such as defect, defect counts, test results, and test status
? Identifies opportunities to adopt innovative technologies
? This ?rebel with a cause? looks beyond the obvious for continuous improvement opportunities












Required Skills/Qualifications:
? 3+ years of experience in IT, with an emphasis on QA, and proven ability in writing test cases, running functional, automated, or performance tests, and managing defects
? Experience with Agile, other rapid application development methods, and Waterfall SDLC ? Solid experience in test-driven development, unit testing, functional testing, system integration testing, regression testing, GUI testing, web service testing, and browser compatibility testing
? Experience in working with testing automation tools like JMeter, HP Load Runner, HP Quality Test Professional or, HP Quality Center, open source tools Selenium (Selenium IDE, Selenium RC, Selenium Web Driver), JUnit, Eclipse, and preparation of automation test framework
? Strong written and verbal communication skills
? Ability to effectively interpret technical and business objectives and challenges
? Ability to think abstractly and deal with ambiguous/under-defined problems
? Demonstrated willingness to learn new technologies and takes pride in how fast they develop working software

Educational requirement:
? Bachelor's or master's degree in computer science, computer engineering, or other technical discipline, or equivalent work experience, is preferred

Preferred Additional:
? Ability to enable business capabilities through innovation is a plus
? Experience with coding skills across a variety of platforms (JAVA, HTML5, DB2, XML, and Mainframe Cobol) is a plus
? Knowledge of web security and encryption technology is a plus
? Any of the following test certifications - QAI, ASQ, IIST, ISEB, ISTQB - are a plus
? Experience with payments technology and industry is a plus
? Call center experience a plus
We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          QUALITY ASSURANCE ENGINEER SOFTWARE -   
Quality Assurance Engineer Software ? Phoenix, AZ, 85005

Salary: $95K

Position: 70% Automation/30% Manual

Scope

Client is creating a QA Scrum team with individuals experienced testing in: Data Warehousing, Mobile, & App. Development.

Manager Preferences! = Agile, Automation & ability to create test plans.

Job Responsibilities:

? Provides guidance and subject matter expertise to engineers on testing and Quality Assurance (QA) methodologies and processes
? Works with engineers to drive improvements in code quality via manual and automated testing
? Plans and defines testing approach, providing advice on prioritization of testing activity in support of identified risks in project schedules or test scenarios
? Develops test plans, testing resource requirements, and overall scheduling of testing activity
? Responsible for developing manual and automated test cases and configurations needed to meet testing of business requirements
? Executes test cases/scripts to ensure delivery of quality software applications
? Monitors and tracks resolution of defects, coordinating with engineers in order to prevent, report, and resolve
? Designs, monitors, and analyzes quality assurance metrics such as defect, defect counts, test results, and test status

Required Skills/Qualifications:

? 3+ years of experience in IT, with an emphasis on QA, and proven ability in writing test cases, running functional, automated, or performance tests, and managing defects
? Experience with Agile, other rapid application development methods, and Waterfall SDLC ? Solid experience in test-driven development, unit testing, functional testing, system integration testing, regression testing, GUI testing, web service testing, and browser compatibility testing
? Experience in working with testing automation tools like JMeter, HP Load Runner, HP Quality Test Professional or, HP Quality Center, open source tools Selenium (Selenium IDE, Selenium RC, Selenium Web Driver), JUnit, Eclipse, and preparation of automation test framework

Educational requirement:

? Bachelor's or master's degree in computer science, computer engineering, or other technical discipline

Preferred Additional:

? Experience with coding skills across a variety of platforms (JAVA, HTML5, DB2, XML, and Mainframe Cobol) is a plus
? Knowledge of web security and encryption technology is a plus
? Any of the following test certifications - QAI, ASQ, IIST, ISEB, ISTQB - are a plus


We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          QA AUTOMATION ENGINEER - DIRECT HIRE - PHOENIX, AZ - RELO AVAILABLE!   
If hired, our client will reimburse for relocation and will transfer a visa if necessary (if 36 months or more are left on the term).

Software Quality Assurance _ Automation Engineer ? Phoenix, AZ
Position: 70% Automation/30% Manual
Scope of Team:
Our global client is creating a QA Scrum team with individuals experienced testing in the following areas: Data Warehousing, Mobile, & App. Development. These QAEs will be deployed to various development teams as needed. Hence, the need for individuals testing different things.

Required Skills/Qualifications:
?3+ years of experience in IT, with an emphasis on QA, and proven ability in writing test cases, running functional, automated, or performance tests, and managing defects
?Experience with Agile, other rapid application development methods, and Waterfall SDLC ? Solid experience in test-driven development, unit testing, functional testing, system integration testing, regression testing, GUI testing, web service testing, and browser compatibility testing
?Experience in working with testing automation tools like JMeter, HP Load Runner, HP Quality Test Professional or, HP Quality Center, open source tools Selenium (Selenium IDE, Selenium RC, Selenium Web Driver), JUnit, Eclipse, and preparation of automation test framework
?Strong written and verbal communication skills
?Ability to effectively interpret technical and business objectives and challenges
?Ability to think abstractly and deal with ambiguous/under-defined problems
?Demonstrated willingness to learn new technologies and takes pride in how fast they develop working software

Educational requirement:
?Bachelor's or Master's degree in computer science, computer engineering, or other technical discipline, or equivalent work experience, is preferred

Preferred Additional:
?Ability to enable business capabilities through innovation is a plus
?Experience with coding skills across a variety of platforms (JAVA, HTML5, DB2, XML, and Mainframe Cobol) is a plus
?Knowledge of web security and encryption technology is a plus
?Any of the following test certifications - QAI, ASQ, IIST, ISEB, ISTQB - are a plus
?Experience with payments technology and industry is a plus
?Call center experience a plus

We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          QA AUTOMATION ENGINEER - DIRECT HIRE - PHOENIX, AZ - RELO AVAILABLE!   
If hired, our client will reimburse for relocation and will transfer a visa if necessary (if 36 months or more are left on the term).

Software Quality Assurance _ Automation Engineer ? Phoenix, AZ
Position: 70% Automation/30% Manual
Scope of Team:
Our global client is creating a QA Scrum team with individuals experienced testing in the following areas: Data Warehousing, Mobile, & App. Development. These QAEs will be deployed to various development teams as needed. Hence, the need for individuals testing different things.

Required Skills/Qualifications:
?3+ years of experience in IT, with an emphasis on QA, and proven ability in writing test cases, running functional, automated, or performance tests, and managing defects
?Experience with Agile, other rapid application development methods, and Waterfall SDLC ? Solid experience in test-driven development, unit testing, functional testing, system integration testing, regression testing, GUI testing, web service testing, and browser compatibility testing
?Experience in working with testing automation tools like JMeter, HP Load Runner, HP Quality Test Professional or, HP Quality Center, open source tools Selenium (Selenium IDE, Selenium RC, Selenium Web Driver), JUnit, Eclipse, and preparation of automation test framework
?Strong written and verbal communication skills
?Ability to effectively interpret technical and business objectives and challenges
?Ability to think abstractly and deal with ambiguous/under-defined problems
?Demonstrated willingness to learn new technologies and takes pride in how fast they develop working software

Educational requirement:
?Bachelor's or Master's degree in computer science, computer engineering, or other technical discipline, or equivalent work experience, is preferred

Preferred Additional:
?Ability to enable business capabilities through innovation is a plus
?Experience with coding skills across a variety of platforms (JAVA, HTML5, DB2, XML, and Mainframe Cobol) is a plus
?Knowledge of web security and encryption technology is a plus
?Any of the following test certifications - QAI, ASQ, IIST, ISEB, ISTQB - are a plus
?Experience with payments technology and industry is a plus
?Call center experience a plus

We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          Build Engineer -   
- Understand various Encryption algorithms, managing certificates and Java Key stores.
- Code Release and Code merge and other release level activities using subversion
- Strong Working knowledge of Unix, Python, Ant maven and other building and script
- Proficient in Continuous Integration builds using Hudon/Jenkins
- Good understanding the programming languages like Java, .Net etc.
- Involved in writing Perl and shell scripts for compilation and deployment process and experienced in writing ANT scripts for making all the files local to the server.
- Familiar with HTTP, HTTPS, SFTP and FTP protocols,
- Work with the team of Build engineers to ensure improvements are made to the build processes.
- Foster building of reusable components which can be used across the projects.
- Good understanding of Jira as Defect tracking, Release management tools.
- Perform POCs of various tools and processes to improve Build processes. We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          Linkpost | 9.22.2013   
• Major US security company warns over NSA link to encryption formula – RSA says customers using a random-number algorithm developed with the help of the NSA should switch to a stronger feature in its product. Also NSA Sends Letter to Its ‘Extended’ Family to Reassure Them That They Will ‘Weather’ This ‘Storm’ • Police
          Sr. Web Developer   
<span><span style="color:#000000;background-color:transparent;font-family:Times New Roman;font-size:12pt;font-weight:normal;font-style:normal;">Sr. Web Developer job available in Oak Creek, WI<br>&nbsp;<br>A nationally recognized and highly respected client of ours is seeking a Sr. Web Developer for direct hire/permanent placement. As a Sr. Web Developer, the position involves working in the UI, core app, and database areas. The project will be developing the application via web, with future plans that it will be automated, and eventually making it to mobile for the next phase. At this time our client is seeking W2 candidates and not seeking candidates requiring sponsorship or working corp-corp.<br>&nbsp;<br>POSITION SUMMARY <br>Designs and develops web applications and associated web services in support of our client&rsquo;s Remote Electronic Access Control solutions. The position involves working in the UI, core app, and database areas. <br>&nbsp;<br>ESSENTIAL DUTIES AND RESPONSIBILITIES include (but not limited to) the following:<br>&bull;Analyzes software requirements to determine feasibility of design within time and cost constraints.<br>&bull;Designs formal software requirements from customer/market level requirements<br>&bull;Consults with hardware engineers and other engineering staff to evaluate/develop interfaces between hardware and software<br>&bull;Designs software within operational and performance requirements of overall system<br>&bull;Responsible for reviews of all software project phases (Development requirements, Test requirements, Code)<br>&bull;Understands how to insert new code into software build and follows proper procedures<br>&bull;Works with Software Testing to resolve issues to ensure testing can continue<br>&nbsp;<br>PREFERRED QUALIFICATIONS <br>&bull;A solid understanding of networking/distributed computing environment concepts<br>&bull;Experience in web design, API and web services development<br>&bull;Solid understanding of the principles of routing, client/server programming<br>&bull;As new technologies emerge and impact our systems, expected to learn new technologies and resolve any problems involved in integrating new technologies with our systems<br>&bull;Expert knowledge of software engineering design methods and techniques, specifically Agile development methodology<br>&bull;Experience and knowledge with .NET Framework and Visual Studio<br>&bull;Experience and knowledge of maintaining and debugging live software systems<br>&bull;Ability to determine whether a particular problem is caused by hardware, operating systems software, application programs, or network failures<br>&bull;Able to look at a problem and develop multiple solution approaches<br>&bull;Possess excellent written and verbal communication skills<br>&bull;Working knowledge of security and encryption &ndash; preferable but not mandatory<br>&nbsp;<br>EDUCATION<br>Bachelor&#39;s degree in Software/Computer Engineering discipline from four-year college or university, plus 5 &ndash; 10 years related experience.<br>&nbsp;<br>TECHNICAL REQUIREMENTS<br>&bull;C#, Javascript, Angular.js, CSS, MVC, AJAX, HTLML5, XML, HTML, SQL 2008/2012, Cassandra, MongoDb, Linux, Flash, Apache Tomcat, Windows Server 2008, ASP.NET<br>*Must Have Technical Requirements: &nbsp;Strong Angular.JS experience, C#.Net, Web Development, and Web Services experience<br>&nbsp;<br>This opportunity will not last long.<br>Our client is looking to move quickly to fill this role.<br>To be considered, you must apply online now with your resume.<br>We are actively monitoring all of those that apply.<br>Apply below, and thank you for partnering with Modis! <br>&nbsp;<br>&nbsp;<br></span><br></span>
          Lead Security Software Engineer   
<span>Lead Security Software Engineer<br>&nbsp;<br>Security - San Diego (Sorrento Valley), CA - Full Time<br>&nbsp;<br>A Lead Security Software Engineer participates in the research and development of security related technologies and implementations. This research and development will help in the creation of a large product suite that enables content protection and security for video delivered via satellite, cable, and the Internet. &nbsp;The Lead Security Software Engineer collaborates with his/her teammates to deliver high-performing, scalable, high-quality products. &nbsp;The engineer should enjoy working through the software development life cycle. &nbsp;A successful engineer will be proactive, interactive, creative, and flexible. &nbsp;The engineer will need to learn and understand the entire product suite as well as gain deep technical knowledge of particular solutions in the group he/she joins. &nbsp;We are a global company and appreciate people with global awareness and knowledge (languages other than English are a bonus).<br>&nbsp;<br>Essential Duties &amp; Responsibilities:<br>&nbsp;<br>&bull; Assist development and QA teams with security related implementations and questions<br>&bull; Develop security related libraries for the development teams to use<br>&bull; Design security related protocols, secure storage mechanisms, authentication mechanisms, etc. for various products<br>&bull; Research new devices, chipsets and/or operating systems for security capabilities and weaknesses<br>&bull; Design and develop software for securing and managing premium video content in various environments<br>&bull; Participate and lead discussions dealing with architectures, specifications, requirements, testing and design reviews<br>&bull; Implement your designs, write code, write and perform unit tests, integrate into our distributed video security system and follow deliverables through the product design/development life cycle<br>&bull; Develop new algorithms and software; analyze, review, and re-architect current designs in order to create new capabilities as well as improve performance, efficiency, and sustainability<br>&bull; Estimate and plan development tasks, improve development processes and tools to meet corporate targets<br>&bull; Help train new development engineers in secure development life cycle (SDL)<br>&bull; Assist in analyzing possible security breaches and design countermeasures.<br>&bull; Participate in our innovation process to increase the company&rsquo;s patent portfolio.<br>This position reports to the Director of Security within the CTO team.<br>&nbsp;<br>Required Qualifications:<br>&nbsp;<br>&bull; 7 or more years software engineering work experience;<br>&bull; 5 or more years C/C++ or Java or Objective C design and coding experience (more than 1 language is a big plus);<br>&bull; Working knowledge of cryptographic paradigms such as PKI, Encryption, Authentication, Key exchange algorithms, etc.;<br>&bull; Understanding of software obfuscation and white-box cryptography and related commercial applications;<br>&bull; Significant programming experience using the following:<br>o Multi-threading;<br>o Network programming using TCP, UDP, etc.<br>o Client/server distributed architecture;<br>&bull; Experience with Secure Development Lifecycle (SDL) is required;<br>&bull; Knowledge of multimedia chipset security features and concepts such as Trusted Execution Environment (TEE) and TrustZone are highly desirable;<br>&bull; Familiarity with tools such as HP Fortify, penetration and fuzz testers are a plus;<br>&bull; Management experience is a bonus.<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br></span>
          Information Security Specialist   
A prestigious hospital in the Hollywood area is looking for an Information Security Specialist to hire for the long term! The employee would work closely with the infrastructure and application teams to develop and maintain enterprise-wide IT security architecture, systems security design, security practices and procedures.

An ideal candidate would have knowledge of the following concepts and technologies:

Windows Operating Systems, UNIX Operating Systems, IP networking, Active Directory provisioning and group policy, configuration management, wireless security, VPN technologies, authentication systems, single sign-on technologies, anti virus software and best practices, encryption methods, Intrusion Detection/Prevention systems, Email security, Firewall and DMZ architecture, vulnerability detection and management, IT security concepts, principles and trends, such as access control, communications security, risk management, business continuity planning, computer architecture, legal processes and procedures relating to security policy development, investigation protocols, application program security, computer operations security and physical property security. We are an equal employment opportunity employer and will consider all qualified candidates without regard to disability or protected veteran status.
          The 15 worst data security breaches of the 21st Century   

Data security breaches happen daily, in too many places at once to keep count. But what constitutes a huge breach versus a small one? CSO compiled a list of 15 of the biggest or most significant breaches of the 21st century.

This list is based not necessarily on the number of records compromised, but on how much risk or damage the breach caused for companies, insurers and users or account holders. In some cases, passwords and other information were well protected by encryption, so a password reset eliminated the bulk of the risk.

1. Yahoo

To read this article in full or to leave a comment, please click here


          Folder Lock 7.7.0   

Folder Lock is a file encryption software that offers fastest way of encrypting and password protecting files and folders. You can either choose to encrypt important files from techies or lock your files, pictures and private data from casual users. Folder Lock comes with locking, encryption, shredding, stealth mode, hack attempt monitoring, portability, plug & play support, history cleaning, and more than 20 privacy features all tailored to special needs for people wanting privacy and security.

Copyright Betanews, Inc. 2017


           TreePad SAFE 7.7.5    
Personal Information Manager with high-security encryption. Fun and easy to use.
          ✌ The Encryption Debate Should End Right Now, After Vault 7, Shadow Brokers, WannaCry, and Petya | WIRED   
✌ The Encryption Debate Should End Right Now, After Vault 7, Shadow Brokers, WannaCry, and Petya | WIRED
          UK ICO to SMEs: Data Protection Laws Apply to You   
The United Kingdom's Information Commissioner's Office (ICO) has slapped Boomerang Video Ltd. (BV), a company that rents out video games, with a £60,000 fine. The monetary penalty is the result of a 2014 data breach in which personal details of 26,000 people were stolen.
The fine deserves another look because BV's data breach was the result of an attack; it is not an instance of the "breachee" having a hand in the data breach, e.g., never changing the default password or using software that was out of date. Nothing that foolish.
At the same time, BV certainly could have done much, much better to secure their online presence.

SQL Injection Attack

As the ICO notes, the breach took place via a SQL injection attack. This in turn allowed hackers to guess a password "based on the company's name," allowing access to the company's servers. Of course, once inside, all sorts of shenanigans took place.
The hacker (or hackers) was aided by certain practices that BV engaged in, as listed by databreaches.net:
  • Boomerang Video failed to carry out regular penetration testing on its website that should have detected errors.
  • The firm failed to ensure the password for the account on the WordPress section of its website was sufficiently complex.
  • Boomerang Video had some information stored unencrypted and that which was encrypted could be accessed because it failed to keep the decryption key secure.
  • Encrypted cardholder details and CVV numbers were held on the web server for longer than necessary.
The above is not a full list (for example, they also stored cards' security codes, which are prohibited once payment is processed). But, it already paints quite a picture.

Surprising Requirements?

What may be surprising to most Britons is the level of security awareness a business must have, even if they happen to be a small- or medium-sized enterprise. SQL attacks, password complexity, penetration testing, securing encryption keys… these are not terms one is generally familiar with. You may hear it here and there once in a while, maybe even have a passing knowledge of what it may entail.
But actually doing it? Some of the listed practices lie firmly in the realm of professionals who charge a lot of money for their services. Unsurprisingly, business that are not necessarily raking it in do not seek or engage the necessary help that is required to protect their clients (and to meet the law's standards).
On the other hand, BV's website debuted in 2005, and "remedial action" to secure the site was taken in 2015. That's a long time to go without checking whether things are secure, especially considering what the internet has morphed into: among other things, a speedy region where data crimes blossom with greater severity every passing second.
The lesson to be parted with in this instance comes not in the insight you can glean from the nature of BV's digital sins and the monetary fine it was levied with, but from the ICO's enforcement manager's own words:
"Regardless of your size, if you are a business that handles personal information then data protection laws apply to you.

"If a company is subject to a cyber attack and we find they haven't taken steps to protect people's personal information in line with the law, they could face a fine from the ICO. And under the new General Data Protection Legislation (GDPR) coming into force next year, those fines could be a lot higher."
The government is sending a signal, loud and clear, and in oh-so-many ways. Are businesses listening?  
Related Articles and Sites:
https://www.databreaches.net/uk-warning-to-smes-as-firm-hit-by-cyber-attack-fined-60000/
          Securing NGINX and Customising Effect UI in Pitivi   

          Today’s Apps Gone Free: Super Happy Fun Block, Uzu, Mars Information and More   

Help Ball save what’s left of humanity, play with particles, and learn about the Red Planet with today’s collection of apps and games.

All app prices are subject to change at any time and without notice regardless of stated free duration. Price changes are solely under the control of the developers.

Universal:

Uzu – A Generative Design Playground ($1.99 → Free, 6.9 MB): Play with particles in Uzu. Anyone in need of a way to wind down.

Uzu is the generative art app that started it all. Particles swirl freely around the screen. You’re able to manipulate them with a variety of gestures. Each finger placed on the screen causes the particles to do something unique, so just experiment and enjoy. The app includes 21 animation modes, 55 presets, and the ability to create and save your own presets.

Uzu – A Generative Design Playground is available for free for a limited time. It has a 4-star rating with a total of 3508 ratings.

Cribbage HD ($3.99 → Free, 85.5 MB): A digital version of Cribbage from the same team that brought you Hearts Tournament, Spite and Malice, and Gin Rummy. Those who want to play Cribbage anytime, anywhere.

New to Cribbage? No problem. Cribbage HD helps you every single step of the way. You’re able to use hints to develop your skills and learn new strategies. If you’re unsure how a hand is scored, simply tap the “Explain” button for a breakdown. When you’ve mastered the basics you can take your skills online, compete locally against a friend, or challenge the AI. The game also includes voice chat, and the ability to personalize the cards.

Cribbage HD is available for free for a limited time. It has a 4.5-star rating with a total of 5228 ratings.

Mars Information: the Red Planet atlas ($2.99 → Free, 28.5 MB): Explore the Red Planet with Mars Information. Anyone interested in space.

Mars Information allows you to explore the Red Planet however you like. It includes five map types to choose from: Viking Orbiter MDIM 2.1, GMM-3 MOLA Topography, GMM-3 Free-Air Mars Gravity, GMM-3 Bouguer Mars Gravity, and GMM-3 Crustal Mars Thickness. From there you can freely rotate, tilt, and zoom in on the globe. The app includes 80 pinpoints that will help you identify volcanoes, craters, mountains, and spacecraft.

Mars Information: the Red Planet atlas is available for free for a limited time. It has a 5-star rating with a total of 8 ratings.

Norton WiFi Privacy VPN ($1.99 → Free, 44.6 MB): Keep your information safe from hackers and other evildoers with Norton WiFi Privacy VPN. Anyone not on a secure connection.

Norton WiFi Privacy VPN ensures that when you’re online in public, everything is kept private. It offers bank-grade Wi-Fi security encryption, so even if you’re on a public hotspot or an unsecured connection, you will be safe checking your email or paying your bills. Norton WiFi Privacy VPN also keeps your browsing history anonymous and automatically blocks ad trackers. You can even tap into VPN servers located in your home country in order to surf the web without any restrictions when traveling abroad.

Norton WiFi Privacy VPN is available for free today only (06/30). It has a 2-star rating with a total of 570 ratings.

Super Happy Fun Block ($0.99 → Free, 83.0 MB): Help Ball save what remains of humanity in Super Happy Fun Block. Gamers who enjoy puzzle-platformers.

Super Happy Fun Block makes the end of the world rather entertaining. Ball’s world was turned upside down when vibrant alien blocks fell from the sky. Help him save what’s left by maneuvering obstacles, uncovering secrets, and outsmarting the alien blocks. The precise controls allow you to run and jump with ease. You’ll also have to drag blocks around in order to reach new places, and change the color of the world to clear whatever hurdles remain.

Super Happy Fun Block is available for free for a limited time. It has a 5-star rating with a total of 36 ratings.

Neon Poly – Shape Puzzle Game ($1.99 → Free, 83.6 MB): Create and clear lines of shapes in Neon Poly. Fans of puzzle games.

Neon Poly is easy to learn but difficult to master. You’re able to choose from three types of game boards: Square, Hexagon, and Triangle. Each board includes three sizes to choose from. The board starts off as your blank canvas, and you must drag and drop shapes onto it in order to create completed rows and columns. The shapes can be rotated, but once they’re put in their place, they can not be moved unless they’re cleared. Power-ups are available in case things get chaotic.

Neon Poly – Shape Puzzle Game is available for free for a limited time. It has a 5-star rating with a total of 9 ratings.

That concludes today’s issue of Apps Gone Free. If you like staying on top �of these daily deals, don’t forget to check out our free AppsGoneFree app. It provides all the deals each day, and even an archive of past deals that are still active.

Developers:

If you are a developer who would like to get your app included in our “Apps Gone Free” daily lists, here’s our basic set of rules:

  • It must have at least a three-star average rating at the time it goes free.
  • The app must not have been free numerous times (3+) over the last six months.
  • The free version of your app must not include ads.

To submit an app, simply send a request to tyler@appadvice.com with the subject “Apps Gone Free.” Please include the name of the app, a link to it in the App Store, when and for how long you intend to offer the app for free, and anything else you would like to share. We will take it from there.


          Privato Security PrivateMail Keeps Communications Private with End-to End Encryption   

Privato Security PrivateMail provides alternative to Lavabit and Silent Mail users - free trial to keep communications private and secure.

(PRWeb August 14, 2013)

Read the full story at http://www.prweb.com/releases/2013/8/prweb11009185.htm


          Spezialrabattaktionen: 22% zum Jubiläumsjahr der PASS Deutschland e.V für Sicherheits- XEvent Tracing, sowie SQL Server 2014 Seminare + 10% Microsoft TechNet Aktion für alle   

Damit auch alle, die vor 2 Wochen nicht auf der SQL Konferenz in Darmstadt (www.sqlkonferenz.de) waren, oder nicht regelmäßig bei TechNet vorbeischauen, eine Chance haben, poste ich es hier einmal öffentlich:

1)       Zum Jubiläumsjahr der PASS Deutschland e.V erhalten alle Mitglieder den „Jubiläums-Rabatt“ von 22 Prozent (!) auf die folgenden SQL Server Master-Classes:

birthday-cake

(SES) SQL Server Security Essentials für Entwickler & Administratoren – am 3. April 2014 in Düsseldorf
- Dieses Seminar ist für alle Einsteiger geeignet, die hier alle Grundlagen für die Sicherheitsverwaltung & Architektur von SQL Server erlernen.

(SIA) Securityworkshop for SQL Server Administrators (advanced) – 4. April 2014 in Düsseldorf
- In diesem Workshop werden sicherheitsrelevante Internas der Authentifizierung, das Konzept der Contained Databases, Daten- & Backupverschlüsselung mit Transparent Data Encryption (TDE) bis hin zu Überwachungstechniken in SQL Server erlernt.

(XE1) Einsteiger-Workshop Tracing mit Extended Events in SQL Server - am 7. März 2014 in Frankfurt am Main
- Das Grundlagentraining für alle, die den Nachfolger von SQL Trace & Profiler von Grund auf beherrschen möchten.

(XE3) FastTrack to Tracing with Extended Events for SQL Server - am 1. April 2014 in Frankfurt am Main
- Für Einsteiger, die die Funktionalitäten und Einsatzmöglichkeiten der Extended Events von A-Z an einem verlängerten Tag kennenlernen möchten.

(UP2014) Aktualisierung der Kenntnisse von SQL Server 2012 auf SQL Server 2014 - am 15. Mai 2014 in Frankfurt am Main
- Der neue SQL Server 2014 steht vor der Tür. Von Buffer-Pool Erweiterungen bis zu In-Memory OLTP enthält dieser viele wichtige neue Technologien, die an diesem Tag praxisnah kennengelernt werden.

(XTC) Workshop In-Memory OLTP & ColumnStore - New Storage Engines in SQL Server 2014 - am 16. Mai 2014 in Frankfurt am Main
- An diesem eintägigen Workshop werden die neuen und verbesserten In-Memory Technologien XTP für extrem performantes OLTP und Clustered Columnstore Indexes für DataWarehousing in aller Tiefe praktisch kennengelernt.

Und das ist der Gutschein-Code (exklusiv für Mitglieder der PASS Deutschland e.V.):
10PASSDE2014 *1 *2

Tipp: jeder kann sich jederzeit noch schnell und kostenlos(!) als Mitglied bei der PASS Deutschland e.V. anmelden – Details dazu auf der Webseite der PASS: www.sqlpass.de/Mitgliedschaft/Mitgliedwerdenistkostenlos.aspx

 

2)       Außerdem freue ich mich, noch auf eine andere Aktion, und zwar in Zusammenarbeit mit der  Microsoft Technet IT Pro Academy hinweisen zu können. Für ausgewählte Seminare gibt es einen speziellen Rabattcode *1, der hier über die TechNet-Seite zu finden ist: technet.microsoft.com/de-de/bb291022?it_product=sql-server&it_topic=zertifizieren, für 10% auf weitere Seminare:


(PAT) Workshop Performance und Analyse, Techniken & -Tools
- 17./18. März 201

(SHA) Workshop Hochverfügbarkeit für SQL Server - 6./7. Mai 2014


*1  Rabatt-Codes können nicht mit anderen Codes kombiniert werden
*2 Dieser Code ist gültig bei Verwendung bis zum bis 30.4.2014


Und hier findet Ihr die Gesamtübersicht der SQL Server Master-Classes und Links zur Anmeldung:
www.sarpedonqualitylab.com/SQL_Master-Classes.htm



Viel Spaß beim Lernen wünscht

Der Andreas

 

Microsoft Certified Solutions Master Data Platform (SQL Server 2012)
Microsoft Certified Master SQL Server 2008
Microsoft Certified Trainer


          cryptmedia.com   

Crypt Media: A secure name with entertaining possibilities.

cryptmedia.com
Keywords: 
media, press, journalism, news, broadcasters, cryptic, cryptocurrency, cryptogram, encryption, protected

          VeraCrypt 1.20   

VeraCrypt is a free disk encryption software that is based on TrueCrypt 7.1a. VeraCrypt is a software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted. VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks. VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt.

Thanks to ARMOUR for the update.

Download


          AxCrypt 2.1.1513   

AxCrypt is a free, easy to use and open source file encryption tool for Windows 2000/2003/XP/Vista/2008/7 integrated into Windows Explorer. Encrypt, compress, decrypt, wipe, view and edit with a few mouse clicks. Cryptographic primitives are AES-128 and SHA-1. No configuration is necessary for AxCrypt just download it, run the installer and it's ready to go.

Thanks to Siddharta for the update.

Download


          Senior Mobile Developer - Samsung Pay - Burlington, MA   
Develop encryption library for Samsung Pay Android Application; Do you want to help shape the path of mobile payments by working on the latest technology in a...
From Samsung Pay - Wed, 24 May 2017 06:52:49 GMT - View all Burlington, MA jobs
          Joint Letter to Five Eyes Intelligence Agencies Regarding Encryption   

Related Content

To: Senator the Hon. George Brandis
Attorney General of Australi

Hon. Christopher Finlayson
Attorney General of New Zealand

Hon. Ralph Goodale
Minister of Public Safety and Emergency Preparedness of Canada

Hon. John Kelly
United States Secretary of Homeland Security

Rt. Hon. Amber Rudd
Secretary of State for the Home Department, United Kingdom

 

CC: Hon. Peter Dutton, Minister for Immigration and Border Protection, Australia;

Hon. Ahmed Hussen, Minister of Immigration, Refugees, and Citizenship, Canada;

Hon. Jeff Sessions, Attorney General for the United States;

Hon. Jody Wilson-Raybould, Minister of Justice and Attorney General, Canada;

Hon. Michael Woodhouse, Minister of Immigration, New Zealand

 

To Ministers Responsible for the Five Eyes Security Community —

In light of public reports about this week’s meeting between officials from your agencies, the undersigned individuals and organizations write to emphasize the importance of national policies that encourage and facilitate the development and use of strong encryption. We call on you to respect the right to use and develop strong encryption and commit to pursuing any additional dialogue in a transparent forum with meaningful public participation.

This week’s Five Eyes meeting (comprised of Ministers from the United States, United Kingdom, New Zealand, Canada, and Australia) discussed “plans to press technology firms to share encrypted data with security agencies” and hopes to achieve “a common position on the extent of ... legally imposed obligations on … device-makers and social media companies to co-operate.”[1] In a Joint Communiqué following the meeting, participants committed to exploring shared solutions to the perceived impediment posed by encryption to investigative objectives.[2]

While the challenges of modern day security are real, such proposals threaten the integrity and security of general purpose communications tools relied upon by international commerce, the free press, governments, human rights advocates, and individuals around the world.

Last year, many of us joined several hundred leading civil society organizations, companies, and prominent individuals calling on world leaders to protect the development of strong cryptography. This protection demands an unequivocal rejection of laws, policies, or other mandates or practices—including secret agreements with companies—that limit access to or undermine encryption and other secure communications tools and technologies.[3]

Today, we reiterate that call with renewed urgency. We ask you to protect the security of your citizens, your economies, and your governments by supporting the development and use of secure communications tools and technologies, by rejecting policies that would prevent or undermine the use of strong encryption, and by urging other world leaders to do the same.

Attempts to engineer “backdoors” or other deliberate weaknesses into commercially available encryption software, to require that companies preserve the ability to decrypt user data, or to force service providers to design communications tools in ways that allow government interception are both shortsighted and counterproductive. The reality is that there will always be some data sets that are relatively secure from state access. On the other hand, leaders must not lose sight of the fact that even if measures to restrict access to strong encryption are adopted within Five Eyes countries, criminals, terrorists, and malicious government adversaries will simply switch to tools crafted in foreign jurisdictions or accessed through black markets.[4] Meanwhile, innocent individuals will be exposed to needless risk.[5] Law-abiding companies and government agencies will also suffer serious consequences.[6] Ultimately, while legally discouraging encryption might make some useful data available in some instances, it has by no means been established that such steps are necessary or appropriate to achieve modern intelligence objectives.

Notably, government entities around the world, including Europol and representatives in the U.S. Congress, have started to recognize the benefits of encryption and the futility of mandates that would undermine it.[7]

We urge you, as leaders in the global community, to remember that encryption is a critical tool of general use. It is neither the cause nor the enabler of crime or terrorism. As a technology, encryption does far more good than harm. We therefore ask you to prioritize the safety and security of individuals by working to strengthen the integrity of communications and systems. As an initial step we ask that you continue any engagement on this topic in a multi-stakeholder forum that promotes public participation and affirms the protection of human rights.

We look forward to working together toward a more secure future.

Sincerely,
83 civil society organizations and eminent individuals (Listed Below)

 

Organizations:

Access Now

Advocacy for Principled Action in Government

Amnesty International

Amnesty UK

ARTICLE 19

Australian Privacy Foundation

Big Brother Watch

Blueprint for Free Speech

British Columbia Civil Liberties Association (BCCLA)

Canadian Civil Liberties Association (CCLA)

Canadian Journalists for Free Expression (CJFE)

Center for Democracy and Techology

Centre for Free Expression, Ryerson University

Chaos Computer Club (CCC)

Constitutional Alliance

Consumer Action

CryptoAustralia

Crypto.Quebec

Defending Rights and Dissent

Demand Progress

Digital Rights Watch

Electronic Frontier Foundation

Electronic Frontiers Australia

Electronic Privacy Information Center

Engine

Equalit.ie

Freedom of the Press Foundation

Friends of Privacy USA

Future Wise

Government Accountability Project

Human Rights Watch

i2Coalition

Index on Censorship

International Civil Liberties Monitoring Group (ICLMG)

Internet NZ

Liberty

Liberty Coalition

Liberty Victoria

Library Freedom Project

My Private Network

New America’s Open Technology Institute

NZ Council for Civil Liberties

OpenMedia

Open Rights Group (ORG)

NEXTLEAP

Niskanen Center

Patient Privacy Rights

PEN International

Privacy International

Privacy Times

Private Internet Access

Restore the Fourth

Reporters Without Borders

Rights Watch (UK)

Riseup Networks

R Street Institute

Samuelson-Glushko Canadian Internet Policy & Public Interest

Clinic (CIPPIC)

Scottish PEN

Subgraph

Sunlight Foundation

TechFreedom

Tech Liberty

The Tor Project

Voices-Voix

World Privacy Forum

Individuals:

Brian Behlendorf | Executive Director, Hyperledger, at the Linux Foundation

Dr. Paul Bernal | Lecturer in IT, IP and Media Law, UEA Law School

Owen Blacker | Founder and director, Open Rights Group; founder, NO2ID

Thorsten Busch | Lecturer & Senior Research Fellow, University of St. Gallen

Gabriella Coleman | Wolfe Chair in Scientific and Technological Literacy at McGill University

Sasha Costanza-Chock | Associate Professor of Civic Media, MIT

Dave Cox | CEO, Liquid VPN

Ron Deibert | The Citizen Lab, Munk School of Global Affairs

Nathan Freitas | Guardian Project

Dan Gillmor | Professor of Practice, Walter Cronkite School of

Journalism and Mass Communication, Arizona State University Individuals

Adam Molnar | Lecturer In Criminology, Deakin University

Christopher Parsons | The Citizen Lab, Munk School of Global Affairs

Jon Penney | Research Fellow, The Citizen lab, Munk School of Global Affairs

Chip Pitts | Professorial Lecturer, Oxford University

Ben Robinson | Directory, Outside the Box Technology Ltd and Discovery Technology Ltd

Sarah Myers West | Doctoral Candidate at the Annenberg School for Communication and Journalism

J.M. Porup | Journalist

Lokman Tsui | Assistant Professor at the School of Journalism and Communication, the Chinese University of Hong Kong (Faculty Associate, Berkman Klein Center)

 

[3] We have included a copy of that statement and its signatories to this letter, which can also be found at https://securetheinternet.org.

[4] https://judiciary.house.gov/wp-content/uploads/2016/12/20161220EWGFINALR.... Such efforts will affect law-abiding individuals more aggressively than malicious actors as the latter are more likely to seek out and find secure cryptographic alternatives.

[5] Discouraging the use of encryption facilitates unauthorized access to sensitive personal data, including financial and identity information, by criminals and other malicious actors. Once obtained, sensitive data can be sold, publicly posted, or used to blackmail, exploit, or humiliate an individual. Finally, at a time of ever-growing cybersecurity threats, strong encryption tools are also necessary for the work of human rights activists across the globe. See, https://citizenlab.org/2017/06/reckless-exploit-mexico-nso/; See also http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Documents....

[6] Imposing limits on the availability of strong encryption technology or requiring device manufacturers and technology firms to assist governments in gaining access to encrypted data threatens the security of international commerce and business. Economic growth in the digital age is powered by the ability to conduct business securely—both within and across borders. The largest companies in the world rely on strong encryption to ensure trust, authenticate digital interactions, protect financial transactions and their own intellectual property, and maintain the confidentiality of user data. Compelling technology companies to undermine the security of their users will inevitably undermine customer trust in those services. https://www.nytimes.com/2014/03/22/business/fallout-from-snowden-hurting.... States are equally reliant on strong encryption and technical security: encryption protects the integrity of critical national infrastructure, shields sensitive government data, and preserves the confidentiality of law enforcement and intelligence investigations.

[7] A statement on encryption-based challenges to investigative capabilities issued jointly by ENISA and Europol in 2016 concluded that “intentionally weaken[ing] technical protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well.” https://www.europol.europa.eu/publications-documents/lawful-criminal-inv.... An Encryption Working Group of the United States House Judiciary & House Energy and Commerce Committees observed that “any measure that weakens encryption works against the national interest.” https://judiciary.house.gov/wp-content/uploads/2016/12/20161220EWGFINALR.... The former U.S. President’s Review Group on Intelligence and Communications Technology concluded in late 2013 that the Government should actively encourage, rather than discourage, widespread adoption of strong cryptography, a conclusion endorsed by many of the world’s largest technology companies. https://cdn.arstechnica.net/wp-content/uploads/2015/05/cryptoletter.pdf. In a draft 2017 report, the European Parliament’s LIBE committee has proposed requiring—rather than undermining—end-to-end encryption in electronic communication services: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fNONS..., proposed amendment 116. It should be noted that leading technical security experts have similarly concluded that exceptional state access to encrypted data cannot be achieved without a correlating exposure to malicious actors: https://www.schneier.com/academic/paperfiles/paper-keys-under-doormats-C....


          IC Resources Ltd: Software Engineer Linux, C, Security   
£37000 - £50000 per annum: IC Resources Ltd: Leading security software development organisation urgently seeks Software Engineers for the development of the next generation of their Linux based security and encryption products. London
          Encryption and Data Policies Help Boost Mobile Backup   
Mobile data backup presents the challenge of remote users accessing data around the clock, but there are steps you can take to make it easier. Published by: SearchDataBackup.com
          Basic Cable Encryption (NYC)   
Telecom, Broadband & Media Alert
          Database Insider - June 2017 issue   

The June issue of the Database Insider newsletter is now available.

Some of the articles in this issue include

The New World of Database Technologies

The world of data management in 2017 is diverse, complex and challenging. The industry is changing, the way that we work is changing, and the underlying technologies that we rely upon are changing. During this transition, two trends will continue to dominate data management discussions: the adoption of new "big data" technologies and the movement to the cloud. Download this report to learn about the key developments and emerging best practices for tackling the challenges and opportunities in databases today. 
Download the white paper.

New! Oracle Database Audio White Papers

Get a long commute? You can now listen to the new Oracle Database Audio White Papers and learn the latest technology while you're on the road. Topics include Oracle Multitenant, Transforming Data Management with Oracle Database 12c Release 2, and Best Practices for IoT Workloads. It's like having you favorite Oracle Database Product Manager in your pocket! 
Visit Oracle Database Audio White Papers channel. 
Read Maria Colgan's blog for an overview.

Oracle Cloud Platform Innovation Awards: Calling All Oracle Cloud Innovators

Do you use Oracle Cloud Platform, specifically Oracle Database Cloud Services, Exadata Cloud Service or Big Data Cloud Services, to deliver unique business value? If so, nominate your organization for the 2017 Oracle Excellence Award for Oracle Cloud Platform Innovation by July 10. Winners will be honored during a special event at Oracle OpenWorld (October 1-5) in San Francisco. 
Learn more about Oracle Cloud Platform Innovation Awards. 
Nominate your organization.

 

Oracle Database Cloud Services "How To" Series

June – September, Americas and EMEA time zones 

Delivered by Oracle Database product management and development, this webcast series is your guide to success with Oracle Database Cloud Services. Presenters will give you architectural insight, technical guidance, and practical steps to help you gain better knowledge in Oracle Database Cloud Service. No matter you are a DBA, a developer, an application architect, a cloud architect, or an IT director, you'll benefit from the technical tips and best practices offered in this webcast series. Mark your calendar for upcoming webcasts!

 

Read the full newsletter here

 


          IaaS & Database Cloud Services Technical Workshops for Partners - Remote format   

 

  Oracle EMEA Partner Sales         Workshop for EMEA Partners - Remote         Oracle Invitation   Oracle Cloud Platform: Run and Manage Infrastructure as a Service Workshop    

5-day Hands-on Remote Workshop

Oracle Cloud Platform provides customers and managed service providers (MSPs) the ability to run and manage any Oracle or non-Oracle workload in the cloud.

This workshop will focus on use cases that are typical to Dev Ops and IT Ops in terms of building, configuring, orchestrating, running and managing workloads on Oracle Compute Cloud Service and Storage Cloud Service. 

This Invite-Only hands-on workshop will be delivered by Oracle Development at No-Fee to Partners. It consists of presentations, live demos, and hands-on laboratory exercises.

IMPORTANT: A fully executed Demonstration Services Addendum to the OPN Agreement is required for this workshop.

If your company has not previously accepted this addendum, please
click here to review and accept the terms and conditions. You should be authorized by your company to accept the legal addendum.

Workshop Logistics:

For remote participation joining instructions will be provided together with confirmation email.

Workshop Dates:

 

5th - 9th Jun, 2017 (Mon-Fri) Remote participation only

3rd - 7th Jul, 2017 (Mon-Fri) Remote participation only

7th - 11th Aug, 2017 (Mon-Fri) Remote participation only

11th-15th Sep, 2017 (Mon-Fri)
Remote participation only

9th - 13th Oct, 2017 (Mon-Fri) Remote participation only

6th - 10th Nov, 2017 (Mon-Fri) Remote participation only

4th - 8th Dec, 2017 (Mon-Fri) Remote participation only

Workshop Time:

 

9:00 AM – 5:30 PM (CET for Remote Only Workshops) Exact time will be informed 
with confirmation email.

  na

Workshop Format

»  Approximately 3-4 hours of presentation and Q&A during AM.

»  Participants will independently work on laboratory activities after the 3-4 hours presentation.

»  You will also have access to a forum where you will be able to post questions. We are monitoring this forum to ensure that you will get prompt assistance as you independently work on assigned laboratory work in the afternoon.

»  Access to Oracle Cloud partner community forum.

na

Agenda

»  Oracle Infrastructure as a Service Overview

»  Oracle Bare Metal Cloud Services

  • Architecture Overview
  • Compute Service
  • Block Volume and Object Storage Services
  • Networking Service – Virtual Cloud Networks, IPSec VPN
  • Identity and Access Management Services

»  Oracle Compute Cloud Service, Storage Cloud Service, Archive Cloud Service

  • Overview – Oracle Compute, Dedicated Compute, Oracle Cloud Customer
  • Identity and Access Management for Compute, Storage, Archive Cloud Service
  • Oracle Compute and Block Storage
  • Virtual Networking – Network Groups, Security Lists, Access Rules, IP Networks, IPSec VPN
  • Oracle Storage Cloud Service, Oracle Archive Cloud Service, Software Cloud Appliance
  • Oracle Cloud Marketplace
  • Hands-on Lab: Compute Cloud Service basic operations
    • Create instances
    • Virtual Networking – Network Groups, Security Lists, Access Rules, IP Networks
    • Block Storage
  • Hands-on Lab: Docker Containers on Oracle Linux instances in Compute
  • Hands-on Lab: Instance Configuration Management
  • Hands-on Lab: Compute Cloud Service API
  • Hands-on Lab: Orchestration Best Practices – using Cloud UI and API
  • Hands-on Lab: Storage Cloud Service API
  • Hands-on Lab: Deploying workloads on Oracle Compute with Chef
  • Hands-on Lab: Deploying Oracle Cloud Marketplace images in Compute
  • Hands-on Lab: Provision using Terraform

»   Oracle Network Cloud Service

  • FastConnect Standard Edition Overview
  • FastConnect Partner Edition Overview

»  Oracle Ravello Cloud Service

  • Ravello Cloud Service Overview and Architecture
  • Hands-on Lab: Running VMs on Oracle Ravello Cloud Service, Network Overlay Configuration

»  Oracle Container Cloud Service

  • Oracle Container Cloud Service Overview
  • Hands-on Lab: Create Resource Pool, Define Application Stack with Docker Compose YAML, Deploying Container workload

»  Use Cases for Oracle Infrastructure as a Service

  • Use Cases for Oracle Infrastructure as a Service
  • Technical Considerations: Oracle Infrastructure as a Service offerings
  • Managed Services on the Oracle Cloud Platform

»  Oracle Database Cloud Service

  • Oracle Database Cloud Service Overview
  • Oracle Database Cloud Service Provisioning and Tools
  • Oracle Database Cloud Service Development
  • Oracle Backup Cloud Service
  • Oracle Database Cloud Exadata Service
  • Oracle Database Cloud Service In Production, SLA, IaaS, DBaaS, Exadata
  • Oracle Database Cloud Service Performance
  • Technical Considerations: Oracle Database on Oracle Cloud options
  • Hands-on Lab: Provision the Database Service, SSH to explore Image
  • Hands-on Lab: Manage and Monitor with Database Consoles
  • Hands-on Lab: Migrating a PDB between Two Database Cloud Service
  • Hands-on Lab: Explore Database Security with Transparent Database Encryption
  • Hands-on Lab: Provision the Oracle Database Cloud Service Virtual Image
  • Hands-on Lab: Backup and Restore your Database
na

Target audience

Cloud Architects, Dev Ops Engineers, IT Ops Engineers, AMS Consultants, System, Database and Weblogic Administrators.

na

Prerequisites

Familiarity with following topics is recommended:

  • Deploying solutions on cloud providers such as Amazon EC2, Azure or deploying applications on-premise
  • Virtualization, Linux administration & scripting
  • REST/JSON and Curl
  • Configuration Management using Chef, Puppet etc.
na

Preparation work

»  Oracle Compute Cloud Service Introduction

»  Oracle Compute Cloud Data Sheet

»  Oracle Compute Cloud FAQ

»  Oracle Compute Cloud Get Started Videos

»  Oracle Compute Cloud Service User Interface Walk-through

Be Recognized and Become a IaaS Implementation Certified Specialist

Oracle Infrastructure as a Service (IaaS) 2017 Implementation Essentials Exam (1Z0-337) is designed for recognizing individuals who demonstrate the knowledge to architect and implement Oracle IaaS. Individuals who earn this certification are able to detail, subscribe, deploy, configure, and utilize Oracle Infrastructure as a Service services. That gives the partner additional benefit, expertise and recognition in Oracle IaaS among partners ecosystem and OPN specialized program. Contact local Enablement Manager for free voucher. This is a big commitment for you and we encourage you to be well prepared.

na

Registration

Upon approval participant will receive an email confirmation including instructions. Please note that workshop registrations will be closed one week prior the workshop in order for participants to have proper preparation time and in order for Oracle to set up hands on environment for participants. 

EMEA Program Contact: anne.hornborg@oracle.com

Register

na

Useful Links

»  Oracle Cloud

»  Cloud Documentation

»  IaaS Resource Kit

   

Thank you very much for your continued support and partnership!

With Specialized Greetings,

Oracle PartnerNetwork Team

        ResourcesResources      

Oracle Partner Business CenterBlue Arrow

         

Oracle Cloud Implementation Training for PartnersBlue Arrow

         

Oracle Partner Trainings CalendarBlue Arrow

         

Get certified on IaaSBlue Arrow

         

Partner Enablement Nordics LinkedInBlue Arrow

         

OPN Competency CenterBlue Arrow

              Oracle Corporation Facebook Twitter LinkedIn Youtube Google+ Blog   Integrated Cloud  
 

 


          Cyber preparedness low among UK councils, survey shows   

Confidence among UK local authorities about being prepared and well equipped to deal with a cyber attack is relatively low, a survey has revealed Only just over half of local authorities across the UK are prepared to deal with a cyber attack, according to a survey of more than 100 council leaders by PricewaterhouseCoopers . Security technologist Bruce Schneier's insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken's comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.


          IT Services Specialist II - Electronic Arts - Redwood City, CA   
MS Offce Suite, MS Visual Studio, Skype for Business, Oracle, OKTA, Adobe Suite, Cisco VPN, Virtual Machines, Data Encryption, Python, Tableau, Slack, Box, Maya...
From Electronic Arts - Tue, 13 Jun 2017 05:11:07 GMT - View all Redwood City, CA jobs
          The Surveillance State & Censorship Legislation Conundrum: Dragnet Surveillance & Censorship Legislation Will Do Nothing to Eliminate Cyber Jihad & Lone Wolf Recruiting   
Recent efforts by governments to weaken encryption, introduce exploitable vulnerabilities into applications, and to develop Nation-state dragnet surveillance programs will do little to stymie the rise in terrorist attacks.  These efforts will be a detriment to national secur …
          WannaCry Ransomware | Solution | Fix   
Since the WannaCry ransomware ripped through the internet in May 2017, infecting hundreds of thousands of machines and locking up critical systems from health care to transportation, cryptographers have searched for a cure. Finding a flaw in WannaCry’s encryption scheme, after all, could decrypt all those systems without any ransom. Now one French researcher says he’s found at least a hint of

          EuroBSDCon 2009 - Cambridge, UK   

The 8th EuroBSDCon was held at University of Cambridge in the United Kingdom on 18 - 20 September 2009. This year four NetBSD Developers, Alistair Crooks, Adam Hamsik, Joerg Sonnenberger and Arnaud Ysmal, presented a range of topics including Role Based Access Control, Journaling FFS, NetBSD LVM, The pkgsrc wrapper framework, A BSD licensed PGP library, and fs-utils: File systems access tools in userland.

Role Based Access Control - Alistair Crooks

This talk describes the design, implementation and real-world experience of implementing Role-Based Access Control in the NetBSD kernel. Using the existing kauth(9) facility, root's privileged operations have been split into 57 separate roles, and this talk will explain the different role groupings, the development process, design and implementation decisions, kernel and user level changes necessary, and practical lessons learned.

Slides

Paper

Journalling FFS - Joerg Sonnenberger

The talk reintroduces FFS and the consistency constraints for meta data updates. It introduces the WAPBL changes, both in terms of the on-disk format and the implementation in NetBSD. Finally the implementation is compared with other file systems and specific issues of and plans for the current implementation are discussed.

Slides

NetBSD LVM - Adam Hamsik

This talk introduces LVM as a method of allocating disk space on a disk storage devices. Which is more flexible than conventional ones. Logical Volume Manager can usually stripe, mirror or othervise combine disk partitions to bigger virtual partitions which can be easily moved, resized or manipulated in different ways while in use. Volume Management is one form of disk storage virtualization used in Operating Systems.

The NetBSD LVM has two parts user land tools and a kernel driver. Kernel driver is called device- mapper. User land part is based on Linux lvm tools developed by a community managed by Redhat inc.

The Device-mapper driver can create virtual disk devices according to device table loaded to it. This table specifies which devices are used as a backend, on which offset on particular device virtual device starts. Device-mapper configuration is not persistent and must be loaded to kernel after each reboot by lvm the tools.

Slides

Paper

The pkgsrc wrapper framework - Joerg Sonnenberger

The wrapper framework in pkgsrc serves two central roles: - abstracting compiler specifica - limiting visibility of installed packages in combination with buildlink. It helps making package builds a lot more reproducable and decreases the number of patches for platforms that are not using GCC or ELF. The offered flexibility comes at a price, both in terms of execution speed and code complexity. This talk explains how the wrapper framework interacts with the rest of pkgsrc, analyzes the performance of the existing implementation and introduces a simpler and faster reimplementation.

Slides

Paper

netpgp - BSD-licensed privacy software - Alistair Crooks

This talk introduces the netpgp library, a BSD-licensed PGP library, which is compatible with the GNU Privacy Guard program (GPG or GNUPG). The library itself is described, and the suite of userland programs built around it, such as the signing/verification/encryption and decryption program, a program to manage keys, and a separate standalone verification program. Possible practical uses for the library are also provided, along with a demonstration of some of these uses.

Slides

Paper

fs-utils: File systems access tools in userland - Arnaud Ysmal

This talk introduces the fs-utils set of tools, an application suite which provides mtools-like file system access without requiring mount privileges or an in-kernel driver. fs-utils reuses the kernel file system drivers through the RUMP framework and the UKFS library instead of relying on a userspace reimplementation. It supports a total of 12 file systems from NetBSD plus FUSE file systems, and offers the same usage as the well-known tools (e.g. all of the flags of ls are supported).

Slides

Paper


          Privacy Preserving Context Aware Publish Subscribe Systems 2013-1   

Publish/subscribe (pub/sub) systems support highly scalable, many to many communications among loosely coupled publishers and subscribers.Modern
pub/sub systems perform message routing based on the message content and allow subscribers to receive messages related to their subscriptions and the current context. However, both content and context encode sensitive information
which should be protected from third-party brokers that make routing decisions. In this work, we address this issue by proposing an approach for constructing a
privacy preserving context-based pub/sub system. In particular, our approach assures the confidentiality of the messages being published and subscriptions being issued while allowing the brokers to make routing decisions without decrypting individual messages and subscriptions, and without learning the context. Further, subscribers with a frequently changing context such as location are able to issue and update subscriptions without revealing the subscriptions in plaintext to the broker and without the need to contact a trusted third party for each subscription change resulting from a change in the context. Our approach is based on a modified version of the Paillier additive homomorphic cryptosystem and a recent expressive group key management scheme. The former construct is used to perform privacy preserving matching and covering, and the latter construct is used to enforce fine-grained encryption based access control on the messages being published. We optimize our approach in order to efficiently handle frequently changing contexts. We have implemented our approach in a prototype using an industry strength JMS broker middleware. The experimental results show that our approach is highly practical.


          Comment on Google Keyword Tool Retires by Google Web Designer Public Beta Ad Focsed | eBiz ROI, Inc.   
[…] readers agree. The negative sentiment may be fueled by recent changes at Google such as the Google Keyword Tool retirement and accelerating the encryption of all organic search data (Not Provided). These changes are viewed […]
          Software: PhockUp, Terminus, Weblate, PiCluster, FreeDOS, LibreOffice, Jio Cinema, and (GNU) GRUB   
  • PhockUp is a Clever CLI Tool To Organize Photos by Date

    Phockup is a simple, straightforward, command line tool for sorting photos into folders based on date. It's an ideal tool for making organized backups.

  • Terminus is modern, highly configurable terminal app for Windows, Mac and Linux

    Hands up if use GNOME Terminal as your default terminal on Ubuntu? That’s a lot of hands. GNOME Terminal is great. It’s fast, featured, and straightforward. But it doesn’t hurt to try a few alternatives to it from time to time. Be it the vintage chic of retro term or the modern minimalism of Hyper.

  • Weblate 2.15

    Weblate 2.15 has been released today. It is slightly behind schedule what was mostly caused by my vacation. As with 2.14, there are quite a lot of security improvements based on reports we got from HackerOne program and various new features.

  • [Old] Why Use Package Managers?

     

    Fortunately, the vast majority of all open source software installs can be made trivial for anyone to do for themselves.  Modern package managers perform all the same steps as a caveman install, but automatically.  Package managers also install dependencies for us automatically.

    [...]

    The pkgsrc package manager is unique in that it fully supports most POSIX compatible (Unix-like) operating systems.

  • What’s new in PiCluster 1.9

    PiCluster is a great platform to manage and orchestrate Docker containers.  Although it started as a way to manage my Raspberry Pi’s,   it can be run on any operating system that supports Node.js and Docker.  PiCluster has been under heavy development lately and I like to share what is new in v1.9.

  • 4 cool facts you should know about FreeDOS

    In the early 1990s, I was a DOS "power user." I used DOS for everything and even wrote my own tools to extend the DOS command line. Sure, we had Microsoft Windows, but if you remember what computing looked like at the time, Windows 3.1 was not that great. I preferred working in DOS.

  • LibreOffice Mascot competition
  • Jio Cinema app now runs on Samsung Tizen TV

    Over the years, Samsung Electronics has unveiled a lot of Tizen-powered devices, many of which have received positive reviews. Two years ago, Samsung decided to start shipping Tizen on all of its upcoming Smart TVs as part of a bid to boost Tizen TV ecosystem. Since then, we have seen the likes of the SUHD TV line which was unveiled at CES 2016, Las Vegas, an event in which Samsung released a total of 49 TVs at the same time. Now, to further boost the popularity of Samsung-Tizen TV, Jio Cinema has been added to its Tizen TVs.

  • d2k17 hackathon report: Martin Pieuchot on moving the network stack out of the big lock

    I came to unlock the forwarding path and thanks to the multiple reviews from bluhm@, sashan@ and claudio@ it happened! It started as a boring hackathon because I had to review and fix all the abuses of splnet() in pseudo drivers but then it went very smoothly. I still haven't seen a bug report about the unlock and Hrvoje Popovski even reported a 20% forwarding performance increase.

  • GRUB Now Supports EXT4 File-Systems With Encryption

    The GRUB bootloader now supports file-systems making use of EXT4 file-system encryption but where the boot files are left unencrypted.


          IT Security Officer at Stanbic IBTC Bank   
Stanbic IBTC Bank is a leading African banking group focused on emerging markets globally. It has been a mainstay of South Africa&#39;s financial system for 150 years, and now spans 16 countries across the African continent.Standard Bank is a firm believer in technical innovation, to help us guarantee exceptional client service and leading edge financial solutions. Our growing global success reflects our commitment to the latest solutions, the best people, and a uniquely flexible and vibrant working culture. To help us drive our success into the future, we are looking for resourceful individuals to join our dedicated team at our offices.We are recruiting to fill the position below:Job Title: IT Security OfficerJob ID: 24894Location:&nbsp;Lagos Island, LagosJob Sector: Information Technology and ServicesJob DetailsGroup Information Technology: systems development, business analysis, architecture, project management, data warehousing, infrastructure, maintenance and productionJob PurposeTo provide an operational IT Security support to ensure that the bank is not compromised in anyway. The operation support includes anti-virus, intrusion detection, key management as well the delivery of and content scanning of all internet mail incoming and outgoing.Ensuring that all incidents are responded to, actioned and resolved within the required MTTR. Also ensure that calls are escalated and communicated to the required support area and user.Key Responsibilities/AccountabilitiesConfigure, install and support all security softwareResponsible for administration of the firewall and monitoring of security tools &amp; software with special focus on infrastructure and network securityTesting of security software for new technologiesTest and implement approval firewall rulesSupport of Firewall, ISA, Mail Marshal, Blackberry, OWA,E-Mail, Encryption Tools, Mail Marshal, AD, Equinox, Anti VirusTesting of security software for new technologiesGenerating, loading and maintaining the life cycle of all encryption keys for the BankResponding to and resolving all Firewall, ISA, Mail Marshal, Blackberry, OWA incidentsAdministration and monitoring of Intrusion detection &amp; intrusion prevention tools for workstations and serversEngagement:Partner with relevant stakeholders to maintain and improve the security posture of Business and IT.Develop appropriate measures to understand the effectiveness of securing the bank through the availability of systems.Service Delivery:Perform monitoring via the Security Information and Event Management (SIEM) tool as well as from external sources (e.g. telephone or email).Report on false positives and escalate those to the Lead Analyst for verification.Undertake incident analysis, tracking, recording, and response.Work with or assist other Cyber Security Incident Response Team (CSIRT) members in analysis activities.Report new attack types or suspicious activity to the Lead Analyst.Update the Case Management tools with evidence trails of all analysed incidents.Document results of incidents.Escalate and provide feedback on incidents as per Incident Handling Classification Standard and process.Provide support to Lead Analyst and coordinate activities in support of Incident Containment.Interact with the CSIRT team by assignment from Lead Analyst or Manager of Cyber Security Operations Centre.Mitigation of Risk:Continuously report on incidents identified via the SIEM.Spot patterns across a number of systems to provide advanced warning on new threats.Have an in-depth knowledge of Stanbic IBTC&rsquo;s policies, procedures, or overall IT environment. Adherence to all applicable Policies and Procedures is mandatory.Reporting:Ad- hoc compilation and submission of M.I.S reports.Security incidents reporting.&nbsp;

Apply at https://ngcareers.com/job/2017-06/it-security-officer-at-stanbic-ibtc-bank-664/


          Tim Taubert: Verified Binary Multiplication for GHASH   

Previously I introduced some very basic Cryptol and SAWScript, and explained how to reason about the correctness of constant-time integer multiplication written in C/C++.

In this post I will touch on using formal verification as part of the code review process, in particular show how, by using the Software Analysis Workbench, we saved ourselves hours of debugging when rewriting the GHASH implementation for NSS.

What’s GHASH again?

GHASH is part of the Galois/Counter Mode, a mode of operation for block ciphers. AES-GCM for example uses AES as the block cipher for encryption, and appends a tag generated by the GHASH function, thereby ensuring integrity and authenticity.

The core of GHASH is multiplication in GF(2128), a characteristic-two finite field with coefficients in GF(2); they’re either zero or one. Polynomials in GF(2m) can be represented as m-bit numbers, with each bit corresponding to a term’s coefficient. In GF(23) for example, x^2 + 1 may be represented as the binary number 0b101 = 5.

Additions and subtractions in finite fields are “carry-less” because the coefficients must be in GF(p), for any GF(pm). As x * y is equivalent to adding x to itself y times, we can call multiplication in finite fields “carry-less” too. In GF(2) addition is simply XOR, so we can say that multiplication in GF(2m) is equal to binary multiplication without carries.

Note that the term carry-less only makes sense when talking about GF(2m) fields that are easily represented as binary numbers. Otherwise one would rather talk about multiplication in finite fields without comparing it to standard integer multiplication.

Franziskus’ post nicely describes why and how we updated our AES-GCM code in NSS. In case a user’s CPU is not equipped with the Carry-less Multiplication (CLMUL) instruction set, we need to provide a fallback and implement carry-less, constant-time binary multiplication ourselves, using standard integer multiplication with carry.

bmul() for 32-bit machines

The basic implementation of our binary multiplication algorithm is taken straight from Thomas Pornin’s excellent constant-time crypto post. To support 32-bit machines the best we can do is multiply two uint32_t numbers and store the result in a uint64_t.

For the full GHASH, Karatsuba decomposition is used: multiplication of two 128-bit integers is broken down into nine calls to bmul32(x, y, ...). Let’s take a look at the actual implementation:

/* Binary multiplication x * y = r_high << 32 | r_low. */
void
bmul32(uint32_t x, uint32_t y, uint32_t *r_high, uint32_t *r_low)
{
    uint32_t x0, x1, x2, x3;
    uint32_t y0, y1, y2, y3;
    uint32_t m1 = (uint32_t)0x11111111;
    uint32_t m2 = (uint32_t)0x22222222;
    uint32_t m4 = (uint32_t)0x44444444;
    uint32_t m8 = (uint32_t)0x88888888;
    uint64_t z0, z1, z2, z3;
    uint64_t z;

    /* Apply bitmasks. */
    x0 = x & m1;
    x1 = x & m2;
    x2 = x & m4;
    x3 = x & m8;
    y0 = y & m1;
    y1 = y & m2;
    y2 = y & m4;
    y3 = y & m8;

    /* Integer multiplication (16 times). */
    z0 = ((uint64_t)x0 * y0) ^ ((uint64_t)x1 * y3) ^
         ((uint64_t)x2 * y2) ^ ((uint64_t)x3 * y1);
    z1 = ((uint64_t)x0 * y1) ^ ((uint64_t)x1 * y0) ^
         ((uint64_t)x2 * y3) ^ ((uint64_t)x3 * y2);
    z2 = ((uint64_t)x0 * y2) ^ ((uint64_t)x1 * y1) ^
         ((uint64_t)x2 * y0) ^ ((uint64_t)x3 * y3);
    z3 = ((uint64_t)x0 * y3) ^ ((uint64_t)x1 * y2) ^
         ((uint64_t)x2 * y1) ^ ((uint64_t)x3 * y0);

    /* Merge results. */
    z0 &= ((uint64_t)m1 << 32) | m1;
    z1 &= ((uint64_t)m2 << 32) | m2;
    z2 &= ((uint64_t)m4 << 32) | m4;
    z3 &= ((uint64_t)m8 << 32) | m8;
    z = z0 | z1 | z2 | z3;
    *r_high = (uint32_t)(z >> 32);
    *r_low = (uint32_t)z;
}

Thomas’ explanation is not too hard to follow. The main idea behind the algorithm are the bitmasks m1 = 0b00010001..., m2 = 0b00100010..., m4 = 0b01000100..., and m8 = 0b10001000.... They respectively have the first, second, third, and fourth bit of every nibble set. This leaves “holes” of three bits between each “data bit”, so that with those applied at most a quarter of the 32 bits are equal to one.

Per standard integer multiplication, eight times eight bits will at most add eight carry bits of value one together, thus we need sufficiently sized holes per digit that can hold the value 8 = 0b1000. Three-bit holes are big enough to prevent carries from “spilling” over, they could even handle up to 15 = 0b1111 data bits in each of the two integer operands.

Review, tests, and verification

The first version of the patch came with a bunch of new tests, the vectors taken from the GCM specification. We previously had no such low-level coverage, all we had were a number of high-level AES-GCM tests.

When reviewing, after looking at the patch itself and applying it locally to see whether it builds and tests succeed, the next step I wanted to try was to write a Cryptol specification to prove the correctness of bmul32(). Thanks to the built-in pmult function that took only a few minutes.

m <- llvm_load_module "bmul.bc";

let {{
  bmul32 : [32] -> [32] -> ([32], [32])
  bmul32 a b = (take`{32} prod, drop`{32} prod)
      where prod = pad (pmult a b)
            pad x = zero # x
}};

The SAWScript needed to properly parse the LLVM bitcode and formulate the equivalence proof is straightforward, it’s basically the same as shown in the previous post.

llvm_verify m "bmul32" [] do {
  x <- llvm_var "x" (llvm_int 32);
  y <- llvm_var "y" (llvm_int 32);
  llvm_ptr "r_high" (llvm_int 32);
  r_high <- llvm_var "*r_high" (llvm_int 32);
  llvm_ptr "r_low" (llvm_int 32);
  r_low <- llvm_var "*r_low" (llvm_int 32);

  let res = {{ bmul32 x y }};
  llvm_ensure_eq "*r_high" {{ res.0 }};
  llvm_ensure_eq "*r_low" {{ res.1 }};

  llvm_verify_tactic abc;
};

Compile to bitcode and run SAW. After just a few seconds it will tell us it succeeded in proving equivalency of both implementations.

$ saw bmul.saw
Loading module Cryptol
Loading file "bmul.saw"
Successfully verified @bmul32

bmul() for 64-bit machines

bmul32() is called nine times, each time performing 16 multiplications. That’s 144 multiplications in total for one GHASH evaluation. If we had a bmul64() for 128-bit multiplication with uint128_t we’d need to call it only thrice.

The naive approach taken in the first patch revision was to just double the bitsize of the arguments and variables, and also extend the bitmasks. If you paid close attention to the previous section you might notice a problem here already. If not, it will become clear in a few moments.

typedef unsigned __int128 uint128_t;

/* Binary multiplication x * y = r_high << 64 | r_low. */
void
bmul64(uint64_t x, uint64_t y, uint64_t *r_high, uint64_t *r_low)
{
    uint64_t x0, x1, x2, x3;
    uint64_t y0, y1, y2, y3;
    uint64_t m1 = (uint64_t)0x1111111111111111;
    uint64_t m2 = (uint64_t)0x2222222222222222;
    uint64_t m4 = (uint64_t)0x4444444444444444;
    uint64_t m8 = (uint64_t)0x8888888888888888;
    uint128_t z0, z1, z2, z3;
    uint128_t z;

    /* Apply bitmasks. */
    x0 = x & m1;
    x1 = x & m2;
    x2 = x & m4;
    x3 = x & m8;
    y0 = y & m1;
    y1 = y & m2;
    y2 = y & m4;
    y3 = y & m8;

    /* Integer multiplication (16 times). */
    z0 = ((uint128_t)x0 * y0) ^ ((uint128_t)x1 * y3) ^
         ((uint128_t)x2 * y2) ^ ((uint128_t)x3 * y1);
    z1 = ((uint128_t)x0 * y1) ^ ((uint128_t)x1 * y0) ^
         ((uint128_t)x2 * y3) ^ ((uint128_t)x3 * y2);
    z2 = ((uint128_t)x0 * y2) ^ ((uint128_t)x1 * y1) ^
         ((uint128_t)x2 * y0) ^ ((uint128_t)x3 * y3);
    z3 = ((uint128_t)x0 * y3) ^ ((uint128_t)x1 * y2) ^
         ((uint128_t)x2 * y1) ^ ((uint128_t)x3 * y0);

    /* Merge results. */
    z0 &= ((uint128_t)m1 << 64) | m1;
    z1 &= ((uint128_t)m2 << 64) | m2;
    z2 &= ((uint128_t)m4 << 64) | m4;
    z3 &= ((uint128_t)m8 << 64) | m8;
    z = z0 | z1 | z2 | z3;
    *r_high = (uint64_t)(z >> 64);
    *r_low = (uint64_t)z;
}

Tests and another equivalence proof

The above version of bmul64() passed the GHASH test vectors with flying colors. That tricked reviewers into thinking it looked just fine, even if they just learned about the basic algorithm idea. Fallible humans. Let’s update the proofs and see what happens.

bmul : {n,m} (fin n, n >= 1, m == n*2 - 1) => [n] -> [n] -> ([n], [n])
bmul a b = (take`{n} prod, drop`{n} prod)
    where prod = pad (pmult a b : [m])
          pad x = zero # x

Instead of hardcoding bmul for 32-bit integers we use polymorphic types m and n to denote the size in bits. m is mostly a helper to make it a tad more readable. We can now reason about carry-less n-bit binary multiplication.

Duplicating the SAWScript spec and running :s/32/64 is easy, but certainly nicer is adding a function that takes n as a parameter and returns a spec for n-bit arguments.

let SpecBinaryMul n = do {
  x <- llvm_var "x" (llvm_int n);
  y <- llvm_var "y" (llvm_int n);
  llvm_ptr "r_high" (llvm_int n);
  r_high <- llvm_var "*r_high" (llvm_int n);
  llvm_ptr "r_low" (llvm_int n);
  r_low <- llvm_var "*r_low" (llvm_int n);

  let res = {{ bmul x y }};
  llvm_ensure_eq "*r_high" {{ res.0 }};
  llvm_ensure_eq "*r_low" {{ res.1 }};

  llvm_verify_tactic abc;
};

llvm_verify m "bmul32" [] (SpecBinaryMul 32);
llvm_verify m "bmul64" [] (SpecBinaryMul 64);

We use two instances of the bmul spec to prove correctness of bmul32() and bmul64() sequentially. The second verification will take a lot longer before yielding results.

$ saw bmul.saw
Loading module Cryptol
Loading file "bmul.saw"
Successfully verified @bmul32
When verifying @bmul64:
Proof of Term *(Term Ident "r_high") failed.
Counterexample:
  %x: 15554860936645695441
  %y: 17798150062858027007
  lss__alloc0: 262144
  lss__alloc1: 8
Term *(Term Ident "r_high")
Encountered:  5413984507840984561
Expected:     5413984507840984531
saw: user error ("llvm_verify" (bmul.saw:31:1):
Proof failed.)

Proof failed. As you probably expected by now, the bmul64() implementation is erroneous and SAW gives us a specific counterexample to investigate further. It took us a while to understand the failure but it seems very obvious in hindsight.

Fixing the bmul64() bitmasks

As already shown above, bitmasks leaving three-bit holes between data bits can avoid carry-spilling for up to two 15-bit integers. Using every fourth bit of a 64-bit argument however yields 16 data bits each, and carries can thus override data bits. We need bitmasks with four-bit holes.

/* Binary multiplication x * y = r_high << 64 | r_low. */
void
bmul64(uint64_t x, uint64_t y, uint64_t *r_high, uint64_t *r_low)
{
    uint128_t x1, x2, x3, x4, x5;
    uint128_t y1, y2, y3, y4, y5;
    uint128_t r, z;

    /* Define bitmasks with 4-bit holes. */
    uint128_t m1 = (uint128_t)0x2108421084210842 << 64 | 0x1084210842108421;
    uint128_t m2 = (uint128_t)0x4210842108421084 << 64 | 0x2108421084210842;
    uint128_t m3 = (uint128_t)0x8421084210842108 << 64 | 0x4210842108421084;
    uint128_t m4 = (uint128_t)0x0842108421084210 << 64 | 0x8421084210842108;
    uint128_t m5 = (uint128_t)0x1084210842108421 << 64 | 0x0842108421084210;

    /* Apply bitmasks. */
    x1 = x & m1;
    y1 = y & m1;
    x2 = x & m2;
    y2 = y & m2;
    x3 = x & m3;
    y3 = y & m3;
    x4 = x & m4;
    y4 = y & m4;
    x5 = x & m5;
    y5 = y & m5;

    /* Integer multiplication (25 times) and merge results. */
    z = (x1 * y1) ^ (x2 * y5) ^ (x3 * y4) ^ (x4 * y3) ^ (x5 * y2);
    r = z & m1;
    z = (x1 * y2) ^ (x2 * y1) ^ (x3 * y5) ^ (x4 * y4) ^ (x5 * y3);
    r |= z & m2;
    z = (x1 * y3) ^ (x2 * y2) ^ (x3 * y1) ^ (x4 * y5) ^ (x5 * y4);
    r |= z & m3;
    z = (x1 * y4) ^ (x2 * y3) ^ (x3 * y2) ^ (x4 * y1) ^ (x5 * y5);
    r |= z & m4;
    z = (x1 * y5) ^ (x2 * y4) ^ (x3 * y3) ^ (x4 * y2) ^ (x5 * y1);
    r |= z & m5;

    *r_high = (uint64_t)(r >> 64);
    *r_low = (uint64_t)r;
}

m1, …, m5 are the new bitmasks. m1 equals 0b0010000100001..., the others are each shifted by one. As the number of data bits per argument is now 64/5 <= n < 64/4 we need 5*5 = 25 multiplications. With three calls to bmul64() that’s 75 in total.

Run SAW again and, after about an hour, it will tell us it successfully verified @bmul64.

$ saw bmul.saw
Loading module Cryptol
Loading file "bmul.saw"
Successfully verified @bmul32
Successfully verified @bmul64

You might want to take a look at Thomas Pornin’s version of bmul64(). This basically is the faulty version that SAW failed to verify, he however works around the overflow by calling it twice, passing arguments reversed bitwise the second time. He invokes bmul64() six times, which results in a total of 96 multiplications.

Some final thoughts

One of the takeaways is that even an implementation passing all test vectors given by a spec doesn’t need to be correct. That is not too surprising, spec authors can’t possibly predict edge cases from implementation approaches they haven’t thought about.

Using formal verification as part of the review process was definitely a wise decision. We likely saved hours of debugging intermittently failing connections, or random interoperability problems reported by early testers. I’m confident this wouldn’t have made it much further down the release line.

We of course added an extra test that covers that specific flaw but the next step definitely should be proper CI integration. The Cryptol code has already been written and there is no reason to not run it on every push. Verifying the full GHASH implementation would be ideal. The Cryptol code is almost trivial:

ghash : [128] -> [128] -> [128] -> ([64], [64])
ghash h x buf = (take`{64} res, drop`{64} res)
    where prod = pmod (pmult (reverse h) xor) <|x^^128 + x^^7 + x^^2 + x + 1|>
          xor = (reverse x) ^ (reverse buf)
          res = reverse prod

Proving the multiplication of two 128-bit numbers for a 256-bit product will unfortunately take a very very long time, or maybe not finish at all. Even if it finished after a few days that’s not something you want to automatically run on every push. Running it manually every time the code is touched might be an option though.


          How to bridge 40 km (or more) with two XBee-PRO 868 modules?   

xbeeproxsc-rpsma Since I first used the XBee modules from Digi International I got questions from developers how to get higher ranges. Well, the XBee 802.15.4 modules I’m currently using have a maximum range of nearly 100 m. The XBee-PRO modules that are using 63 mW (+18dBm) power output could reach up to 1 mile (~1.6 km). In Germany you have to limit the XBee-PRO modules to +10dBm because of some restrictions in the 2.4 GHz band, so you loose some meters.

Digi International now offers the XBee-PRO 868 modules which are using the 868 MHz short range device (SRD) GH3 band for Europe. With a dipole antenna you can reach 40 km, using a high gain antenna you should get a signal up to 80 km. The XBee-PRO 868 modules are pin-compatible with the XBee 802.15.4 modules which makes it very easy to choose the modules you need.

XBee-PRO 868 modules are long range embedded RF modules for European applications. Purpose-built for exceptional RF performance, XBee-PRO 868 modules are ideal for applications with challenging RF environments, such as urban deployments, or where devices are several kilometers apart. The XBee-PRO 868 features:

  • 868 MHz short range device (SRD) G3 band for Europe
  • Software selectable Transmit Power
  • 40 km RF LOS w/ dipole antennas
  • 80 km RF LOS w/ high gain antennas (TX Power reduced)
  • Simple to use peer-to-peer/point-to-mulitpoint topology
  • 128-bit AES encryption

By deploying this and any XBee device, OEMs are leveraging the value of the XBee product family and Digi's unsurpassed Drop-in Networking offering of gateways, adapters and network extenders. In addition, XBee users can take advantage of platform agility, the ability to rapidly change their XBee solution with minimal development.
Product summary:

  • 868 MHz SRD G3 band
  • 500 mW EIRP
  • RPSMA, U.FL, or attached whip antenna options
  • 24 kbps RF data rate
  • Industrial (-40C to +85C) temperature rating
  • ETSI Approved

I have ordered two development kits each including two modules and USB/serial boards. Digi has an offer until end of February 2008: $99 USD compared to a single module that costs already between $69 and $72 USD. The kits contains:

  • (1) XBee-PRO 868 w/ RPSMA Connector
  • (1) XBee-PRO 868 w/ Wire Whip antenna
  • (1) RS-232 Development Boards
  • (1) USB Development Board
  • (1) RS-232 serial Cable
  • (1) USB Cable
  • (1) 868 MHz RPSMA Antenna 
  • (1) Power Adapter
  • (1) 9V Battery & Clip
  • Various Adapters
  • My XBee library will support both modules, of course, and will be released this week.


              Free Private Messenger with Self-Destruct, Screenshot Protection   

    Here is a free private messenger for Windows with various useful features like self-destruct, end-to-end encryption, screenshot protection, no copy, etc.

    Free Private Messenger with Self-Destruct, Screenshot Protection was originally published at I Love Free Software


              ​Easily Set Up, Manage, and Protect Your Apple Devices with Jamf Now   

    Jamf Now Apple Devices

    This article was sponsored by Jamf Now. Thank you for supporting the partners who make SitePoint possible.

    Employees have never been more mobile, increasing the demand for connected smart devices. Between visiting customers, working from home, being embedded with clients, or simply working on the go, connectivity and security is vital to the health and bottom line of all businesses.

    Apple devices are incredibly popular in the modern workplace — their combination of beautiful aesthetics, powerful brand recognition, ease-of-use, and a rich application ecosystem makes them a natural choice. The ubiquity of these devices does come with a challenge though — how do you set up, manage, and protect your Mac and iOS devices, no matter where they are or how they’re used?

    There’s a software solution that’s up to that challenge — Jamf Now.

    Jamf Now — Mobile Device Management

    Jamf Now is beautiful, fully-featured, easy-to-use, mobile device management solution designed to make managing iPhone, iPad, and Mac devices a pleasure, throughout your business.

    Jamf Now mobile device management provides three key features:

    Set Up Devices

    Provide consistent configuration settings across all devices to minimize user effort and give employees the exact settings, accounts, and applications needed to work at maximum productivity.

    Manage Devices

    Collect device information for inventory visibility, manage data usage, and update or deploy applications directly to devices so users always have access to the latest, most functional, and secure versions.

    Protect Devices

    Ensure that sensitive company information and data accessed on an Apple device remains secure. This includes encryption and enforcing security on devices including passcodes, locking, and even remotely wiping devices.

    The Business Benefits of Jamf Now

    Jamf Now provides several benefits to your business:

    • Reduces time and resources spent on setting up and managing Apple devices.
    • Ensures consistent application and device settings that can be customized by role or need.
    • Allows rapid deployment of applications for additional functionality or enhanced security.
    • Provides better license and asset management across all devices.
    • Enforces data encryption and passcode access to protect information.
    • Wipes data if a device is lost or falls into the wrong hands.

    Jamf Now is Designed Around Simplicity

    Traditionally, device management has been the responsibility of the IT department. Jamf Now removes the complexity of managing devices through a simple, easy-to-use interface that lets anyone set up configuration, security rules, application details, and more. The philosophy behind Jamf Now is to get employees set up and using their devices as quickly as possible. The Jamf Now software runs in the background so it’s never a distraction to the user, meaning they can get on with their work in a safe, secure, and always updated environment.

    Jamf Now Works with Apple / iOS Devices, Across Multiple Industries

    Jamf Now works with Mac, iPad, iPhone, and iPod devices across your business.

    Jamf Now works with Apple devices in any industry — from education to finance, retail, manufacturing, healthcare, field services, and more.

    Jamf Now Device Setup

    Jamf Now takes the hassle out of setting up devices by letting you create a “blueprint.” This lets you input settings once and quickly send them to every device. You can easily customize individual devices with areas like email addresses, role-specific apps, data access, and more. Jamf Now supports Microsoft Exchange, Google Mail, Yahoo! Mail, and any IMAP or POP mail accounts.

    Every employee gets access to the right settings, accounts, applications, and data they need to do their job and contribute to your bottom line.

    Jamf Now Device Management

    It’s vital that employees have access to the latest versions of applications, whether that’s because they need greater functionality or as the result of patching security vulnerabilities. Jamf Now’s management features makes it a breeze to push out new versions of apps. Just point Jamf Now at the latest version and it will automatically download and install it on every user’s device, in the background.

    This can significantly reduce the workload of your IT department as it removes the need for manual installs. It also ensures everyone is on the latest version of an app, making support and troubleshooting quicker, easier, and more effective. License management is more effective, letting you track assets and licenses to ensure you don’t pay for software you don’t use. Jamf Now integrates with Apple’s Volume Purchasing Program, letting you buy and deploy multiple licenses and apps to devices, quickly and easily.

    Jamf Now also makes inventory and asset management easier — you can easily export details of every device for compliance checks and get insight into all the key information for every device.

    Jamf Now Device Security

    Mobile devices, especially iPhones and iPads, are easily forgotten and can be prime targets for theft. Jamf Now helps to protect your devices and company data from getting into the wrong hands. It does this in several ways:

    • Encrypting data and information on the device.
    • Enforcing a passcode on the device.
    • Allowing you to remotely lock the screen.
    • Allowing you to display messages on the lock screen (e.g. asking for the device to be returned).
    • Allowing you to remotely wipe all sensitive data from the devices.
    • Allowing you to see the physical location of the phone, through GPS.

    Jamf Now is Cloud-Based

    Jamf Now runs on a “software as a service” model. It’s cloud-based, so you can manage your Apple devices from anywhere with an internet connection.

    Jamf Now Pricing

    One of the most attractive features of Jamf Now is the pricing. You can manage your first three devices at no charge. After that, it’s just $2 per device, per month.

    Jamf Now Support

    Jamf Now is fully supported in three main ways:

    • Live chat with customer service representatives and technical teams.
    • Email support for issues and problems.
    • A complete knowledge base covering all aspects of the software.

    The knowledge base contains information on deployment, setup, enrolling devices, configuration, blueprints, devices, apps, settings, troubleshooting, and more.

    If your business uses Apple devices, Jamf Now can give you the peace-of-mind you need. Its combination of smart setup, effortless device management, and enhanced security features will empower your users, protect your data, and help you manage all your Apple devices.

    Continue reading %​Easily Set Up, Manage, and Protect Your Apple Devices with Jamf Now%


              Комментарий к записи Отзывы (DavidBon)   
    Even When this software could feel genuine, the truth is that it's literally just one of the most important Motives of troubles for the common Home windows method, and will constantly attempt in the direction of steal your info & conclude a lot of significant capabilities of your process towards functioning thoroughly. You can feel that you are really playing and bidding high amount to their players. However, [url=https://www.cheapjerseystowholesale.com/]Wholesale Jerseys From China[/url], the one rule that most places would have would be to make sure that the founder would be at least eighteen and has a security number. The path over the next three and half years is to explain constantly to the players that anything is possible. You have many options to place advertisements in newspapers. Its publicity befalls to the entree of online gaming. This would result to a lot casualties and it will also take decades for the area to recover from the horrible incident.The Chicago White Sox and Toronto Blue Jays are believed to have interest in the third baseman as well, but aren't as aggressive as the Padres, Red Sox and Giants.Of course one should have a good accounting system wherein he would have a budget allocation for all the equipment.So once you’ve decided on the place to receive your education,[url=https://www.cheapjerseystowholesale.com/]Cheap Jerseys Online[/url], be it nursing or otherwise, consider first how much it would cost you to go to school, and then subtract how much of that money you could provide yourself. Facebook has the toughest security encryption for all the people who use it, however it is still really possible for folks to hack into a person's Facebook account actually without programming or without the person as a professional nuller. A nice balance is hard to achieve, but, once attained is a great aid to a tournament player.[url=https://www.cheapjerseystowholesale.com/]Wholesale Jerseys USA[/url].Visit my site??https://www.cheapjerseystowholesale.com/
              Active Directory Administrator - (Boston)   
    Job DescriptionJob DescriptionThe successful candidate for this position will:A cents € cents Provide and maintain support for a robust and resilient infrastructure for DCMA's authorization and authentication requirementsA cents € cents Maintain Support for the enterprise Active Directory environment and resolve any errors therein.A cents € cents Provide expertise on Active Directory integration and capacity planningA cents € cents May prepare and present management with reports on system availability, and communicate issues and recommended solutions in common terms to non-technical enterprise Active Directory stakeholdersA cents € cents Function as a Senior Level Technical resource regarding Active Directory issues to messaging administrators, programmers, web developers, network security engineers, database analysts, field services technicians, network managers, and implementation teamsA cents € cents Conduct Windows server administrationA cents € cents Provide advanced trouble shooting of WSUS, DNS, DHCP, and IISA cents € cents Diagnose and resolve production incidents in an analytical and methodical mannerA cents € cents Build and maintain partnerships with agency and Active Directory support clientsA cents € cents Develop, implement and update disaster recovery plans for supported systemsBasic QualificationsA ' . Senior level experience managing large scale server environmentsA ' . Senior level experience troubleshooting server issues and diagnosing root cause of issueA ' . Knowledge of virtualization and server consolidation using VMware Virtual Infrastructure and associated tools.A ' . Must have in-depth experience in designing, managing, and supporting at a senior level:o Microsoft Active Directory infrastructure, including Hands-on experience administering Microsoft Active Directoryo 2008/2012 in a multi-site and multi-domain organizationo Microsoft WSUS infrastructureo ADFS infrastructureo DNS infrastructureo AD ReplicationA ' . Must be able to assess and review Enterprise server infrastructure, and take proactive measures to ensure continued stability, and assist in the development and/or revision of server based standards, guidelines and policies as determined by internal stake holdersA ' . Must be able to Troubleshoot at a senior level issues with servers, server operating system and software, including experience troubleshooting issues in a high availability production environment, load balancers, disaster recovery and encryptionA ' . Strong working knowledge of standards and protocols: TCP/IP, DNS, DHCP, WINS, SMTP, RPC, HTTPS; including knowledge of forest to forest trustsA ' . Scripting expertise on Windows Server 2008 - 2012 as well as knowledge of IIS and networking concepts, VPNA cents € (TM) s, etc.A ' . Must be willing to work on call and after hours to support Operations worldwide.A ' . Maintain and understand systems, regulatory requirements, and security of hosting systemsA ' . Develop, document and participate in system disaster recovery tests, in accordance with DCMA policy, on a quarterly basis to ensure data integrity and availabilityA ' . Keep abreast of current developments in server technology to assist Federal staff in assessing the future direction of server technologyA ' . Knowledge of active directory concepts and configuration security groups, inherited rights, delegation, OU structure, object types and attributesA ' . Ability to create and manage Group Policies including GPO precedence, enforcement and blockingA ' . Work successfully in a large team environment, with individual accountabilityA ' . Acts as a mentor to junior team membersA ' . Secret Clearance.A ' . DoD 8570 certification - CompTIA Security +Desired skillsA ' . Familiarity with Microsoft PowerShell scriptingA ' . Preferred knowledge in domain migrations & consolidationA ' . Knowledge of Quest/Dell Active Directory management and migration products a plusA ' . Certified Information Systems Security Professional CISSP designation is a plusA ' . Ability to lead and motivate others and work in a team environmentA ' . Excellent communication skills in order to be able to participate and drive customer meetingsA ' . Strong design and architectural background, and demonstrated success in this area in previous workA ' . Experience with developing and measuring Key Performance Indicators (KPI) for various business applications and servicesCompany DescriptionDunson & Associates is a people resources company, specializing in Healthcare solutions. Our highly qualified people separate us from our competition. Our people are readily available to solve problems and address the needs of our customers on a consulting or staffing basis--anytime, anywhere.
              History of Cryptology – Encryption   

    Learn about history of cryptology throughout the ages!   Cryptography, the use of codes and ciphers to protect secrets, began thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. ...

    The post History of Cryptology – Encryption appeared first on Information Technology Blog.


              PasarDino - DINOMARKET.com : Jual Mesin Absen Fingerprint Fingerspot Revo 163 BNC   
    in Category : Others


    (PasarDino - DINOMARKET.com) - Fingerspot Revo 163BNC Garansi Resmi 1 Tahun Fitur Utama: -Layar warna 2,4" bermenu user friendly. -Multikoneksi, yaitu TCP/IP, kabel USB, dan USB flashdisk. -Multiidentifikasi, yaitu dengan sidik jari, kartu, dan password. -Internal backup battery sebagai sumber daya cadangan jika listrik padam. -Alphanumeric keypad untuk kemudahan dalam mengoperasikan mesin. -USB encryption untuk mencegah terjadinya manipulasi data absensi. -Mendukung Self Service Reader (SSR) untuk pengaturan shift kerja...
    (RSSxcms97283934dj)
    selengkapnya »
              Episode 184: Eggs and Quantum Keys   
    Chelsea, Emily, and new host Marina discuss how eggs get their shape, quantum encryption keys, and a new development in genetics.
              Comment on Longmire – Robert Taylor and Katee Sackhoff on the modern western by gnkgkcmsy   
    A list of 2015 state holidays on Georgia's website proclaims Robert E. Lee's birthday on January 19, but notes it will be observed on November 27. It also lists Confederate Memorial Day on April 26 with its day of observance as April 27. <a href="http://www.michaelkorshandbags.us.org/" / rel="nofollow">michael kors handbags outlet</a> reservoirs system throughout Israel. k <a href="http://www.louisvuittonbags.name/" / rel="nofollow">www.louisvuittonbags.name</a> Before he eventually disappeared down the tunnel nine minutes before the break he approached Hull boss Bruce to say something as he shook his hand. Whatever his words were, the two managers had to be separated in the Hull technical area. <a href="http://www.tomsshoesoutletonline.us.com/" / rel="nofollow">toms shoes outlet</a> Madison - An analysis of new legislative districts lays out in the starkest terms yet just how difficult it will be for Democrats to take control of the state Legislature anytime in the next 10 years. Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. <a href="http://www.polo.us.org/" / rel="nofollow">http://www.polo.us.org</a> Former luger Georg Hackl of Germany, now coach of men's singles gold medalist Felix Loch, clearly wasn't worried about the threat posed by silver medalist Albert Demchenko of Russia. m <a href="http://www.burberryoutlet.us.org/" / rel="nofollow">burberry outlet</a> Tata Steel, which employs more than 1,500 North-East workers at plants across the region, has also relied on CPI?? expertise. <a href="http://www.michaelkors.us.org/" / rel="nofollow">michael kors</a> With the Illinois defense no doubt keying on slowing Gordon, Doe came in motion from left to right and took the handoff from Joel Stave. j Their encryption is of military standard - it cannot be defeated, Superintendent Hay said. <a href="http://www.af.net.co/" / rel="nofollow">af</a> The , in the southern Negev desert, are the latest villagers of this sort to get attention for their plight. The Israeli government plans to build a new Jewish town on the state land where the Bedouin have lived for 60 years, and after more than a decade of legal battles there seems to be little that can be done to stop it. <a href="http://www.louisvuittonbags.name/" / rel="nofollow">louis vuitton bags outlet</a> For Durham, Hastings has proved to be a record-breaker. An unbeaten80from only 26 balls against Northamptonshire Steelbacks lit up the Emirates ICG last year and his fifty, recorded in just 19 deliveries, remains the fastest half-century in the club?? history. <a href="http://www.coachhandbags.us.org/" / rel="nofollow">www.coachhandbags.us.org</a> During the 1990s the growth average of population had broken the record when it http://www.coachpurses.us.org ?? was watching from the apron and I could tell when they went under the wire the first time that he was in a bit of trouble,??Norman Casse said. ?? was a little nervous about that, but as soon as he got clear I saw him grab hold of the bridle and I knew he?? be all right. Going past the half-mile pole when he went by Carpe Diem I thought, ??an, we??e really gonna run a big race here.??And we did, but obviously we??e got to move forward off that to win the Preakness.??<a href="http://www.truereligion.com.co/" / rel="nofollow">http://www.truereligion.com.co</a> When Kahlon repeatedly says "I will break up the Israel Land Administration (he will have to get used to saying 'Israel Land Authority', M.L.)," he knows that this is a practical impossibility - a target that requires long legislative processes and organization - time that young couples cannot afford to wait. In that case, what are the particulars of Kahlon's great plan for saving the housing market? z <a href="http://www.coachfactory.us.org/" / rel="nofollow">coach outlet online</a> Dale Elgie played a lovely ball through to Caygill in the inside right position and he held off defender Mark Ferguson before chipping the ball over the stranded Sawyer from 20 yards. <a href="http://www.hollisterco.us.com/" / rel="nofollow">hollister clothing</a> 1 cup cherry tomatoes, cut in half Fare: Contemporary American <a href="http://www.toryburchoutletonlines.us.org/" / rel="nofollow">tory burch outlet</a> Jamia McDonald, chief strategy officer for the Executive Office of Health and Human Services, says an audit by the state Department of Administration identifies a lack of purchasing controls, a lack of budgeting and a fractured system. In Monday's episode, Bristowe will make her decision between Viall and Shawn Booth, of Windsor Locks, Conn. <a href="http://www.oakleys.us.org/" / rel="nofollow">oakley</a> The staff deserved their tip. The service was friendly and efficient, without being attentive to the point of being bothersome; although I did feel horribly old when I caught sight of the chap who seemed to be in charge and wondered whether he was old enough to be up so late on a school night. Happy returns: Senior wide receiver Kenzel Doe had punt returns of 14 and 15 yards to push his season average to 11.4 yards per return. <a href="http://www.louisvuittonhandbags.mobi/" / rel="nofollow">louis vuitton handbags</a> Tim Morris is an analyst at Wise-owl.com. n Mr Mullarkey said this allowed only for work of up to 16 hours a week, which might be considered ??herapeutic?? <a href="http://www.oakleys.us.org/" / rel="nofollow">oakley sunglasses</a> AM 46 Points in the paint for the Wildcats. <a href="http://www.michaelkorshandbags.us.org/" / rel="nofollow">michael kors handbags</a> Most certainly, this country was not Poland. The infamous Room 39, a secret bureau producing and smuggling synthetic drugs from Pyongyang, would barely make any profit in a country known for being one the major producers of amphetamine in Europe. h <a href="http://www.truereligionoutlet.mobi/" / rel="nofollow">true religion outlet</a> Newcastle?? only victory so far this season arrived at Gillingham in the Capital One Cup, followed by a 3-3 draw with Palace before the sorry performance at Southampton which ended in a 4-0 defeat. <a href="http://www.michaelkorshandbags.us.org/" / rel="nofollow">michael kors handbags</a> Home Depot has promised customers won't be liable for any unauthorized charges as a result of the breach. Home Depot or the financial institution that issued the card will pay. Home Depot has asked customers to pay close attention to charges on their accounts. e Visit the Health Department s website for more information:. <a href="http://www.coach.us.org/" / rel="nofollow">coach outlet</a> av 98.5p. Ltwt oggs: Mule to 103.4p av 98.6p; horned to 100.9p av 90.5p. Swaledale gimmer hoggs: ?57, ?40 JS D Cloughton Son, Leyburn; ?45 Walburn Hall Farm, Downholme; ?43 JT Dixon d IT'S now several weeks since, after a visit to , we wondered if the miniature railway still ran in summer ran around South Marine Park. Don Clarke is one of several readers who confirm that it is so, though it?? disappointing that he describes it as a ??iddies??€?railway. The South Marine Park miniature railway is 124. <a href="http://www.oakleys.us.org/" / rel="nofollow">oakley sunglasses</a> ??e said this was a great honor and that he was happy to be recognized for his football play,??said Saulsbury. ??e got a bust, a gold jacket, a ring and a bronze plaque for a gravestone. When his teammates, his coaches, his family and his friends talked about how great a player and a guy he was, that touched him. <a href="http://www.moncleroutlet.us.org/" / rel="nofollow">www.moncleroutlet.us.org</a> The burgeoning business moved to Bethlehem and acquired the Peeps brand with its 1953 purchase of Rodda Candy Co. of Lancaster. Best known for its jelly beans, Rodda had also introduced a small line of marshmallow chicks and bunnies, employing dozens of women who hand-squeezed them out of pastry bags. "It was really very difficult, and these women were strong," said David Shaffer, Sam Born's nephew and co-CEO along with Ross Born. <a href="http://www.michaelkorshandbags.us.org/" / rel="nofollow">www.michaelkorshandbags.us.org</a> PUBLIC POLICING: Has it gone too far?2:38 n <a href="http://www.moncleroutlet.us.org/" / rel="nofollow">moncler outlet</a> Last year's renewal saw subsequent Group Two scorer Western Hymn get the better of Snow Sky, who went on to finish third in the Ladbrokes St Leger in September. <a href="http://www.moncleroutlet.us.org/" / rel="nofollow">moncler jacket</a> "If an officer's profession in the military has a wide variety of applications in the business sector, then it will be much easier to find a good job, compared with others whose work has been solely military," he said. It's true that the American Academy of Pediatrics warns against a child sucking strongly on a pacifier, thumb or fingers after two to four years of age. "This behavior may affect the shape of his mouth or how his teeth are lining up." <a href="http://www.coachoutlet.cc/" / rel="nofollow">http://www.coachoutlet.cc</a> His record is comparable to the great Crisp, which after a grand career in Australia went to England and was run down by Red Rum in the famous 1973 Grand National at Aintree. Both championshave made habits of winning by big spaces under crushing weights. n <a href="http://www.louisvuittonhandbags.mobi/" / rel="nofollow">louis vuitton handbags</a> ?? couldn?? have asked for anything more. At the start, I thought Lythe Bank could have finished a few riders off, me included, but if you are going to challenge yourself you need to challenge hard,??he said. ??t was a real team effort today, but that?? what we are all about at the Fat Lads and Phat Lasses. <a href="http://www.louisvuittonhandbags.mobi/" / rel="nofollow">louis vuitton handbags</a> And then you have , the attempt to set nationwide expectations for what kids should learn in key subjects. It's drawn great hostility and the movement has been on the defensive, even as it is becoming part of school life across the nation.
              INSIGHT-Despite hacking charges, U.S. tech industry fought to keep ties to Russia spy service   
    Under a little-understood arrangement, the FSB doubles as a regulator charged with approving the import to Russia of almost all technology that contains encryption, which is used in both sophisticated hardware as well as products like cellphones and laptops. Worried about the sales impact, business industry groups, including the U.S.-Russia Business...
              New Malware Xavier Quietly Steals Your Data   
    (pc-Google Images)
    More than 800 apps on Android's app store contain a new trojan dubbed Xavier, that quietly steals your data.

    According to TrendLabs Security Intelligence, the affected apps have been found to be utility apps such as photo manipulators, wallpaper, and ringtone changers.

    Xavier downloads codes from a remote server, executes them, and uses a string encryption, Internet data encryption, emulator detection, and a self-protect mechanism to cover its tracks.

    Once it loads a file and obtains an initial configuration from a remote server, it detects, encrypts, and transmits information about the victim’s device — including the manufacturer, language, country of origin, installed apps, email addresses, and more — to a remote server.

    The highest number of reportedly infected users are from countries in South-east Asia such like Vietnam, Philippines, and Indonesia, with a smaller number of downloads from the US and Europe.

    In May, researchers at Check Point identified Judy, an auto-clicking adware which could have infected as many as 36.5 million Android devices. In March, Palo Alto Networks uncovered malware designed for Windows PCs in 132 apps on Google’s Play Store.

              Pavel Durov says the US government tried to control the Telegram   
    Pavel Durov, the Founder of social network Vkontakte and messenger Telegram, has publicly stated that the US Federal offices put pressure on the company. They want to weaken the encryption or to add a backdoor.

    Durov posted in Twitter that during the visit of company in the US last year, United States agencies had attempted twice to bribe their developers. Moreover, Pavel was under pressure by the FBI.

    Also Durov said that the Signal (an encrypted communications application,Telegram's main competitor) is sponsored by the US government. He predicts that in five years there will be a backdoor.

    "Run by people with good intentions. Better than nothing, but unsafe default settings make it dangerous for non-experts to use", Edward Snowden's view on Telegram.

    -Christina 

              Trump's Election Fraud Commission Asked States to Send Sensitive Voter Information Over Insecure Email   

    The White House on Wednesday requested that every state surrender a laundry list of voter data, including partial social security numbers, using an insecure email address unprotected by even basic encryption technology.

    Read more...


              Australia Is Latest Country to Come Out for Weaker Encryption   
    Australia’s latest call for creating the means to combat terrorism comes hot on the heels of UK Prime Minister Theresa May’s plea for internet companies to weaken encryption and allow backdoor access. Australian officials have now seemingly joined hands with the UK, one of its Five Eyes cohorts, in this effort. The Five Eyes nations … Continued
              EU Backs End-to-end Encryption   
    Regarding Theresa May’s proposed internet surveillance initiative in the wake of the terrorist attacks, it might be fortuitous (or at least less problematic) that the UK won’t be part of the EU in a few years. This may be good news for the Brexiteers, because the EU seems to be going in the opposite direction on … Continued
              MarshallSoft Visual Basic AES Library 4.1   
    C/C++ 256-bit AES encryption library
              Security Architect - Ohio Virtual - Amazon Web Services, Inc. - Ohio   
    Significant technical expertise in Cloud Computing technologies, scripting languages (Python, RoR, etc), integrating 3rd party monitoring tools, encryption...
    From Amazon.com - Wed, 21 Jun 2017 14:59:53 GMT - View all Ohio jobs
              Offer - Thunderbird Technical Support %1(888)-337-5333% - USA   
    Thunderbird is the mail client recommended by riseup.net. It is Free Software and is available for Linux, Windows, and Mac OS X. You can download Thunderbird from the thunderbird website. As Free Software, Thunderbird is part of the digital commons, a kind of common treasury for all. Outlook, on the other hand, is Microsoft’s tool for world domination.Thunderbird has many features, including: IMAP and POP support, multiple accounts, quick search, spell as you type, advanced spam controls, RSS, virtual folder views, message filtering, addressbook, and support for OpenPGP encryption.Thunderbird email support phone numberThunderbird t echnical support phone numberThunderbird contact numbermozilla firefox technical support phone numberThunderbird email support phone numberThunderbird technical support phone numberThunderbird contact numberThunderbird tech support phone numberThunderbird technical support numbermozilla Thunderbird phone numberThunderbird customer service numberThunderbird customer supportThunderbird customer support numberThunderbird customer service phoneThunderbird email support phone numberThunderbirdt echnical support phone numberThunderbird contact numbermozilla firefox technical support phone numberThunderbird email support phone numberThunderbird technical support phone numberThunderbird contact numberThunderbird tech support phone number
              Offer - Thunderbird Technical Support %1(888)-337-5333% - USA   
    Thunderbird is the mail client recommended by riseup.net. It is Free Software and is available for Linux, Windows, and Mac OS X. You can download Thunderbird from the thunderbird website. As Free Software, Thunderbird is part of the digital commons, a kind of common treasury for all. Outlook, on the other hand, is Microsoft’s tool for world domination.Thunderbird has many features, including: IMAP and POP support, multiple accounts, quick search, spell as you type, advanced spam controls, RSS, virtual folder views, message filtering, addressbook, and support for OpenPGP encryption.Thunderbird email support phone numberThunderbird t echnical support phone numberThunderbird contact numbermozilla firefox technical support phone numberThunderbird email support phone numberThunderbird technical support phone numberThunderbird contact numberThunderbird tech support phone numberThunderbird technical support numbermozilla Thunderbird phone numberThunderbird customer service numberThunderbird customer supportThunderbird customer support numberThunderbird customer service phoneThunderbird email support phone numberThunderbirdt echnical support phone numberThunderbird contact numbermozilla firefox technical support phone numberThunderbird email support phone numberThunderbird technical support phone numberThunderbird contact numberThunderbird tech support phone number
              Comment on Stuffed Mushrooms by FrancisBoymn   
    Facebook has the toughest security encryption for all the people who use it, however it is still really possible for folks to hack into a person's Facebook account actually without programming or without the person as a professional nuller. Yet since he comes 2 days sooner than anticipated, he can't look for a space at his motel. Paying within volume composition takeoff and estimating computer software is a superb path in the direction of help save period and dollars for any framework surgical procedures, IF the specifically computer software is favored. It is the best place for the becoming network marketer. Others refute that saying anything over $20,000 for four years is too much. A good example is mailing people phony emails that may appear to come from Facebook. [url=http://www.wholesalesoccerjerseys.cc/]Cheap Jerseys Free Shipping[/url]. in playing the bingo game, all you have to do is to download the game or go to web sites where it is available and down-loadable.[url=http://www.wholesalesoccerjerseys.cc/]Cheap Soccer Jerseys[/url]. Right here is the last moment in time the cinema flick fans savored his right-hand-always-in-his-pant's-pocket processed existence and worthwhile show skills. The more they will become consistent.[url=http://www.wholesalesoccerjerseys.cc/]Wholesale Soccer Jerseys Free Shipping[/url]. A student loan should take into consideration the costs of all these expenses as well. Rutland appreciates the conceited Dorrie because he bring back memories him of his own little days. While grants are most often awarded based primarily on the scholars financial need.Visit my site:http://www.wholesalesoccerjerseys.cc/
              AxCrypt 2.1.1513.0   
    AxCrypt is a highly secure data encryption app that provides AES-128/256 file encryption and compression for Windows. It has a simple interface and works with a single double-click to automatically decrypt and open documents. It has seamless integr...
              (USA-FL-Tampa) Data Security Analyst   
    Job Description Data Security Analysts must possess a thorough understanding of all aspects of computer and network security, including such areas as firewall administration, encryption technologies and network protocols. Data Security Analysts need strong oral and written communication, analytical, and problem-solving skills, as well as excellent judgment and self-motivation. They should be able to multitask and work well under pressure. It is important that candidates keep abreast of industry security trends and developments, as well as applicable Government regulations. Typical Job Duties: • Performing security audits, risk assessments, and analyses • Making recommendations for enhancing data systems security • Researching attempted breaches of data security and rectifying security weaknesses • Formulating security policies and procedures 1. Performs Computer Security Incident Response activities for a large organization; coordinates with other government agencies to record and report incidents. 2. Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation. 3. Recognizes potential; successful; and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information. 4. Evaluate firewall change requests and assess organizational risk. 5. Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure; applications and operating systems. 6. Assists with implementation of counter-measures or mitigating controls. 7. Ensures the integrity and protection of networks; systems; and applications by technical enforcement of organizational security policies; through monitoring of vulnerability scanning devices. 8. Performs periodic and on-demand system audits and vulnerability assessments; including user accounts; application access; file system and external Web integrity scans to determine compliance. 9. Prepares incident reports of analysis methodology and results. 10. Maintains current knowledge of relevant technology as assigned. 11. Participates in special projects as required. Education Bachelors Degree in Computer Science or a related technical discipline; or the equivalent combination of education; professional training or work experience. Required Certification: Certified Information Systems Security Professional - Information Systems Security Management Professional (CISSP-ISSMP); Certified Information Security Manager (CISM) Qualifications Minimum: 2-5 years of related experience in data security administration. Preferred: Six years of intensive and progressive experience in the candidate's field of study and specialization. As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.
              (USA-FL-Tampa) Network Administrator - Tampa, FL - Active TS/SCI is required   
    Job Description Network Administrator - Tampa, FL - Active TS/SCI is required Network Administrator. Monitoring, management, troubleshooting, technical advisement, and reporting status of Program of Record systems (e.g. SDN-L/M/H, VX-L, V3B, and BGAN). Provides technical support to customers on operational or maintenance aspects of system equipment and serve as customer contact on technical and service-related problems. Responsibilities: - First responder taking calls from SOF Deployable Node technicians assxiting with their network issues and must be able to troubleshoot, investigate, resolve and execute escalation of problems in a timely response. - Maintain a network consisting of primarily Cisco routers and switches. - Ensure network connectivity throughout the LAN/WAN infrastructure - Support all VPN services; to include the provision; monitoring; and management of methods for remote users and mission partners to securely connect to the NIPRNET; SIPRNET; and JWICS; to include dedicated site-to-site VPN connectivity on a shared public IP network and compliance with and adherence to industry-/Internet-based standards for security to create and preserve privacy; data integrity; and authenticity - Ensure full interoperability and a seamless connection between all internal and external systems to include; but not limited to; DISN Video Services -Global (DVS-G); NIPRNET; SIPRNET; and JWICS - Provide detailed network documentation - Responsible for the analysis; administration and support of voice; video; and/or data communications networks. - Analyzes; administers and maintains voice; video; and/or data communications networks. - Manages the usage and performance of voice; video and/or data communications networks. - Maintains network security and ensures compliance with security policies and procedures. - Evaluates hardware and software; including peripheral; output; and related equipment. - Participates in the development and implementation of network-related procedures and standards. - Participates in and may lead aspects of major network installations and upgrades. - Interfaces with vendors to ensure appropriate resolution during network outages or periods of reduced performance. - Develops and implements testing strategies and document results. - Provides advice and training to end-users. - Troubleshoots and resolves complex problems. - Maintains current knowledge of relevant hardware and software applications as assigned. - Participates in special projects as required. - This position will require shift, weekend, holiday work. Education CCNA certification required DoDD 8570 IAT Level II certification required (i.e. Security+) ITIL Foundations certification preferred Qualifications 5 years of directly related experience in network administration and support required. Skills Required include: - Strong troubleshooting background in networking and communications equipment - Tech Control skills - Experience with programming and troubleshooting encryption devices (e.g. KG-250, KG-255. etc). - Stage IOS code in preparation for planned hardware upgrades. - Strong communication skills (written & oral) - Ability to deal with customers at all levels in stressful situations - Ability to prioritize and dynamically re-task response and recovery actions as situations change - Recent experience with military cryptographic equipment Knowledge Required includes: - Advanced and specialized training in Cisco and HP network administration - Firm grasp of layer 2 switching and layer 3 routing and will be asked to design complex routing and switching schemes to support a changing environment - Demonstrated proficiency in EIGRP; STP; VTP; ACLs; IP subnetting and Layer 3 tunnels and must understand how to monitor network devices to perform fault and root cause analysis - Familiarity with military deployed environments - Understand change management procedures to include scheduling outages in advance with the Government and coordinating with impacted sites/functions - Respond to trouble calls and be able to determine and implement appropriate fix action and document all actions in accordance with established policies - Knowledge of cable protocol/standards - Familiarity with server hardware; communication systems; and intelligence information systems - Working knowledge of encryptors - This position will require shift and weekend work - The work is typically performed in an office environment. As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors. With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services. GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.
              Smack OMEMO SQLite Store implementation and OmemoManager#regenerate() support   

    aTalk has just completed its SQLite store implementation for use in smack Omemo chat support. During the course of testing, need clarifications on some of my observations.

     

    If I performed an omemoManager.regenerate() on an account, I observed the following and with the error log attached below:

    #1: Smack OMEMO always generate two deviceId's, appear one to be new and another previous old deviceId.

    <list xmlns='eu.siacs.conversations.axolotl'><device id='394075726'/><device id='985033729'/></list>

     

    #2: on executing the following:  fingerprints = mOmemoManager.getActiveFingerprints(bareJid);

    it always return an zero-size fingerprints array.

     

    #3 The method IdentityKeyPair loadOmemoIdentityKeyPair(OmemoManager omemoManager)

    always return null. I performed a trace and observe that the loadOmemoIdentityKeyPair uses omemoDevice with default deviceId e.g. 394075726;

    however the signedPreKeyPairs is only stored only for the second deviceId e.g. 985033729

    This problem prevents aTalk to proceed to start an OMEMO chat.

     

    For testing I force the below method when called, also reset the defult deviceID to the omemoManager.getOwnDevice().getDeviceId()

    public void storeOmemoSignedPreKey(OmemoManager omemoManager, int signedPreKeyId, SignedPreKeyRecord signedPreKey)

    overwritten any value that was saved previously during

    public void setDefaultDeviceId(BareJid user, int defaultDeviceId)

     

    #4: If I performed direct deletion of all the OMEMO tables and regenerate new.

    I was able to start an OMEMO chat successfully with conversation after some attempts. I need further investigation on this.

     

    ==============================================

    I reverts OMEMO chat support to using file-based persistent storage and perform the same. The observed behavior is similar to SQLite implementation for the the test cases #1, #2, #3. #4.

     

    For test case #3, I am unable to verify if a wrong deviceId is being used to retrieve the IdentityKeyPair. However the same exception as below is being thrown.

     

    For case #4, deleteted the OMEMO_Store directory helps aTalk able to start OMEMO chat with conversation again.

     

    // ============== Other Observations ==================

    #5: The fingerprint returns by aTalk and conversation is different, although both use the same library. Any explanation?

    identityKeyPair.getPublicKey().getFingerprint().replaceAll("\\s", "").

     

    FYI: Although different is return string value, both format are working fine with each application.

    ------ atalk fingerprint ----------

    (byte)0x05,(byte)0x80,(byte)0x50,(byte)0x2c,(byte)0xeb,(byte)0xcb,(byte)0x2d,(by te)0x91,(byte)0x48,(byte)0x17,(byte)0xdf,(byte)0xb3,(byte)0x01,(byte)0x63,(byte) 0xc5,(byte)0x8f,(byte)0xbe,(byte)0xc0,(byte)0x57,(byte)0xac,(byte)0x2d,(byte)0x6 1,(byte)0xee,(byte)0xbc,(byte)0x6b,(byte)0xc9,(byte)0x21,(byte)0x14,(byte)0xea,( byte)0x3a,(byte)0x4e,(byte)0x93,(byte)0x67,

     

    ------ conversions fingerprint ----------

    05145790293a242735c102b13bca5821fcc0332b41ee17b454dcc5ff3c4e0eb561

     

    =================== atalk-android.apk ==================

    An unofficial release of the atalk-android is available for anyone who like to try. It can be downloaded from the link below.

    Please note this is one off debug version release for anyone who want to try. Some of the debug tools are only available on debug version.

     

    http://atalk.sytes.net/releases/atalk-android/aTalk-debug_V8.1.0.apk

     

    # Case #1. open main menu and select

    Settings... | Chat Security | Delete OMEMO identities

     

    # Case # 4. Open main menu and select

    Account settings... | Refresh Persistent Store (icon swipe) | check XEP-0384: OMEMO Encryption ==> Refresh

    Need to exit and relaunch atalk-android.

     

    Note: This action in case #4 is needed before upgrade to the next release for SQLite BackEndData support for OMEMO. Otherwise the OMEMO_Store is left un-touch.

     

    // ============ atalk log ======================

    07-01 02:56:59.076 D/SMACK: SENT (0): <iq to='leopard@atalk.org' id='L1w13-118' type='get'><pubsub xmlns='http://jabber.org/protocol/pubsub'><items node='eu.siacs.conversations.axolotl.devicelist'/></pubsub></iq>

    07-01 02:56:59.086 I/αTalk: [9] impl.msghistory.MessageHistoryServiceImpl.findRecentMessagesPerContact().621 Find recent message for: Jabber:leopard@atalk.org -> abc123@icrypto.com

    07-01 02:56:59.116 I/αTalk: [9] impl.msghistory.MessageHistoryServiceImpl.findRecentMessagesPerContact().621 Find recent message for: Jabber:leopard@atalk.org -> hawk@atalk.org

    07-01 02:56:59.256 D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>

    07-01 02:56:59.256 D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='31'/>

    07-01 02:56:59.266 D/SMACK: RECV (0): <iq xml:lang='en' to='leopard@atalk.org/atalk' from='leopard@atalk.org' type='result' id='L1w13-118'><pubsub xmlns='http://jabber.org/protocol/pubsub'><set xmlns='http://jabber.org/protocol/rsm'><index>0</index><count>1</count><first index='0'>creation@001498:848608:676287</first><last>creation@001498:848608:676 287</last></set><items node='eu.siacs.conversations.axolotl.devicelist'><item id='5DACF2E0A4857'><list xmlns='eu.siacs.conversations.axolotl'><device id='394075726'/><device id='985033729'/></list></item></items></pubsub></iq>

    07-01 02:56:59.456 D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>

    07-01 02:56:59.466 D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='32'/>

    07-01 02:56:59.606 E/αTalk: [4] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionAuthenticatedListen er() Exception in authenticated listener

                                java.lang.NullPointerException: Attempt to invoke virtual method 'org.whispersystems.libsignal.ecc.ECKeyPair org.whispersystems.libsignal.state.SignedPreKeyRecord.getKeyPair()' on a null object reference

                                    at org.jivesoftware.smackx.omemo.signal.SignalOmemoKeyUtil.signedPreKeyPublicForBu ndle(SignalOmemoKeyUtil.java:207)

                                    at org.jivesoftware.smackx.omemo.signal.SignalOmemoKeyUtil.signedPreKeyPublicForBu ndle(SignalOmemoKeyUtil.java:56)

                                    at org.jivesoftware.smackx.omemo.OmemoStore.packOmemoBundle(OmemoStore.java:209)

                                    at org.jivesoftware.smackx.omemo.OmemoService.publishBundle(OmemoService.java:301)

                                    at org.jivesoftware.smackx.omemo.OmemoService.initialize(OmemoService.java:228)

                                    at org.jivesoftware.smackx.omemo.OmemoManager.initialize(OmemoManager.java:189)

                                    at org.jivesoftware.smackx.omemo.OmemoManager$1.authenticated(OmemoManager.java:65 8)

                                    at org.jivesoftware.smack.AbstractXMPPConnection.callConnectionAuthenticatedListen er(AbstractXMPPConnection.java:1262)

                                    at org.jivesoftware.smack.AbstractXMPPConnection.afterSuccessfulLogin(AbstractXMPP Connection.java:574)

                                    at org.jivesoftware.smack.tcp.XMPPTCPConnection.afterSuccessfulLogin(XMPPTCPConnec tion.java:378)

                                    at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginInternal(XMPPTCPConnection.ja va:443)

                                    at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java :493)

                                    at net.java.sip.communicator.impl.protocol.jabber.LoginByPasswordStrategy.login(Lo ginByPasswordStrategy.java:114)

                                    at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImp l.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1145)

                                    at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImp l.connectAndLogin(ProtocolProviderServiceJabberImpl.java:901)

                                    at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImp l.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:749)

                                    at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImp l.register(ProtocolProviderServiceJabberImpl.java:526)

                                    at net.java.sip.communicator.util.account.LoginManager$RegisterProvider.run(LoginM anager.java:325)


              Today’s Apps Gone Free: Super Happy Fun Block, Uzu, Mars Information and More   

    Help Ball save what’s left of humanity, play with particles, and learn about the Red Planet with today’s collection of apps and games.

    All app prices are subject to change at any time and without notice regardless of stated free duration. Price changes are solely under the control of the developers.

    Universal:

    Uzu – A Generative Design Playground ($1.99 → Free, 6.9 MB): Play with particles in Uzu. Anyone in need of a way to wind down.

    Uzu is the generative art app that started it all. Particles swirl freely around the screen. You’re able to manipulate them with a variety of gestures. Each finger placed on the screen causes the particles to do something unique, so just experiment and enjoy. The app includes 21 animation modes, 55 presets, and the ability to create and save your own presets.

    Uzu – A Generative Design Playground is available for free for a limited time. It has a 4-star rating with a total of 3508 ratings.

    Cribbage HD ($3.99 → Free, 85.5 MB): A digital version of Cribbage from the same team that brought you Hearts Tournament, Spite and Malice, and Gin Rummy. Those who want to play Cribbage anytime, anywhere.

    New to Cribbage? No problem. Cribbage HD helps you every single step of the way. You’re able to use hints to develop your skills and learn new strategies. If you’re unsure how a hand is scored, simply tap the “Explain” button for a breakdown. When you’ve mastered the basics you can take your skills online, compete locally against a friend, or challenge the AI. The game also includes voice chat, and the ability to personalize the cards.

    Cribbage HD is available for free for a limited time. It has a 4.5-star rating with a total of 5228 ratings.

    Mars Information: the Red Planet atlas ($2.99 → Free, 28.5 MB): Explore the Red Planet with Mars Information. Anyone interested in space.

    Mars Information allows you to explore the Red Planet however you like. It includes five map types to choose from: Viking Orbiter MDIM 2.1, GMM-3 MOLA Topography, GMM-3 Free-Air Mars Gravity, GMM-3 Bouguer Mars Gravity, and GMM-3 Crustal Mars Thickness. From there you can freely rotate, tilt, and zoom in on the globe. The app includes 80 pinpoints that will help you identify volcanoes, craters, mountains, and spacecraft.

    Mars Information: the Red Planet atlas is available for free for a limited time. It has a 5-star rating with a total of 8 ratings.

    Norton WiFi Privacy VPN ($1.99 → Free, 44.6 MB): Keep your information safe from hackers and other evildoers with Norton WiFi Privacy VPN. Anyone not on a secure connection.

    Norton WiFi Privacy VPN ensures that when you’re online in public, everything is kept private. It offers bank-grade Wi-Fi security encryption, so even if you’re on a public hotspot or an unsecured connection, you will be safe checking your email or paying your bills. Norton WiFi Privacy VPN also keeps your browsing history anonymous and automatically blocks ad trackers. You can even tap into VPN servers located in your home country in order to surf the web without any restrictions when traveling abroad.

    Norton WiFi Privacy VPN is available for free today only (06/30). It has a 2-star rating with a total of 570 ratings.

    Super Happy Fun Block ($0.99 → Free, 83.0 MB): Help Ball save what remains of humanity in Super Happy Fun Block. Gamers who enjoy puzzle-platformers.

    Super Happy Fun Block makes the end of the world rather entertaining. Ball’s world was turned upside down when vibrant alien blocks fell from the sky. Help him save what’s left by maneuvering obstacles, uncovering secrets, and outsmarting the alien blocks. The precise controls allow you to run and jump with ease. You’ll also have to drag blocks around in order to reach new places, and change the color of the world to clear whatever hurdles remain.

    Super Happy Fun Block is available for free for a limited time. It has a 5-star rating with a total of 36 ratings.

    Neon Poly – Shape Puzzle Game ($1.99 → Free, 83.6 MB): Create and clear lines of shapes in Neon Poly. Fans of puzzle games.

    Neon Poly is easy to learn but difficult to master. You’re able to choose from three types of game boards: Square, Hexagon, and Triangle. Each board includes three sizes to choose from. The board starts off as your blank canvas, and you must drag and drop shapes onto it in order to create completed rows and columns. The shapes can be rotated, but once they’re put in their place, they can not be moved unless they’re cleared. Power-ups are available in case things get chaotic.

    Neon Poly – Shape Puzzle Game is available for free for a limited time. It has a 5-star rating with a total of 9 ratings.

    That concludes today’s issue of Apps Gone Free. If you like staying on top �of these daily deals, don’t forget to check out our free AppsGoneFree app. It provides all the deals each day, and even an archive of past deals that are still active.

    Developers:

    If you are a developer who would like to get your app included in our “Apps Gone Free” daily lists, here’s our basic set of rules:

    • It must have at least a three-star average rating at the time it goes free.
    • The app must not have been free numerous times (3+) over the last six months.
    • The free version of your app must not include ads.

    To submit an app, simply send a request to tyler@appadvice.com with the subject “Apps Gone Free.” Please include the name of the app, a link to it in the App Store, when and for how long you intend to offer the app for free, and anything else you would like to share. We will take it from there.


              SSDs: Fast Storage Made Simple—and Economical   
    Download this infographic to get a snapshot view of all-flash storage arrays that deliver simply consistent performance, more than 5x data reduction with inline pattern removal, data-at-rest encryption across all managed data sets, and more. Here's your chance to mitigate your storage architecture complexities. Published by: IBM Tectight
              Petya Global Ransomware Attack Shows Why Businesses Should Prepare for Loss or Unwanted Encryption of Key Data   
    What is it? This new variation of Petya (“Little Peter” in Russian) is more robust ransomware than last month’s North Korean WannaCry ransomware. It has no kill switch, and it encrypts entire hard drives, not just individual files....
    By: Lathrop Gage
              Berkman Center front page: The Shifting Landscape of Global Internet Censorship   

    Subtitle

    An Uptake in Communications Encryption Is Tempered by Increasing Pressure on Major Platform Providers; Governments Expand Content Restriction Tactics

    Teaser

    Documenting the practice of Internet censorship around the world through empirical testing in 45 countries of the availability of 2,046 of the world’s most-trafficked and influential websites, plus additional country-specific websites.

    Author(s)

    Thumbnail Image: 

    This study, conducted by the Internet Monitor project at the Berkman Klein Center for Internet & Society, documents the practice of Internet censorship around the world through empirical testing in 45 countries of the availability of 2,046 of the world’s most-trafficked and influential websites, plus additional country-specific websites. The study finds evidence of filtering in 26 countries across four broad content themes: political, social, topics related to conflict and security, and Internet tools (a term that includes censorship circumvention tools as well as social media platforms). The majority of countries that censor content do so across all four themes, although the depth of the filtering varies.

    The study confirms that 40 percent of these 2,046 websites can only be reached by an encrypted connection. While some sites can be reached by either HTTP or HTTPS, total encrypted traffic to the 2,046 sites has more than doubled to 31 percent in 2017 from 13 percent in 2015. Meanwhile, and partly in response to the protections afforded by encryption, activists in particular and web users in general around the world are increasingly relying on major platforms, including Facebook, Twitter, Medium, and Wikipedia.

    These trends have created challenges for state Internet censors operating filters at national network levels. When an entire website is encrypted, it is not easy to detect and selectively block a particular article on Wikipedia or a particular dissident’s social media profile. Unless a platform agrees to remove content, a country must either block the whole site, or allow everything through. The study finds that the increasing adoption of HTTPS has reduced the blocking of communications in some cases and has led to broader crackdowns in others.

    Producer Intro

    Authored by
              How to Install Windows Vista on Windows XP PC?   
    microsoft outlook 2007
    Windows Vista is amongst the Windows operating system, and is successor of Windows XP. It consists of many new and exciting features, which will increase your daily performance.
    Features
    Windows Vista consists of Ease of Access Center, which offers a suitable, centralized place to find out accessibility settings and programs, so that, you can use your computer easily. It offers you instant access to common tools, ability to explore all accessibility settings in seven categories, etc. This operating system consists of BitLocker Drive Encryption, which prevents an unauthorized person who runs a software hacking tool from breaking Windows Vista file and system protections.
    Usability
    Windows Vista is integrated with accessibility settings and programs, which make it easier for you to view, hear, and use your computer. These programs are particularly helpful for those people, who have visual difficulties, hearing loss, pain in their hands or arms, or reasoning and cognitive issues. You can easily perform upgrade to Windows Vista on a Windows XP-based computer with the following steps:
    STEP 1: Insert the Windows Vista DVD into the DVD drive.
    STEP 2: Click on “Install now” on the Install Windows page.
    STEP 3: On the Get important updates, click on ““Go online to get the latest updates for installation”, in order to protect your computer against security threats.
    STEP 4: On the “Type your product key for activation page”, type your 25-character product key.
    STEP 5: On the “Please read the license terms” page, click on “I accept the license terms” check box.
    STEP 6: Click on Upgrade on the “Which type of installation do you want?” page.
    STEP 7: Follow the instructions to complete installation of Windows Vista.
    It is suggested that you should restart your computer after Windows Vista installation gets completed.
    Limitations
    While installation of Windows Vista, you can have some issues like installation could not get completed, etc. You may face any problem while working with Windows Mail. Sometimes Windows Media Player will stop responding.
              Global coalition from five nations demands “Five Eyes” respect encryption   
    30 June 2017 | 9:23 am https://www.accessnow.org/83-organizations-experts-5-nations-demand-five-eyes-respect-strong-encryption/ Today, 83 organizations and individuals from Australia, Canada, New Zealand, the United Kingdom, and the United States sent a letter to their respective governments insisting that government officials defend strong encryption. The letter comes on the heels of a meeting of the “Five Eyes” ministerial meeting in Ottawa, Canada earlier… Continue reading Global coalition from five nations demands “Five Eyes” respect encryption
              Auto-Unlock Bitlocker with eDrive (Hardware Encryption)   
    Self-Encrypting Drive (SED) technology provides verified and certified data security which offers nearly unbreakable pre-boot access protection for user data. Because SED access is pre-boot, there is no possibility of running an OS utility to break authentication codes. Following TCG Opal 2.0 specifications and IEEE-1667 access authentication protocols provide data security which meets government standards … Continue reading
              How to remove NSMF Ransomware virus from system and infected programs   
    Keep Your PC Safe from NSMF Ransomware Virus,Malware and Ransomware NSMF Ransomware is a file encryption threat which belongs to ransomware category that is a modified version of the HiddenTear open-source ransomware released by Utku Sen in August 2015. The ransomware joins the HT variant that include well document threats like the CryptoSweetTooth Ransomware and [...]
              Linksys AC1200 Dual-Band Smart WiFi Router(WRT1200AC) - $67.99 FS @ Staples   

    Rating: 0 Posted By: Sleepthieves
    Views: 549 Replies: 1

    Linksys AC1200 Dual-Band Smart WiFi Router(WRT1200AC) - $67.99 FS @ Staples

    Amazonalso has this price. Everyone elseis selling it for near double.

    Trusted Reviews

    • Wireless speeds up to 400 Mbps plus 867 Mbps for fast network access
    • Connects up to 10 devices in large homes
    • Ideal for video streaming, heavy browsing, and next-generation online gaming
    • WPA2 encryption, SPI firewall, and guest security features offers security and flexible administration
    • USB 3.0 and eSATA/USB 2.0 ports allow for connecting network storage devices
    • Adjustable, high-gain antennas provide enhanced speeds
    • LinksysSmart Wi-Fi with Network Map enabled lets you easily see and manage all connected devices on your network
    • Includes four Gigabit Ethernet ports for fast wired access
    • 1.3GHz dual-core ARM processor supports multiple high-bandwidth connections

              apps-extra/rsyslog-gssapi-8.28.0-1-x86_64   
    GSSAPI authentication and encryption support for rsyslog
              Send Anywhere (File Transfer) v7.6.30 [Ad Free]   
    Send Anywhere (File Transfer) v7.6.30 Requirements: 4.0.3+ Overview: Send Anywhere: Easy, quick, and unlimited file sharing ▶ Features • Transfer any file type without altering the original • All you need is a one-time 6-digit key for an easy file transfer • Wi-Fi Direct: transfer without using data or the Internet • Easy link sharing via all Social Media and Messenger Apps • Reinforced file encryption (256-bit) ▶ Wi-Fi Direct (NEW) – With nearby Android devices, you can use Wi-Fi Direct to send files • WITHOUT using data or an Internet connection • Via a 4-digit key or
              The battle over encryption and what it means for our privacy   

    It is a rare law enforcement officer or intelligence agent who doesn’t want access to more information. Yet total information awareness, to use a term from the George W. Bush administration era, has never been possible. Some people whisper to avoid prying ears. Others draw the blinds to prevent looking in.

    More fundamentally, the right to privacy – the personal preserve where governments should not be allowed to snoop – is an impediment to official surveillance. That privacy is necessary to safeguard such sensitive matters as our banking information, our medical history, our personal relationships, or our ability to explore unpopular or potentially embarrassing points of view.

    Today the battle between law enforcement and privacy is being fought over encryption. One response to Edward Snowden’s revelations about the extent of U.S. government surveillance has been growing popular insistence on encryption – such as the end-to-end encrypted communications used in iPhones or WhatsApp to which no phone or Internet company holds an access key. Meeting this week in Ottawa, the “Five Eyes” intelligence sharing partnership – Australia, Canada, New Zealand, the United Kingdom and the United States – is considering an Australian proposal to mandate such a key, or “back door,” to encryption. Officials in the U.S. and U.K. have made similar proposals.

    The rationale is that many terrorists and other criminals are using end-to-end encryption to hide their activities. Even if law enforcement officers or intelligence agents obtain a judicial warrant to monitor their communications, the lack of a back door key means there is no way that phone or Internet companies can let these officers in.

    Yet a mandated back door – essentially a built-in vulnerability – is dangerous because there is no way to ensure that only the good guys will exploit it. Today’s hackers, both criminal and governmental, are increasingly sophisticated. They have hacked Internet companies, sensitive infrastructure, even the National Security Agency itself. Technology companies are in a feverish race to enhance privacy and security protections. The last thing they need is to introduce a deliberate vulnerability. Few would want to return to an era when encryption was not the norm.

    And to what end? A mandated back door to encryption might enable governments to catch some criminals. But criminals with any degree of sophistication would simply download encryption services that are widely available on the Internet without going through one of the brand-name companies that might be mandated to introduce a back door. Meanwhile, ordinary members of the public would be stuck with vulnerable communications.

    Moreover, Western Internet and phone companies would be competitively crippled. Even if Five Eyes and other Western governments mandated a back door for devices made in their country, other countries might not follow suit. Anyone concerned with their privacy and security would flock to and try to sneak in devices produced in non-back-door countries.

    The crimes that might be stopped through a back-door mandate must be weighed against the crimes that would be created. The vulnerability in our software and digital devices would mean more theft, blackmail and extortion as hackers enjoy a field day. Street crime would also be affected. The rise of strong default smartphone encryption has contributed to a plummeting in once-rampant cellphone theft. There’s no point in stealing a phone (often violently) if you can’t penetrate its encryption. A mandated back door, once its vulnerability has been hacked, would once again expand the market for stolen phones.

    Proponents of a back door also tend to assume that law-enforcement or intelligence access to it would require a judicial warrant or some lawful process, but it is easy to imagine circumstances in which these processes would be circumvented or subverted. In many countries where these devices are used, unscrupulous governments or officials in possession of this information would be more likely to persecute dissidents for their private criticisms.

    For these reasons, a pantheon of senior security officials think a mandated back door is a bad and dangerous idea. In the United States, these include the past heads of the CIA, the NSA, and the Department of Homeland Security, as well as former president Barack Obama’s Presidential Review Group on Intelligence and Communications Technologies. Europol has also warned that “solutions that intentionally weaken technical-protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well.” Security officials would be better off adapting to a world of encryption than to weaken the security of our communications.

    Even where end-to-end encryption is used, many types of communication already are subject to judicially-ordered surveillance. Metadata – such as the data that guides a communication to the proper destination – cannot do its job if it is encrypted. It remains available to government monitoring by appropriate judicial order, although care should be taken to ensure that this data, which can reveal a great deal about our personal life, is not collected excessively. Other metadata can pinpoint where a phone (and presumptively its user) has gone. Much information stored in the cloud is unencrypted.

    The plethora of such unencrypted information has led some to say that today is the “golden age of surveillance.” Rather than press for encryption back doors, governments would be better off teaching investigators how to access important unencrypted sources of information.

    It’s time to abandon the quest for total information awareness. Yes, some criminals will benefit from encryption. But just as we don’t outlaw whispering or drawing the shades, so we should accept that encryption is the only way to safeguard our communications in an era of increasingly sophisticated cybercrime and unauthorized surveillance.


              IAM Consultant - The Herjavec Group - Canada   
    Experience with J2EE technologies, scripting, directories, certificates (PKI), and encryption are highly desirable....
    From The Herjavec Group - Wed, 17 May 2017 15:13:43 GMT - View all Canada jobs
              The Encryption Debate Should End Right Now, After Vault 7, Shadow Brokers, WannaCry, and Petya   
    Any case for intelligence agencies to have special access to encryption moot.
              AxCrypt 2.1.1513.0   
    AxCrypt is the leading open source file encryption software for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.
              VeraCrypt 1.20   
    VeraCrypt is a free disk encryption software based on TrueCrypt. It adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
              Man With A Rifle, Numerous Police On Scene   
        Details are minimal due to the police encryption. RS fans are reporting a man with a gun (Rifle) … Continue reading →
              MarshallSoft dBase AES Library 4.1   
    AES Encryption component provides a simple interface to encrypt/decrypt files, strings or data from dBase applications. Uses the latest 256-bit AES symmetric encryption algorithm (Rijndael) for strong encryption. Supports CBC and ECB mode, initialization vectors, key generation from text and password phrases. Implements PKCS7 padding and does random byte data generation.

    Download MarshallSoft dBase AES Library 4.1
              اسهل طريقة لتشفير محادثاتك واخفاء اسرارك على ماسنجر فيس بوك    
    اسهل طريقة لتشفير محادثاتك واخفاء اسرارك على ماسنجر فيس بوك
    الشائعات تكاد لا تتوقف عن فيس بوكfacebook،كل يوم شائعة بداية من الغاء الاشتراك المجانى ووصولا الى تقديم بياناتك ومحادثاتك السرية لاجهزة مخابرات.
    واحيانا تتدخل فيس بوك facebook لنفى شائعة لكنها غالبا لا تكلف نفسها عناء الرد على الشائعات التافهة.
    واليوم تقدم فيس بوك طريقة سهلة لطمأنة مستخدميها الذين يتبادلون محادثات سرية ،فانت تستطيع تشفير المحادثة وبهذه الطريقة لا يستطيع احد الاطلاع على بياناتك ابدا حتى فيس بوك نفسه مع ملاحظة ان ميزة التشفير لم تصل للجميع حتى الآن.
    فكرة تشفير محادثات فيس بوك صارت ضرورة بعد نجاحها على تطبيق واتساب وأتاحته لأكثر من مليار مستخدم، وها هي فيس بوك تقدم نفس التشفير على ماسنجرMessenger لأكثر من 900 مليون مستخدم أيضاً.
    طريقة التشفير:
    ادخل على إعدادات تطبيق ماسنجرMessenger.
    قبل البدء بمحادثة جديدة عليك ان تبدأها كمحادثة مشفرة.
    يستخدم طرفا المحادثة أحدث نسخة من ماسنجر فيس بوك.
    اختر أيقونة القفل وعند تفعيلها بنقلها إلى اليمين .
    ستتحول القائمة إلى اللون الأسود.
    الآن تكلم براحتك فمحادثتك مشفرة لا يراها غيركما من المستخدمين.
    تشفير محادثات الموبايل
    على نظامي iOS وAndroid،:
    1-من علامة التبويب ، اضغط على
    2-اضغط على سرية في الزاوية العلوية اليسرى
    3-حدد الأشخاص الذين تريد مراسلتهم
    4-اضغط على في المربع النصي وقم بتعيين مؤقت بحيث تختفي الرسائل، إن أردت ذلك
    ملاحظة :
    التشفير يعمل فقط بالمحادثات الثنائية وليس الجماعية. وينطبق التشفير ليس فقط على الرسائل النصية المتبادلة بل حتى الصور والملصقات لكنه لا ينطبق على مقاطع الفيديو والصور المتحركة.
    تصحيح:
    اذا نسيت ان تبدأ بالتشفير وبدأت الكلام فعلا مع الطرف الثانى و أردت تطبيق التشفير ، اضغط على اسم المستخدم الذي تتحدث معه أو مفتاح حرف i في أعلى الشاشة واختر منها المحادثة السرية لتفعيل التشفير على هذه المحادثة من الآن فصاعداً.

              Comment on MySQL Encryption at Rest – Part 2 (InnoDB) by utdrmac   
    Hello icsomu, 1. You can do both, but that doesn't really gain you anything. If everything (tablespace, redo, binlog, etc) is already on 1 partition, you should do LUKS so that you encrypt everything at rest. If you had things split up, like binlogs on partition A, redo/undo on partition B, and tablespace on partition C, then you could do a combo of LUKS on A, and B, and use InnoDB TE for the tables. 2. The performance impact is minimal if your CPU has AES hardware acceleration. You can compile this test suite, written in assembly, to determine if your CPU supports the AES. https://github.com/kmcallister/aesni-examples
              Comment on MySQL Encryption at Rest – Part 2 (InnoDB) by icsomu   
    Nice blog. Couple of questions: 1. Is the recommendation to use block level encryption with table space encryption (Keep in mind the downsides of using only TE) ? 2. What was the performance impact between both?
              Apple vs FBI: The unspoken Truth on Encryption   
    While one can admire Apple for ‘defending’ it’s customers privacy, while also benefiting with the positive advertising. It is probably a moot, and hollow victory as the NSA and the CIA have already broken Apple security. Not that it shouldn’t
              TigerVNC 1.2.0   
    TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), a client/server application that allows users to launch and interact with graphical applications on remote machines. TigerVNC provides the levels of performance necessary to run 3D and video applications, and it attempts to maintain a common look and feel and re-use components, where possible, across the various platforms that it supports. TigerVNC also provides extensions for advanced authentication methods and TLS encryption.
              Deciphering the European Encryption Debate: United Kingdom   
    Open offsite URL

              Update - Freeware - VeraCrypt v1.20   
    VeraCrypt is an encryption software that enables you to create encrypted containers to store your sensitive files and documents. An encrypted container file can be stored anywhere on your computer o....
              83 organisations send strong message to Five Eyes   

    Today InternetNZ - alongside 83 organisations and individuals from Five Eyes countries Australia, Canada, New Zealand, the United Kingdom, and the United States - signed onto an open letter asking government officials to defend strong encryption.


              Machine Learning Applied to the Recognition of Cryptographic Algorithms Used for Multimedia Encryption   
    This paper presents a study of encrypted multimedia files in order to identify the encryption algorithm. Audio and video files were encoded with distinct cryptographic algorithms and then metadata were extracted from these cryptograms. The algorithm identification is obtained by using data mining techniques. Therefore, the procedure first stage performs the encryption of audio and video files using DES, Blowfish, RSA, and RC4 algorithms. Then, the encrypted files were submitted to the data mining algorithms: J48, FT, PART, Complement Naive Bayes, and Multilayer Perceptron classifiers. The resulting confusion matrices compiled into charts and it was possible to notice that the percentage of identification for each of the algorithms is greater than a probabilistic bid. There are several scenarios where algorithm identification reaches almost full recognition.
              SumRando VPN 1.0.0.228   
    Security and Privacy Encryption Software for Windows
              Network DLP SME   
    WI-Neenah, Need GC & USC Only Position: Network DLP SME Location: Neenah, WI Duration: Full Time Must Have Skills · Minimum 5 years · Data Loss Prevention knowledge of concepts/products (McAfee DLP) and Data Encryption concepts/products (Vormetric, Protegrity, Voltage, etc). · Ability to communicate security, data protection, data loss prevention related concepts to a broad range of technical and non-technic
               AxCrypt 2.1.1513.0    
    Free Open Source Strong File Encryption [...]

              VeraCrypt 1.20   

    VeraCrypt 1.20 VeraCrypt is a free disk encryption software program based mostly on TrueCrypt. It provides enhanced safety to the algorithms used for system and partitions encryption making it proof against new developments in brute-force assaults. For instance, when the system partition is encrypted, TrueCrypt makes use of PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt […]

    The post VeraCrypt 1.20 appeared first on ZetFile.


              PeaZip Portable 5.2.2   
    PeaZip is a free to download Open Source file and archive manager: flexible, portable, secure, and free as in freedom.
    Extract, create and convert multiple archives at once, create self-extracting archives, split/join, strong encryption, secure deletion, advanced search and compare features...



              Bringing ViewState into the Light   
    Download the source

    YAVA (Yet another ViewState Article). For years now ViewState has remained hidden in the turbulent html source of our documents and applications. ASP.NET puts it there because, well, it isn't pretty. It's pretty ugly really.

    Many ViewState Viewers are available that let you put on Base64 encoded glasses and see what's really in there. But sometimes I just want to have a good idea of what the size of my ViewState is on the various pages of my applications. If its too big, then I'll start thinking about optimizing it, which is when a decoder may come in handy. But to just get a feel for what its size is throughout my application, all I need is to look at the encoded string. But doing a "view source" every time is a pain.

    ASP.NET 2.0 makes it easy to customize how ViewState is persisted. It even comes with two persisters of its own: HiddenFieldPageStatePersister and SessionPageStatePersister. Why not have a VisibleFieldPageStatePersister?


    ViewState in all its glory


    The cool thing about this simple persister is that it isn't just showing you what the ViewState is. The textarea is the field that the ViewState actually lives in. That means it's easy to change the ViewState for the page. Imagine you have a complex page with dozens of input fields on them, and you are trying to test a step in a process that is several steps behind those fields. It would be a pain to have to enter all those fields every time you wanted to debug. With this, you could copy the ViewState of the form at the point you'd like to return back to, and then assuming there were no server-side actions that you depend on having actually occurred, and ViewState is enabled on all the controls you need it for, you will instantly be back in that state.

    WARNING: Do not let this make you think that ViewState is responsible for maintaining the state of posted input fields like TextBoxes and CheckBoxes. It isn't. Well it is, too. ViewState lets TextBoxes and such remember their state even when their value isn't naturally posted (such as when it's invisible, or people like us cheat the system as in this example). But normally TextBoxes and such remember their state simply because they are input forms, and even without ViewState their value is posted to the server. ViewState just makes it that much smarter at it (and enables things like TextChanged and CheckChanged events). So... if you have ViewState disabled on a TextBox, for example, this little trick won't restore it's state.

    Here's an example. On this page, the "Click here!" button changes the label of the page, like so:


    ViewState jumps by 128 bytes here


    If we copy the text from the "previous" field into the "current" field, a postback occurs automagically, and the form returns to it's previous state.


    Voila!


    How useful this really is, I'm not sure. There's plenty of room for improvement. For example, it could be extended to track the viewstate on every postback, allowing you to "go back" and "go forward", swapping the state along the way as appropriate. It could also have a built-in ViewState visualizer, that'd be handy. I haven't tested it in all scenarios... like when ViewState encryption is enabled. It definitely won't work if you limit the size of the ViewState field. Also, since it's using an actual TextBox control that it adds to the forms control collection, it's possible that code elsewhere on your pages could accidentally manipulate or otherwise disable the control.

    The simplest way to use it is to make your page inherit from the included VisibleViewStatePage class (instead of just Page).

    Download the source (C#) here

    Happy coding! :)
              Folder Lock 7.7.0   

    Folder Lock Icon


    Folder Lock is data security solution that lets you password-protect files, folders, and drives; encrypt your important files on-the-fly, backup files in real-time, protect portable drives, shred files & drives and clean history. Folder Lock offers 256-bit AES on-the-fly encryption as well as syncing of encrypted files to an online/cloud storage. No need to decrypt or manually backup your files. You can later restore files at any time, on any computer.
    Read more »
              AxCrypt 2.1.1513.0   
    AxCrypt Icon


    AxCrypt is an open source file encryption software that integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.
    Read more »
              LV0 encryption key cracks current and future PlayStation 3 firmware   

    It looks like the security of the PlayStation 3 has been cracked wide open. But then again we’ve thought the same thing in the past and Sony managed to patch those exploits. The latest in the cat and mouse game is the release of the LV0 encryption codes for the PS3 console. The guys who discovered the magic strings of characters supposedly intended to keep them a secret, but have gone public after there was a leak and some black-hats now intend to use them for profit.

    The keys are the bottom layer of security when pushing firmware updates to …read more


              Encryption is mandatory for healthcare data   

    More hospitals are turning to cloud-based services to store their data.  They want to tap into the existing infrastructure and convenience, not to mention reduced costs and lesser maintenance hassles that come with this transition.

    That’s not all. The data that is stored on the cloud can be analyzed quickly to get meaningful insights. For example, it’ll be easy to know the rate of child obesity or the demographic groups that are more vulnerable to diseases like diabetes. With such deep insights, providing care will become streamlined and focused. At the same time, the government and the healthcare industry can come together to create a way to prevent such diseases from plaguing those demographic groups.

    In fact, the above situations are just a tip of the iceberg as cloud storage and analytics opens the world for all kinds of possibilities in the medical world. Little wonder that more companies are moving to the cloud to leverage these benefits.

    To cater to this growing demand from hospitals to store and analyze patient data, many companies have setup public healthcare cloud. But how safe are these cloud services?

    A report called Cloud Infrastructure Security Trends released by cybersecurity vendor RedLock shows that 31 percent of databases in public healthcare clouds are easily accessible over the Internet and 40 percent of organizations have one or more cloud storage services exposed to the general public. In fact, this study looked at multiple verticals and were able to access 4.8 million records that includes many sensitive data about patients.

    You may wonder what happened to the many privacy regulations including HIPAA?

    HIPAA lays down certain regulations when it comes to public healthcare cloud, of which, a primary one is to ensure that the data you store is safe. Though these healthcare clouds have to comply with these regulations, it’s not completely foolproof. HIPAA as such faces many challenges, so the onus is on you to take measures to protect the safety and integrity of your data.

    One way to ensure that your data is safe is to keep it encrypted. The report further states that 82 percent of databases are not encrypted, so the chances for accessing information with low to medium effort is fairly high. As a hospital authority, you have to make sure that all your data and databases are encrypted. This should be one of the most important aspects that you should talk about before signing a contract with a service provider.

    Another option is to go with a zero-knowledge provider. If you’ve never heard this term before, don’t worry as you’re not alone.

    Zero-knowledge providers are those that encrypt your data using AES algorithm and only you have the key to decrypt them. In other words, no other person other than you, not even the employees of your service provider or any other third party such as your Internet Service Provider or the NSA can access your data. Since this service doesn’t even store your username and password, you can ensure that you’re records are safe.

    That said, not many zero-knowledge [...]

    The post Encryption is mandatory for healthcare data appeared first on Cloud News Daily.


              Stop encrypted messaging to fight terrorism – Government officials   
    Two Australian government officials have stated they want to fight the "encryption of terrorist messaging".
              Re: The reason encryption should be mandated   
    none
              The reason encryption should be mandated   
    none
              Governments *should* get involved in mandating encryption   
    none
              History of Cryptology – Encryption   

    Learn about history of cryptology throughout the ages!   Cryptography, the use of codes and ciphers to protect secrets, began thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. ...

    The post History of Cryptology – Encryption appeared first on Information Technology Blog.


              EncryptIt V1.1   
    EncryptIt is available for evaluation and purchase from ComponentSource. Developers can purchase, sell and learn how to build reusable software components for Borland JBuilder™ at ComponentSource, a global marketplace and community for software components and tools.EncryptIt allows you to encrypt and decrypt data, passwords and files within your application. EncryptIt is a Java component, which will encrypt data strings and files within a Java application. It can be used for secure data storage and for secure access control through password encryption. The encryption is performed using established algorithms such as DES and TripleDES. The developer can select their preferred option from a range of encryption algorithms or use their own. Original data is recovered by de-encryption using the same cipher keys. The Encryption Engine component provides a flexible means of incorporating data encryption into your system without the need to study and understand complex encryption algorithms. The data to be encrypted is simply placed as a source file or data string for the encryption engine, which then creates an output of the encrypted data. The encryption process can be applied to encrypt sensitive data for secure storage, to encrypt and store passwords to ensure secure access to systems and to protect data entry into open systems.Encryption Engine supports a number of established encryption algorithms, namely:- DES - Triple DES - Blowfish - RC2 - RC4 The developer can determine which of these he wishes to use by simply making the correct calls on the available classes. If required the developer can implement their own preferred encryption algorithm by selecting the correct interface for the Encrypt object.The encryption process requires the creation of cipher keys. These can be generated automatically from a truly randomizing process, which creates a unique key, or they can be generated from a seed hex string, which produces a unique but repeatable key. In either case it is imperative that the keys are stored securely and maintained private, otherwise security is compromised. In normal operation the encryption keys are destroyed once the data has been de-encrypted. In the event that the keys are destroyed before de-encryption then the data will be irrecoverable.The Enterprise Edition includes a Java Bean version and an EJB version.The evaluation has limited functionality.Evaluate and buy EncryptIt from: www.ComponentSource.com/JBuilder6
              OSCI Transport Library 1.6 OSCI-Transport Messages Padding weak encryption   

    A vulnerability classified as critical was found in OSCI Transport Library 1.6. This vulnerability affects an unknown function of the component OSCI-Transport. The manipulation as part of a Messages leads to a weak encryption vulnerability (padding). The CWE definition for the vulnerability is CWE-311. As an impact it is known to affect confidentiality, integrity, and availability.

    The weakness was published 06/30/2017. This vulnerability was named CVE-2017-10668 since 06/28/2017. The exploitation appears to be difficult. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 06/30/2017).

    There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

    The entries 102971 and 102972 are pretty similar.

    CVSSv3

    VulDB Base Score: ≈4.6
    VulDB Temp Score: ≈4.6
    VulDB Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
    VulDB Reliability: Low

    CVSSv2

    VulDB Base Score: ≈3.5 (CVSS2#AV:A/AC:H/Au:S/C:P/I:P/A:P)
    VulDB Temp Score: ≈3.5 (CVSS2#E:ND/RL:ND/RC:ND)
    VulDB Reliability: Medium

    CPE

    Exploiting

    Class: Weak encryption / Padding (CWE-311)
    Local: Yes
    Remote: No

    Availability: No

    Price Prediction: steady
    Current Price Estimation: $0-$5k (0-day) / $0-$5k (Today)

    Countermeasures

    Recommended: no mitigation known
    0-Day Time: 0 days since found

    Timeline

    06/28/2017 CVE assigned
    06/30/2017 Advisory disclosed
    06/30/2017 VulDB entry created
    06/30/2017 VulDB last update

    Sources


    CVE: CVE-2017-10668 (mitre.org) (nvd.nist.org) (cvedetails.com)
    See also: 102971, 102972

    Entry

    Created: 06/30/2017
    Entry: 67.6% complete

              General Electric Multilin Protection Relay Random Generator weak encryption   

    A vulnerability, which was classified as critical, was found in General Electric Multilin Protection Relay (the affected version is unknown). Affected is an unknown function of the component Random Generator. The manipulation with an unknown input leads to a weak encryption vulnerability. CWE is classifying the issue as CWE-311. This is going to have an impact on confidentiality, integrity, and availability.

    The weakness was shared 06/30/2017. This vulnerability is traded as CVE-2017-7905 since 04/18/2017. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 06/30/2017).

    There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

    CVSSv3

    VulDB Base Score: 6.3
    VulDB Temp Score: 6.3
    VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
    VulDB Reliability: Low

    CVSSv2

    VulDB Base Score: 4.4 (CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P)
    VulDB Temp Score: 4.4 (CVSS2#E:ND/RL:ND/RC:ND)
    VulDB Reliability: Medium

    CPE

    Exploiting

    Class: Weak encryption (CWE-311)
    Local: Yes
    Remote: No

    Availability: No

    Price Prediction: steady
    Current Price Estimation: $0-$5k (0-day) / $0-$5k (Today)

    Countermeasures

    Recommended: no mitigation known
    0-Day Time: 0 days since found

    Timeline

    04/18/2017 CVE assigned
    06/30/2017 Advisory disclosed
    06/30/2017 VulDB entry created
    06/30/2017 VulDB last update

    Sources


    CVE: CVE-2017-7905 (mitre.org) (nvd.nist.org) (cvedetails.com)

    Entry

    Created: 06/30/2017
    Updated: 06/30/2017
    Entry: 68% complete

              Sierra Wireless AirLink Raven XE/AirLink Raven XT up to 4.0 weak encryption   

    A vulnerability, which was classified as problematic, has been found in Sierra Wireless AirLink Raven XE and AirLink Raven XT up to 4.0. This issue affects an unknown function. The manipulation with an unknown input leads to a weak encryption vulnerability. Using CWE to declare the problem leads to CWE-311. Impacted is confidentiality.

    The weakness was presented 06/30/2017. The identification of this vulnerability is CVE-2017-6046 since 02/16/2017. The exploitation is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.

    Upgrading eliminates this vulnerability.

    Entries connected to this vulnerability are available at 102951 and 102952.

    CVSSv3

    VulDB Base Score: 3.7
    VulDB Temp Score: 3.6
    VulDB Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:X
    VulDB Reliability: High

    CVSSv2

    VulDB Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
    VulDB Temp Score: 2.3 (CVSS2#E:ND/RL:OF/RC:ND)
    VulDB Reliability: High

    CPE

    Exploiting

    Class: Weak encryption (CWE-311)
    Local: No
    Remote: Yes

    Availability: No

    Price Prediction: steady
    Current Price Estimation: $0-$5k (0-day) / $0-$5k (Today)

    Countermeasures

    Recommended: Upgrade
    Status: Official fix
    0-Day Time: 0 days since found

    Timeline

    02/16/2017 CVE assigned
    06/30/2017 Advisory disclosed
    06/30/2017 VulDB entry created
    06/30/2017 VulDB last update

    Sources


    CVE: CVE-2017-6046 (mitre.org) (nvd.nist.org) (cvedetails.com)
    See also: 102951, 102952

    Entry

    Created: 06/30/2017
    Updated: 06/30/2017
    Entry: 70.4% complete

              Schneider Electric Modicon M241/Modicon M251 Authentication password Base64 weak encryption   

    A vulnerability classified as critical was found in Schneider Electric Modicon M241 and Modicon M251 (the affected version is unknown). Affected by this vulnerability is an unknown function of the component Authentication. The manipulation of the argument password with an unknown input leads to a weak encryption vulnerability (base64). The CWE definition for the vulnerability is CWE-311. As an impact it is known to affect confidentiality.

    The weakness was presented 06/30/2017. This vulnerability is known as CVE-2017-6028 since 02/16/2017. The attack can only be done within the local network. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 06/30/2017).

    There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

    See 102942 for similar entries.

    CVSSv3

    VulDB Base Score: 4.3
    VulDB Temp Score: 4.3
    VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
    VulDB Reliability: High

    CVSSv2

    VulDB Base Score: 2.9 (CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N)
    VulDB Temp Score: 2.9 (CVSS2#E:ND/RL:ND/RC:ND)
    VulDB Reliability: High

    CPE

    Exploiting

    Class: Weak encryption / Base64 (CWE-311)
    Local: No
    Remote: Partially

    Availability: No

    Price Prediction: steady
    Current Price Estimation: $0-$5k (0-day) / $0-$5k (Today)

    Countermeasures

    Recommended: no mitigation known
    0-Day Time: 0 days since found

    Timeline

    02/16/2017 CVE assigned
    06/30/2017 Advisory disclosed
    06/30/2017 VulDB entry created
    06/30/2017 VulDB last update

    Sources


    CVE: CVE-2017-6028 (mitre.org) (nvd.nist.org) (cvedetails.com)
    See also: 102942

    Entry

    Created: 06/30/2017
    Entry: 70.4% complete

              Poor mans getTracefile   
    As you might know already, I'm a big fan of Oracle Traces. Consequently I'm a fan of Method-R tools to work with these files as well.
    A very important part in the chain of tools is Method R Trace - an extension to SQL Developer - as it speeds up developers a lot: When they generate a tracefile, they can access it immediately and do not need to ask and wait for a DBA to get and provide the file. On the other side, I as a lazy dba want developers to serve themselves.
    Therein Method R Trace specializes.
    Beside the functionality to trace a current statement/script, in Version 2.0.0.43 of Method R Trace There was another functionality (called feature 2) to list all tracefiles

     and download them.

    Unfortunately this functionality disappeared in Version 3.0.0.1 as I mentioned earlier.



    As I really like that feature I implemented a poor mans getTracefile functionality in SQL Developer 4.1 with a mixture of Method R Trace Installation Script from version 2.0.0.43 and 3.0.0.1(+patch).



    The outcome is not so nice looking or integrated, but it provides the general functionality.
    You can list all the tracefiles in a User Defined Report:



    When you click a Tracefile the child report gets populated with a bfile locator associated with the specific physical LOB file.


    Here SQL Developer is very kind to provide a context menue for this bfile locator.




    And you can decide to store the file locally or view it directly. There is no fancy integration into Method R Trace like tagging, filter or whatever, so you must process the file manually.



    To get this functionality an extension to the MRTRACE schema is required, and of course the user defined Report must be installed in SQL Developer.

    For a proper MRTRACE schema you need both installation scripts from Method R Trace 3.0.0.1 and 2.0.0.43. First install the 3.0.0.1 script (+patch). Afterwards install only the level two feature set objects from 2.0.0.43.

    Additional grants are required as well:
    grant select on dba_directories to mrtrace;

    And as these objects, grants and synonyms needs to be created. I create them for user MRTRACE.

    /* 0.3 */
    /* 20150511 - bergerma - add full schema reference (MRTRACE) */
    /* as MRTRACE lacks create session and has NOPASSWORD */
    /* add JAVA_GRANTS as trace directories changed */
    /* requires MrTrace 2.0.0.43 objects! */
    /* http://berxblog.blogspot.com/2015/05/poor-mans-gettracefile.html for details */

    connect SYS
    grant select on dba_directories to mrtrace; -- <- make sure this user is correct

    connect SYSTEM/:system_pwd

    create or replace TYPE MRTRACE.TRACEFILE AS OBJECT (
    trace_path varchar2(200),
    trace_name varchar2(200),
    filesize NUMBER(15,0),
    filedate date
    );
    /

    create or replace TYPE MRTRACE.TRACEFILES IS TABLE OF MRTRACE.TRACEFILE;
    /

    CREATE OR REPLACE
    PACKAGE MRTRACE.MRTRACE_BX AS

    /* ***************************************************************************
    * berx - 20150507 - initial release - for testers only
    * see http://berxblog.blogspot.com/2015/05/poor-mans-gettracefile.html
    * for details
    *************************************************************************** */

    function get_version return varchar2;

    function get_tracefiles_java return TRACEFILES pipelined;

    function get_bfile(file_name IN varchar2, directory_name IN varchar2)
    return bfile;

    END MRTRACE_BX;
    /

    CREATE OR REPLACE
    PACKAGE BODY MRTRACE.MRTRACE_BX AS

    /* ***************************************************************************
    * berx - 20150507 - initial release - for testers only
    * berx - 20150508 - 0.2 - minor adaptions
    * berx - 20150511 - 0.3 - add full schema reference
    *
    * see http://berxblog.blogspot.com/2015/05/poor-mans-gettracefile.html
    * for details
    * requirements
    * GRANT SELECT ON DBMS_DIRECTORIES TO :MRTRACE_USER
    *************************************************************************** */

    FUNCTION get_version
    RETURN VARCHAR2
    AS
    v_myversion varchar2(10) := '0.3';
    v_required_mrtrace varchar2(20) := '2.0.0.43';
    v_actual_mrtrace varchar2(20);
    v_warning_string1 varchar2(60) := ' - MRTrace_bx requires MRTRACE level two feature set ';
    v_warning_string2 varchar2(30) := ' but the version is: ';
    BEGIN
    v_actual_mrtrace := MRTRACE.get_version;
    if v_actual_mrtrace = v_required_mrtrace then RETURN v_myversion;
    else RETURN v_myversion || v_warning_string1 || v_required_mrtrace ||
    v_warning_string2 || v_actual_mrtrace;
    END IF;
    END get_version;


    FUNCTION get_tracefiles_java
    RETURN TRACEFILES pipelined
    AS
    VRETURNARRAY SimpleStringArrayType;
    v_cnt NUMBER := 0;
    BEGIN
    MRTRACE.GET_TRACEFILES_JAVA(vReturnArray => VRETURNARRAY);
    v_cnt:=VRETURNARRAY.count;
    FOR i IN VRETURNARRAY.first..VRETURNARRAY.last
    LOOP
    pipe row( TRACEFILE( SUBSTR(VRETURNARRAY(i),1,instr(VRETURNARRAY(i), '|', 1, 1)-1) -- PATH
    , SUBSTR(VRETURNARRAY(i),
    instr(VRETURNARRAY(i), '|', 1, 1) + 1,
    instr(VRETURNARRAY(i), '|', 1, 2)-instr(VRETURNARRAY(i), '|', 1, 1)-1) -- FILENAME
    , to_number( SUBSTR(VRETURNARRAY(i),
    instr(VRETURNARRAY(i), '|', 1, 2) +1,
    instr(VRETURNARRAY(i), '|', 1, 3)-instr(VRETURNARRAY(i), '|', 1, 2)-1)
    ) -- SIZE
    , (TO_DATE('19700101000000', 'YYYYMMDDHH24MISS') +
    to_number( SUBSTR(VRETURNARRAY(i),
    instr(VRETURNARRAY(i), '|', 1, 3)+1,
    LENGTH(VRETURNARRAY(i))-instr(VRETURNARRAY(i), '|', 1, 3))) / 86400000
    )
    ) ); -- pipe row ...
    END LOOP;
    RETURN;
    END get_tracefiles_java;

    FUNCTION get_bfile(file_name IN varchar2, directory_name IN varchar2)
    RETURN bfile
    AS
    v_path VARCHAR2(200);
    v_dirname VARCHAR2(100) := 'METHODR_UDUMP_1';
    v_bfile BFILE;
    BEGIN
    v_path := directory_name;
    BEGIN
    select min(dir.DIRECTORY_NAME) into v_dirname
    from dba_directories dir
    where dir.directory_path = v_path
    and dir.directory_name like 'METHODR_UDUMP%';
    EXCEPTION
    WHEN OTHERS THEN
    DBMS_OUTPUT.put_line (
    'Error in get_bfile where raised:');
    DBMS_OUTPUT.put_line (
    DBMS_UTILITY.format_error_backtrace);
    RAISE;
    END;

    v_bfile := bfilename(v_dirname,file_name);
    RETURN v_bfile;
    END get_bfile;

    END MRTRACE_BX;
    /

    DECLARE -- JAVA_GRANTS
    v_path varchar2(200);
    c_path sys_refcursor;
    BEGIN
    open c_path for 'select DIRECTORY_PATH from dba_directories where directory_name like ''METHODR_%''';
    loop
    fetch c_path into v_path;
    exit when c_path%notfound;
    if ( v_path is null )then
    raise_application_error(-20009, 'Could not get the value of the "METHODR_" directory from dba_directories.', false);
    end if;
    execute immediate 'BEGIN DBMS_JAVA.GRANT_PERMISSION(''MRTRACE'',' || '''SYS:java.io.FilePermission'',''' || v_path || ''', ''read'' ); END;';
    execute immediate 'BEGIN DBMS_JAVA.GRANT_PERMISSION(''MRTRACE'',' || '''SYS:java.io.FilePermission'',''' || v_path || '/-'', ''read'' ); END;';
    end loop;
    close c_path;
    END;

    grant execute on MRTRACE.MRTRACE_BX to PUBLIC;
    create public synonym mrtrace_bx for mrtrace.mrtrace_bx;

    At last this report is required in SQL Developer:

    <?xml version="1.0" encoding="UTF-8" ?>
    <displays>
    <display id="04e5e018-014a-1000-8001-ac193119805b" type="" style="Table" enable="true">
    <name><![CDATA[get tracefiles]]></name>
    <description><![CDATA[create a list of tracefiles in Instances UDUMP directory and makes specific files available
    it's based on Method-R Method R Trace functionality (version 2.0.0.43 needed) with an extension MrTrace_bx ]]></description>
    <tooltip><![CDATA[create a list of tracefiles in Instances UDUMP directory and makes specific files available ]]></tooltip>
    <drillclass><![CDATA[null]]></drillclass>
    <CustomValues>
    <TYPE>horizontal</TYPE>
    </CustomValues>
    <query>
    <sql><![CDATA[select TRACE_NAME ,
    FILESIZE ,
    FILEDATE ,
    TRACE_PATH
    from table(mrtrace_bx.get_tracefiles_java)]]></sql>
    </query>
    <pdf version="VERSION_1_7" compression="CONTENT">
    <docproperty title="-" author="-" subject="-" keywords="-" />
    <cell toppadding="2" bottompadding="2" leftpadding="2" rightpadding="2" horizontalalign="LEFT" verticalalign="TOP" wrap="true" />
    <column>
    <heading font="null" size="10" style="NORMAL" color="-16777216" rowshading="-1" labeling="FIRST_PAGE" />
    <footing font="null" size="10" style="NORMAL" color="-16777216" rowshading="-1" labeling="NONE" />
    <blob blob="EMBED" zip="false" />
    </column>
    <table font="Agency FB" size="10" style="NORMAL" color="-16777216" userowshading="false" oddrowshading="-1" evenrowshading="-1" showborders="true" spacingbefore="12" spacingafter="12" horizontalalign="LEFT" />
    <header enable="false" generatedate="false">
    <data>

    null </data>
    </header>
    <footer enable="false" generatedate="false">
    <data value="null" />
    </footer>
    <security enable="false" useopenpassword="false" openpassword="null" encryption="EXCLUDE_METADATA">
    <permission enable="false" permissionpassword="null" allowcopying="true" allowprinting="true" allowupdating="false" allowaccessdevices="true" />
    </security>
    <pagesetup papersize="LETTER" orientation="1" measurement="in" margintop="1.0" marginbottom="1.0" marginleft="1.0" marginright="1.0" />
    </pdf>
    <display id="null" type="" style="Table" enable="true">
    <name><![CDATA[get tracefile]]></name>
    <description><![CDATA[access the specific tracefile ]]></description>
    <tooltip><![CDATA[Specific tracefile from list above ]]></tooltip>
    <drillclass><![CDATA[null]]></drillclass>
    <CustomValues>
    <TYPE>horizontal</TYPE>
    </CustomValues>
    <query>
    <sql><![CDATA[select mrtrace_bx.get_bfile(:TRACE_NAME, :TRACE_PATH) as " Tracefile "
    from dual]]></sql>
    <binds>
    <bind id="TRACE_NAME">
    <prompt><![CDATA[TRACE_NAME]]></prompt>
    <tooltip><![CDATA[TRACE_NAME]]></tooltip>
    <value><![CDATA[NULL_VALUE]]></value>
    <bracket><![CDATA[null]]></bracket>
    </bind>
    <bind id="TRACE_PATH">
    <prompt><![CDATA[TRACE_PATH]]></prompt>
    <tooltip><![CDATA[TRACE_PATH]]></tooltip>
    <value><![CDATA[NULL_VALUE]]></value>
    <bracket><![CDATA[null]]></bracket>
    </bind>
    </binds>
    </query>
    <pdf version="VERSION_1_7" compression="CONTENT">
    <docproperty title="-" author="-" subject="-" keywords="-" />
    <cell toppadding="2" bottompadding="2" leftpadding="2" rightpadding="2" horizontalalign="LEFT" verticalalign="TOP" wrap="true" />
    <column>
    <heading font="null" size="10" style="NORMAL" color="-16777216" rowshading="-1" labeling="FIRST_PAGE" />
    <footing font="null" size="10" style="NORMAL" color="-16777216" rowshading="-1" labeling="NONE" />
    <blob blob="EMBED" zip="false" />
    </column>
    <table font="null" size="10" style="NORMAL" color="-16777216" userowshading="false" oddrowshading="-1" evenrowshading="-1" showborders="true" spacingbefore="12" spacingafter="12" horizontalalign="LEFT" />
    <header enable="false" generatedate="false">
    <data>

    null </data>
    </header>
    <footer enable="false" generatedate="false">
    <data value="null" />
    </footer>
    <security enable="false" useopenpassword="false" openpassword="null" encryption="EXCLUDE_METADATA">
    <permission enable="false" permissionpassword="null" allowcopying="true" allowprinting="true" allowupdating="false" allowaccessdevices="false" />
    </security>
    <pagesetup papersize="LETTER" orientation="1" measurement="in" margintop="1.0" marginbottom="1.0" marginleft="1.0" marginright="1.0" />
    </pdf>
    </display>
    </display>
    </displays>


    If you see any issues with these script and report please tell me, I only had limited possibilities to test them.
              Advocates from five nations demand their governments respect strong encryption   

    Organisations and individuals from Australia, Canada, New Zealand, the UK and the USA sent letters to their respective governments insisting that they defend strong encryption

    The post Advocates from five nations demand their governments respect strong encryption appeared first on Index on Censorship.


              Michael Moore Launches TrumpiLeaks   

    Written by Elizabeth Willoughby

    Convinced that, if not already then imminently, Donald Trump will violate the American constitution, obstruct justice, lie to Americans and/or encourage and support acts of violence (such things that could land an ordinary person in jail), activist and documentary producer Michael Moore wants the American president to know that he in fact is not above the law.

    “He acts like he’s above the law. He’s stated that he’s above the law. And by firing Sally Yates, Preet Bharara and James Comey (3 federal officials with some authority to hold him accountable) he’s taken the first few steps to make it official,” said Moore in early June.

    Moore fears the damage to the world that would be caused if Trump were to remain in the White House for two terms – until January 20, 2025. His four-part strategy to confront Trump is, “1) Mass citizen action; 2) Run candidates who can win; 3) Tie him up with court orders and injunctions; and, my personal favorite – 4) Form an Army of Satirists with the belief that we can bring him down with humor, comedy and ridicule – simply because his awfully thin skin just can’t take it.”

    Item 4 for Moore begins with his own 12-week Broadway show, which will begin at the end of July. But, while such examples as Karen Silkwood, who fought for nuclear safety, Sherron Watkins, who exposed Enron’s accounting tricks, Jeffrey Wigand, who was integral in regulating tobacco companies, and more recently Chelsea Manning and Edward Snowden, Moore sees the need for avenues to enable would-be whistleblowers within and outside of the Trump administration.

    To this end, Moore has created a page on his website called TrumpiLeaks, which offers ways to privately communicate with Moore and his team using high-powered encryption technology.

    “I know this is risky,” says Moore, “I know we may get in trouble. But too much is at stake to play it safe. And along with the Founding Fathers, I’ve got your back.”

    From: http://www.looktothestars.org/news/16822-michael-moore-launches-trumpileaks

    Related past articles

    Feature your company alongside thousands of celebrities, charities & causes →


    Copyright © 2017 Look To The Stars. This article may not be reproduced without explicit written permission; if you are not reading this via email or in your news reader, the site you are viewing is illegally infringing our copyright, and we would be grateful if you would contact us.


              An encryption system that hides your travel data from Uber   
    Our protocol was designed to make it impossible to track the passengers’ and the drivers’ movements. ©iStock Click for a full size image   An encryption system that hides your travel data from Uber 30.06.17 – Researchers from EPFL and UNIL have developed an encryption protocol that can put drivers in touch with passengers while ...
              Report: Trump Commission Demanding Voter Data Over Unprotected Email   





    A vast trove of Americans’ private information included on state voter rolls is being demanded in Donald Trump’s investigation into his unsubstantiated claims of voter fraud over an email system lacking basic security protocols, Gizmodo reports.


    The voter rolls include names, addresses, birthdays, partial Social Security numbers, and in some cases even driver’s license numbers, among other information, that could be used by hackers for identity theft. Yet the email system intended to traffic the information lacks minimal encryption protections, according to Gizmodo.


    The commission convened by Trump to investigate his unfounded charges of voter fraud sent letters to election officials on Wednesday demanding all voter roll data. Several states have already denied the request or access to certain information as illegal, overly intrusive or simply an expensive waste of time. 


    Mississippi’s Republican Secretary of State Delbert Hosemann said commission members could “go jump in the Gulf of Mexico.” 


    California Secretary of State Alex Padilla said in a statement that it’s a “waste of taxpayer money” and that he will “not provide sensitive voter information to a commission that has already inaccurately passed judgment that millions of Californians voted illegally.”


    California’s “participation would only serve to legitimize the false and already debunked claims of massive voter fraud made by the president, the vice president,” and Kris Kobach, the Kansas secretary of state and vice chair of the Presidential Advisory Commission on Election Integrity.  Kobach has a history of exaggerating voter fraud and pressing laws that have disenfranchised Kansas voters.






    While critics charge the move is an attempt at voter suppression or intimidation by the Trump White House, the manner of data collection could also open voters wide to hacking operations that could be devastating to millions.


    A data firm that worked on Trump’s 2016 campaign recently inadvertently exposed nearly 200 million voter records online.


    Trump is unlikely to astutely take charge of protecting voters’ online security. His understanding of the issue is rudimentary. After he was elected he told reporters that internet security was all but impossible and said the best way to keep communications safe was to deliver information by hand via courier.


    “It’s very important, if you have something really important, write it out and have it delivered by courier, the old-fashioned way, because I’ll tell you what, no computer is safe,″ Trump said in response to questions about Russian hacking of Democrats’ email during the campaign.


    The letter from the commission asks that the information be submitted to  “ElectionIntegrityStaff@ovp.eop.gov,” which doesn’t use basic security protocols, Gizmodo reports, including use of STARTTLS, which encrypts email in transit. STARTTLS is the “minimum security precaution” for information such as the voter data, the activist nonprofit Electronic Frontier Foundation told Gizmodo.


    The letter also offers an alternative more secure address at SAFE site https://safe.amrdec.army.mi/safe/Welcome.aspx, but it doesn’t explain the difference or why it might be critical to choose that option and not the first option.


    Rick Hasen, an election law expert at the University of California, Irvine, also complained to The Kansas City Star that Kobach’s letter demanding information failed to detail what safeguards would protect sensitive data.


    “If Barack Obama tried to get all of this information from state election officials it would be front-page news on Fox News for months and would prompt a congressional investigation of federal takeover of state election processes,” Hasen said.



    Trump has claimed repeatedly, without evidence, that millions of people voted illegally in the 2016 election, even though he won the election. Voter fraud is not a widespread problem in the nation, according to several studies.



     

     


    type=type=RelatedArticlesblockTitle=Related.Coverage + articlesList=59555bbee4b0da2c732230c2,5915e3cce4b0031e737d5d9c,5956af0fe4b0da2c7323806e,59569aa9e4b05c37bb7e2f9d

    -- This feed and its contents are the property of The Huffington Post, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.


              OSCI Transport Library 1.6 OSCI-Transport Messages Padding weak encryption   

    Podatność została odkryta w OSCI Transport Library 1.6. Podatnością dotknięta jest nieznana funkcja w komponencie OSCI-Transport. Dzięki manipulowaniu jako częścią Messages można doprowadzić do wystąpienia podatności słabe szyfrowanie. Ma to wpływ na poufność, spójność i dostępność.

    Informacja o podatności została podana do publicznej wiadomości w dniu 2017-06-30. Podatność ta została oznaczona identyfikatorem CVE-2017-10668. Wykorzystanie luki jest uważane za trudne. Ani szczegóły techniczne nie są znane, ani exploit nie jest dostępny.

    Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

    CVSSv3

    VulDB Base Score: ≈4.6
    VulDB Temp Score: ≈4.6
    VulDB Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
    VulDB Niezawodność: Niski

    CVSSv2

    VulDB Base Score: ≈3.5 (CVSS2#AV:A/AC:H/Au:S/C:P/I:P/A:P)
    VulDB Temp Score: ≈3.5 (CVSS2#E:ND/RL:ND/RC:ND)
    VulDB Niezawodność: Medium

    CPE

    Exploit

    Klasa: Słabe szyfrowanie / Padding (CWE-311)
    Lokalny: Tak
    Zdalny: Nie

    Dostępność: Nie

    Price Prediction: steady
    Aktualny szacunek cena: $0-$5k (0-day) / $0-$5k (Dzisiaj)

    Przeciwdziałanie

    Zalecane: wiadomo nie ograniczanie
    0-Day Time: 0 dni od znalezienia

    Oś czasu

    2017-06-28 CVE przypisany
    2017-06-30 Raport opublikowany
    2017-06-30 Wpis VulDB utworzony
    2017-06-30 Wpis VulDB zaktualizowany

    Źródła


    CVE: CVE-2017-10668 (mitre.org) (nvd.nist.org) (cvedetails.com)
    Zobacz także: 102971, 102972

    Wpis

    Stworzono: 2017-06-30
    Wpis: 67.6%  

              General Electric Multilin Protection Relay Random Generator weak encryption   

    W General Electric Multilin Protection Relay została stwierdzona podatność. Dotknięta jest nieznana funkcja w komponencie Random Generator. Dzięki manipulowaniu przy użyciu nieznanych danych wejściowych można doprowadzić do wystąpienia podatności słabe szyfrowanie. Ma to wpływ na poufność, spójność i dostępność.

    Informacja o podatności została opublikowana w dniu upubliczniona 2017-06-30. Identyfikatorem tej podatności jest CVE-2017-7905. Eksploitacja nie wymaga żadnej formy uwierzytelnienia. Ani szczegóły techniczne, ani exploit nie są publicznie dostępne.

    Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

    CVSSv3

    VulDB Base Score: 6.3
    VulDB Temp Score: 6.3
    VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
    VulDB Niezawodność: Niski

    CVSSv2

    VulDB Base Score: 4.4 (CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P)
    VulDB Temp Score: 4.4 (CVSS2#E:ND/RL:ND/RC:ND)
    VulDB Niezawodność: Medium

    CPE

    Exploit

    Klasa: Słabe szyfrowanie (CWE-311)
    Lokalny: Tak
    Zdalny: Nie

    Dostępność: Nie

    Price Prediction: steady
    Aktualny szacunek cena: $0-$5k (0-day) / $0-$5k (Dzisiaj)

    Przeciwdziałanie

    Zalecane: wiadomo nie ograniczanie
    0-Day Time: 0 dni od znalezienia

    Oś czasu

    2017-04-18 CVE przypisany
    2017-06-30 Raport opublikowany
    2017-06-30 Wpis VulDB utworzony
    2017-06-30 Wpis VulDB zaktualizowany

    Źródła


    CVE: CVE-2017-7905 (mitre.org) (nvd.nist.org) (cvedetails.com)

    Wpis

    Stworzono: 2017-06-30
    Aktualizacje: 2017-06-30
    Wpis: 68%  

              Sierra Wireless AirLink Raven XE/AirLink Raven XT do 4.0 weak encryption   

    Odkryto lukę w Sierra Wireless AirLink Raven XE i AirLink Raven XT do 4.0. Problemem dotknięta jest nieznana funkcja. Poprzez manipulację przy użyciu nieznanych danych wejściowych można doprowadzić do wystąpienia podatności słabe szyfrowanie. Wpływa to na poufność.

    Informacja o podatności została opublikowana w dniu 2017-06-30. Podatność ta jest zwana CVE-2017-6046. Eksploitacja luki jest uważana za trudną. Atak może zostać przeprowadzony zdalnie. Nie potrzeba żadnej formy uwierzytelnienia w celu eksploitacji. Ani szczegóły techniczne nie są znane, ani exploit nie jest publicznie dostępny.

    Aktualizacja eliminuje tę podatność.

    CVSSv3

    VulDB Base Score: 3.7
    VulDB Temp Score: 3.6
    VulDB Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:X
    VulDB Niezawodność: Wysoki

    CVSSv2

    VulDB Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
    VulDB Temp Score: 2.3 (CVSS2#E:ND/RL:OF/RC:ND)
    VulDB Niezawodność: Wysoki

    CPE

    Exploit

    Klasa: Słabe szyfrowanie (CWE-311)
    Lokalny: Nie
    Zdalny: Tak

    Dostępność: Nie

    Price Prediction: steady
    Aktualny szacunek cena: $0-$5k (0-day) / $0-$5k (Dzisiaj)

    Przeciwdziałanie

    Zalecane: Upgrade
    Status: Oficjalna poprawka
    0-Day Time: 0 dni od znalezienia

    Oś czasu

    2017-02-16 CVE przypisany
    2017-06-30 Raport opublikowany
    2017-06-30 Wpis VulDB utworzony
    2017-06-30 Wpis VulDB zaktualizowany

    Źródła


    CVE: CVE-2017-6046 (mitre.org) (nvd.nist.org) (cvedetails.com)
    Zobacz także: 102951, 102952

    Wpis

    Stworzono: 2017-06-30
    Aktualizacje: 2017-06-30
    Wpis: 70.4%  

              Schneider Electric Modicon M241/Modicon M251 Authentication password Base64 weak encryption   

    Odkryto lukę w Schneider Electric Modicon M241 i Modicon M251. Podatnością dotknięta jest nieznana funkcja w komponencie Authentication. Poprzez manipulowanie argumentem password przy użyciu nieznanych danych wejściowych można doprowadzić do wystąpienia podatności słabe szyfrowanie. Wpływa to na poufność.

    Informacja o podatności została podana do publicznej wiadomości w dniu 2017-06-30. Podatność ta jest zwana CVE-2017-6028. Dostęp do sieci lokalnej jest wymagany do przeprowadzenia ataku. Do eksploitacji nie potrzeba żadnej formy uwierzytelnienia. Szczegóły techniczne są znane, ale exploit nie jest dostępny.

    Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

    CVSSv3

    VulDB Base Score: 4.3
    VulDB Temp Score: 4.3
    VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
    VulDB Niezawodność: Wysoki

    CVSSv2

    VulDB Base Score: 2.9 (CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N)
    VulDB Temp Score: 2.9 (CVSS2#E:ND/RL:ND/RC:ND)
    VulDB Niezawodność: Wysoki

    CPE

    Exploit

    Klasa: Słabe szyfrowanie / Base64 (CWE-311)
    Lokalny: Nie
    Zdalny: Częściowo

    Dostępność: Nie

    Price Prediction: steady
    Aktualny szacunek cena: $0-$5k (0-day) / $0-$5k (Dzisiaj)

    Przeciwdziałanie

    Zalecane: wiadomo nie ograniczanie
    0-Day Time: 0 dni od znalezienia

    Oś czasu

    2017-02-16 CVE przypisany
    2017-06-30 Raport opublikowany
    2017-06-30 Wpis VulDB utworzony
    2017-06-30 Wpis VulDB zaktualizowany

    Źródła


    CVE: CVE-2017-6028 (mitre.org) (nvd.nist.org) (cvedetails.com)
    Zobacz także: 102942

    Wpis

    Stworzono: 2017-06-30
    Wpis: 70.4%  

              We Resist: Day 162   
    a black bar with the word RESIST in white text

    One of the difficulties in resisting the Trump administration, the Republican Congressional majority, and Republican state legislatures is keeping on top of the sheer number of horrors, indignities, and normalization of the aggressively abnormal that they unleash every single day.

    So here is a daily thread for all of us to share all the things that are going on, thus crowdsourcing a daily compendium of the onslaught of conservative erosion of our rights and our very democracy.

    Stay engaged. Stay vigilant. Resist.

    * * *

    Here are some things in the news today:

    Earlier today by me: Mika Brzezinski and Joe Scarborough Disclose That Donald Trump Has Been Trying to Blackmail Them and Our Democracy Is at Grave Risk.

    REMINDER: KEEP CALLING YOUR SENATORS TO TELL THEM TO VOTE NO ON TRUMPCARE.

    This morning, Donald Trump, evidently frustrated with his party's inability to pass comprehensive healthcare legislation in the tiny window of his short attention span, tweeted this shit:


    At Politico, Jennifer Haberkorn reports: "Repealing the health law without a replacement would kick about 18 million Americans off of health coverage in the first year — and reach 26 million a few years later, according to a CBO analysis of a 2015 bill to repeal the health law without a replacement."

    As part of his morning tweetshitz, he also dropped this turd:


    Well, it turns out he was just taking credit for a task force that "will include Chicago police officers, federal agents, Illinois state troopers, 'intelligence analysts,' and state and federal prosecutors. ...Police Superintendent Eddie Johnson said in the press release that the task force 'will significantly help our police officers stem the flow of illegal guns and create a culture of accountability for the small subset of individuals and gangs who disproportionately drive violence in our city.'"

    You know, if Trump actually cared about the gun violence in Chicago, he could take a look at the gun laws in Indiana, the state his veep Mike Pence used to run, since: "According to the FBI, roughly 60% of guns used in crimes in Illinois were from out of state. The overwhelming number of those guns flow into Illinois from states that have much less restrictive gun laws. Most of those out of state guns came from Indiana."

    * * *

    Mike Allen and Jonathan Swan at Axios: Trump Overrules Cabinet, Plots Global Trade War. "With the political world distracted by [Donald] Trump's media wars, one of the most consequential and contentious internal debates of his presidency unfolded during a tense meeting Monday in the Roosevelt Room of the White House, administration sources tell Axios. The outcome, with a potentially profound effect on U.S. economic and foreign policy, will be decided in coming days. With more than 20 top officials present, including Trump and Vice President Pence, the president and a small band of America First advisers made it clear they're hell-bent on imposing tariffs — potentially in the 20% range — on steel, and likely other imports. ...One official estimated the sentiment in the room as 22 against and 3 in favor — but since one of the three is named Donald Trump, it was case closed. No decision has been made, but the President is leaning towards imposing tariffs, despite opposition from nearly all his Cabinet." Holy shit.

    I can't put this any more plainly: Trump is literally contemplating destroying the U.S. economy and fucking over our major trading partners and national security allies in order to please his base with a talking point so they'll keep showing up at his Make America Clap Again rallies.

    He will ruin countless lives in pursuit of adoration from know-nothings (who would themselves be devastated by this decision) because of his insatiable ego.

    Fuhhhhhhhhhhhhhhhhhhhhhhhhhhhhhk.

    Kimberly Dozier at the Daily Beast: Spies Fear Trump's First Meeting with Putin. "Moscow believes its leader, ex-spy master Vladimir Putin, can extract major concessions from [Donald] Trump when the two meet for the first time next week, European officials tell The Daily Beast. The officials say their intelligence indicates Putin thinks he can outmaneuver Trump at the G-20 summit, playing on promises of cooperation on areas like counter-terrorism to win concessions like a reduction in the raft of sanctions against Russia. ...Their misgivings highlight concern that Trump's inexperience and Putin's ability to flatter will slowly degrade the U.S. alliance with Europe over time, and boost Moscow back to near-superpower status while extracting no changes to its aggressive, expansionist behavior." Everything is fine. *gulp*

    Joel Schectman, Dustin Volz, and Jack Stubbs at Reuters: Despite Hacking Charges, U.S. Tech Industry Fought to Keep Ties to Russia Spy Service. "New U.S. sanctions put in place by former President Barack Obama last December — part of a broad suite of actions taken in response to Russia's alleged meddling in the 2016 presidential election — had made it a crime for American companies to have any business relationship with the FSB, or Federal Security Service. ...Under a little-understood arrangement, the FSB doubles as a regulator charged with approving the import to Russia of almost all technology that contains encryption... Worried about the sales impact, business industry groups...contacted U.S. officials at the American embassy in Moscow and the Treasury, State, and Commerce departments... The sanctions would have meant the Russian market was 'dead for U.S. electronics' said Alexis Rodzianko, president of the American Chamber of Commerce in Russia, who argued against the new restrictions. 'Every second Russian has an iPhone, iPad, so they would all switch to Samsungs,' he said." Oh.

    AP: Donald Trump Threatened with Subpoena over Comey 'Tapes'. "Bipartisan leaders on the House intelligence committee are threatening a subpoena if the White House does not clarify whether any recordings, memoranda, or other documents exist of Donald Trump's meetings with fired FBI director James Comey. ...In a 23 June letter, the White House responded to the committee request by referring to Trump's tweets. ...A letter Thursday from Republican congressman Mike Conaway of Texas, who is leading the Russia investigation, and Democratic congressman Adam Schiff of California says Trump's Twitter statement 'stops short of clarifying' whether the White House has any tapes or documents. Conaway and Schiff said in a statement that the letter makes clear that should the White House not respond fully, 'the committee will consider using compulsory process to ensure a satisfactory response.'" Damn.

    [Content Note: Misogyny] Tara Palmeri at Politico: White House Council for Women and Girls Goes Dark Under Trump. "When President George W. Bush took office, he quickly and quietly disbanded President Bill Clinton's Office for Women's Initiatives and Outreach — and now President Donald Trump appears to be doing the same thing to President Barack Obama's White House Council on Women and Girls. The council, created by Obama in 2009 to monitor the impact of policy changes and liaise with women's groups has been defunct while the Trump administration evaluates whether to keep it, according to three senior White House officials. 'We want the input of the various agencies to understand the assets they have so that we make this office additive, not redundant,' said White House spokeswoman Hope Hicks." FUCK YOU.

    [CN: Trans hatred] J. Lester Feder at BuzzFeed: Trump Administration Appoints Anti-Transgender Activist to Gender Equality Post. "The Trump administration has appointed an activist who led a campaign to restrict bathroom access for transgender students to the office of Gender Equality and Women's Empowerment in the US Agency for International Development. Bethany Kozma's title is senior adviser for women's empowerment, according to an agency spokesperson. ...In 2016, she launched a campaign to oppose the Obama administration's guidance to public schools that said transgender students have the right to use facilities matching their gender identity; the guidance was withdrawn by the Trump administration in February." Goddammit I hate this administration.

    Emily Holden at E&E News: Pruitt Will Launch Program to 'Critique' Climate Science. "U.S. EPA Administrator Scott Pruitt is leading a formal initiative to challenge mainstream climate science using a 'back-and-forth critique' by government-recruited experts, according to a senior administration official. The program will use 'red team, blue team' exercises to conduct an 'at-length evaluation of U.S. climate science,' the official said, referring to a concept developed by the military to identify vulnerabilities in field operations. ...The disclosure follows the administration's suggestions over several days that it supports reviewing climate science outside the normal peer-review process used by scientists. This is the first time agency officials acknowledged that Pruitt has begun that process. The source said Energy Secretary Rick Perry also favors the review." What. The. Fuck.

    Oliver Milman at the Guardian: Trump Called 'Threat to Every Coastline' as He Pushes Ocean Drilling Plan. "Environmentalists have condemned Donald Trump as a 'threat to every ocean and coastline in the country,' after the president pushed forward plans to expand oil and gas drilling in the Arctic and Atlantic oceans as part of what he called a new era of 'American energy dominance.' The Trump administration has taken the first steps to rewrite a five-year plan, put in place under Barack Obama, that banned drilling along the Atlantic seaboard and in large swaths of the Arctic. The interior department is opening a 45-day public comment period for a new plan that it says will help grow the economy." Oh.

    [CN: Islamophobia] Kenrya Rankin at Colorlines: Who Will Be Allowed into the U.S. Now That the 'Muslim Ban' Is in Effect? "Per the New York Times, the Trump Administration defines acceptable foreign nationals as those with the following family members in the United States: 'a parent (including parent-in-law), spouse, child, adult son or daughter, son-in-law, daughter-in-law, sibling, whether whole or half. This includes step relationships.' According to the guidelines, if refugees and visitors from the banned countries can demonstrate one of these relationships, they will be admitted. The guidelines do not allow for the entry of 'grandparents, grandchildren, aunts, uncles, nieces, nephews, cousins, brothers-in-laws and sisters-in-law, fiancés and any other 'extended' family members.'" Awful.

    Jeva Lange at the Week: Leaked Audio from Trump's Re-election Fundraiser Catches the President Threatening to Sue CNN. "'It's a shame what they've done to the name CNN, that I can tell you,' Trump told the crowd. 'But as far as I'm concerned, I love it. If anybody's a lawyer in the house and thinks I have a good lawsuit — I feel like we do. Wouldn't that be fun?' ...Trump also slammed CNN's staff as being 'horrible human beings' and gloated, 'Boy, did CNN get killed over the last few days,' a reference to three reporters resigning over a story that did not meet CNN's editorial standards." Fucking hell. The only thing on which this guy can sustain focus is his vendettas.

    What have you been reading that we need to resist today?
              MobileLAN™ Access WA22    
    MobileLAN™ Access WA22 dual radio access point accommodates radios operating on both 802.11a and 802.11b RF bands. This enterprise class is equipped with advanced encryption and authentication capabilities that secure the wireless network while enabling faster roaming and enhanced mobility. Additional features include fiber optic network connectivity, 10/100 compatibility, integrated Power-over-Ethernet and support for VoIP.
              IT Services Specialist II - Electronic Arts - Redwood City, CA   
    MS Offce Suite, MS Visual Studio, Skype for Business, Oracle, OKTA, Adobe Suite, Cisco VPN, Virtual Machines, Data Encryption, Python, Tableau, Slack, Box, Maya...
    From Electronic Arts - Tue, 13 Jun 2017 05:11:07 GMT - View all Redwood City, CA jobs
              Bletchley Park gets US cash injection   
    There's always been a bit of confusion between the UK and the US over who contributed most to the invention of the electronic programmable computer. It is heart-warming, however, to see some leading lights in US computing recognise the achievements of Alan Turing and his fellow WWII code breakers that were long kept classified.

    Data encryption company PGP Corporation and PC-inventor IBM donated $100,000 to help maintain Bletchley Park, where Turing and colleagues worked. To what should be the UK government's shame, the place risks falling into ruin. I visited today as PGP and IBM tried to encourage others to add to their donation. If you want to do so, visit this website.

    Bletchley Park says it needs some £10 million for the upkeep of the crumbling huts - where Alan Turing and others kickstarted computing as they tried to crack Nazi codes - and the manor house nearby. A further £7 million is needed for a museum to house Europe's largest collection of fully functional computers.

    The most famous computers from Bletchley Park are Colossus, the world’s first programmable electronic computer, which was used to decode Nazi teleprinter traffic on the fly, while the Bombes - giant electromechanical calculators - revealed the rotor settings from various types of Enigma machines.

    But because this top secret work stayed classified for so long after the war, a US computer, EDVAC stole some of Bletchley Park's deserved thunder, PGP's chief technical officer Jon Callas and president Phil Dunkelberger told me. Only in the late 70s did the achievements of the British machines begin to be recognised, by which time the early history of computing was already written.

    It wasn't until the 1970s and early 1980s that computer scientists began to hear whispers of the existence of a super fast machine in England that predated post-war American computers," says Callas. "When the details eventually came out about Colossus we couldn’t quite believe how fast it had been at its one task: breaking ciphers.”

    "As the acknowledged birthplace of modern computing, Bletchley Park is responsible for laying the foundation for many of today's technology innovations," said Dunkelberger.

    "We have had a great response to the campaign so far, but more is definitely needed to preserve this British – and international – icon," says Bletchley spokesman Jon Fell. He told me that he hopes the UK National Lottery and the US Sidney E Frank Foundation will soon pledge money too.

    Paul Marks, technology correspondent
              Security Leftovers: Security Updates, Systemd, Sonatype, and Petya Ransomware   

              Mossad sets up fund to acquire new spy techniques   
    Israel's Mossad intelligence agency has set up an investment fund to help development of new cloak−and−dagger know−how and is offering grants of up to 2m shekels (USD 570,000) per project to bring in new ideas. A government statement said Mossad was seeking technologies in various fields, including robotics, miniaturisation and encryption as well as new automated methods of gleaning information from documents and new ways of carrying out operations more stealthily. A statement by the new fund, called Libertad, said it would be willing to give grants in exchange for non−exclusive rights to the technology. Developers would retain the rights to their product and could sell it on, it said. Mossad's undertaking is not new. In 1999, the CIA established IQT, a non−profit investment fund aimed at accelerating the development and delivery of new technologies to US government intelligence bodies. Israel has over 450 cyber−security firms. In 2016, 78 start−ups raised more than USD 660m from investors, according to the Israel Venture Capital Research Centre. Its advanced defence industry, led by Elbit, Israel Aerospace Industries, Israel Military Industries and Rafael, accounts for about 14% of the country's exports.
              VeraCrypt 1.20: 64-bit optimization, new home   

    VeraCrypt 1.20 featuring 64-bit optimization, support for Secure Desktop for password entry on Windows, and more, was released on June 29, 2017. The encryption software was one of the programs that came to life after the developers of the open source encryption software TrueCrypt stopped development under mysterious circumstances. VeraCrypt is based on TrueCrypt source code, […]

    Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

    The post VeraCrypt 1.20: 64-bit optimization, new home appeared first on gHacks Technology News.


              Safe Connect VPN WiFi Privacy   
    Safe Connect VPN WiFi Privacy

    McAfee LLC

    Productivity

    VERSION/BUILD:
    1.2.0
    UPDATED:
    29 June 2017
    REQUIRES ANDROID:
    4.0.3 and up and up
    FILE SIZE:
    7.21 M
    McAfee Safe Connect VPN Proxy gives you bank-grade encryption to help keep all your online activities, sites visited, and personally identifiable information private and secure – even on public Wi-Fi or any open networks.

    Save 40% on monthly PREMIUM subscription (limited time offer) – Enjoy an unlimited, simple, and private Internet access for your Android, iOS, and PC.
    Act now to upgrade to Premium, or continue with basic protection, which is lifetime for free.

    With McAfee Safe Connect, your network connection is encrypted from your device. Safe Connect will hide your IP address and let you browse online anonymously so that your physical location & information you transmit are secure. Hackers and cyber criminals won’t be able to easily see what you are doing online or capture your sensitive information (e.g. photos, credit card info and passwords).

    When to use McAfee Safe Connect? <\b>

    We suggest you keep McAfee Safe Connect turned ON to minimize your individual online security risks and to help keep your data private from prying eyes, especially when you are connecting to a public Wi-Fi hotspot or any open network. Unlike home WiFi networks, the vast majority of public WiFi hotspots offered at Cafés, Airports, and Hotels usually aren’t password-protected and don't encrypt the data being transmitted. Therefore, when you connect to a hotspot, your online activities from your social media content to bank account credentials to your online purchase history may be wide open to hackers.

    Safeguard your online privacy. Download McAfee Safe Connect VPN NOW to:
    • Keep sensitive info like passwords and credit cards private
    • Browse anonymously so you can’t be tracked online

    FEATURES

    Wi-Fi SECURITY: Bank-grade encryption keeps your sensitive info private when you use Wi-Fi hotspots and open networks.
    PRIVATE AND ANONYMOUS: Surf the web privately and anonymously without leaving a trace.
    UNLIMITED (Paid users only): Enjoy unlimited data protection for up to 5 Android, iOS, and PC devices simultaneously.
    VIRTUAL LOCATIONS (Paid users only): Access your favorite online content from anywhere.
    EASY: Protect yourself with a single tap.
    FREE: Keep using the app free for up to 250MB per month.
    NO ADS: Because no one likes being interrupted by ads.

    BENEFITS

    • McAfee Safe Connect creates a secure VPN network for you to help ensure your online activities, visited sites, and sensitive information stay private and secured -- even on public Wi-Fi and unsecured networks.
    • Your online activities are encrypted to help prevent attacks by potential hacker or data thieves.
    • Access your favorite online content from anywhere, as if you were sitting in your living room.

    HOW DOES IT WORK?

    McAfee Safe Connect uses a VPN, or virtual private network, to create a secure network connection. All traffic — data, voice, and video — is encrypted and goes through a secure virtual tunnel between your device and our servers. This keeps your info private and your browsing safe. And don’t worry, we don’t look at or log any info you send or receive.

    SUBSCRIPTION INFO

    Begin your 7-day free trial followed by a monthly subscription for $6.99/month Save 40% - Limited Time Offer.
    McAfee Safe Connect Premium comes with:
    • Unlimited data protection for up to 5 devices simultaneously (iOS, Android, and PC)
    • Several virtual server locations
    • Free 24/7 support

    Need to cancel your monthly subscription?
    Go to payments.google.com to find out how.

    Got questions or feedback? You can reach us at Mobile_Support@McAfee.com
    We look forward to hearing from you.



    Google Play Rating


    3.8
     327 total
     
    5179
    446
    333
    28
    161

    App Screenshots









    What's New
      Interested in McAfee Safe Connect? We release updates regularly to make the app better for you. This release includes:
      - Bug fixes
      - Save 40% on monthly premium subscription (Limited time).
      Enjoy an unlimited, simple, and private Internet access — everywhere you go.
      If you have any feedback or suggestion, please email us at Mobile_Support@McAfee.com.
      Please leave us a review and rate us 5 stars!! (5 Stars = Good)

    Download & Instructions


              CRM On-Premises Data Encryption Error–Disable for Testing   
      I had encountered the following error while trying to update a CRM User’s Business Unit in a Dynamics CRM 2015 On-Premises TEST environment – it prevented me from making any updates to a CRM user: Data Encryption error – … Continue reading
              Dual Band 300Mbps Wireless N WiFi Range Extender Repeater Travel AP Router   
    Dual Band 300Mbps Wireless N WiFi Range Extender Repeater Travel AP Router

    The Wireless a/n Dual Band Repeater, supports 2.4GHz and 5GHz WiFi signal, is a combined wired / wireless network connection device designed specifically for small business, office, and home office networking requirements. It complies with the IEEE 802.11 a/n standard. It adopts MIMO as well as SST technologies. It also works well with other 11b/g/n and 11 a protocol wireless products. Creat instant WiFi hotspots at any location where you have Internet connection.

    Features:

    • Complies with IEEE 802.11a/b/g/n standards
    • Imported Broadcom chipset for optimal wireless signal solution
    • Dual band 2.4GHz 5GHz transmission frequency
    • Supports router, repeater modes
    • Supports two RJ45 ports for wired connection
    • Supports PPPOE / DHCP / Static IP router WAN uplink way in the router mode
    • QoS function assures the quality of VolP and multimedia streaming
    • Wireless a/n speed up to 300Mbps and backward compatible with 802.11b/g/n products
    • Compact and portable, ideal for home or travel use
    • Supports WEP, WPA-SPK, WPA2-SPK, Mixed WPA / WPA2-PSK of personal and enterprise encryption standards
    • Supports WPS quick link function
    • Supports AC input, 100~240V AC Input
    ...
    Your Price: $39.99 
              wxSQLite3 3.1.0 released   

    The new version 3.1.0 of wxSQLite3 - a thin wrapper for the SQLite database for wxWidgets applications - supports the current version 3.8.4.3 of SQLite. This version is compatible with wxWidgets 2.8.12 and wxWidgets 3.0.0.

    Recent changes

    Added flag isDeterministic to method wxSQLite3Database::CreateFunction
    Added new GUI sample
    Changed implementation of the SQLite3 encryption extension

    New GUI sample

    The new GUI sample application demonstrates the use of
    - SQLite in a wxWidgets based GUI application
    - Persisting a tree structure in a SQLite database
    - Drag and drop of folders within a treeview
    - Move or copy of project references via drag & drop

    Changed SQLite3 encryption extension

    Starting with this release of wxSQLite3 the code of the encryption extension has been adjusted to fix a potential problem with creating unusable encrypted databases.

    Chances were low that users of the prior versions of the encryption extension experienced problems, namely at most 1 out of 8192 cases (that is less than 2 %). However, it was decided to eliminate this flaw.

    From now on bytes 16 to 23 of the database header are saved to file unencrypted (as for the proprietary SQLite Extensions SEE (SQLite Encryption Extension) offered by the creators of SQLite). This is important, because these bytes are read and interpreted by the SQLite code before any encryption extension gets the chance to decrypt the database header.

    The good news for users of prior versions of the wxSQLite3 encryption extension is that the new version transparently converts existing encrypted databases to the new format. However, this is a one-way process, that is, once converted a database file can't be handled anymore by prior versions of the encryption extension. Instead one will get the error message "not a database file or encrypted".

    See: http://sourceforge.net/projects/wxcode


              wxSQLite3 3.0.6 released   

    The new version 3.0.6 of wxSQLite3 - a thin wrapper for the SQLite database for wxWidgets applications - supports the current version 3.8.2 of SQLite. This version is compatible with wxWidgets 2.8.12 and wxWidgets 3.0.0.

    Recent changes:
    Added build support for wxWidgets 3.0
    Adjusted encryption extension to support SQLite3 encryption API v2

    See: http://sourceforge.net/projects/wxcode


              VMworld 2016: vSphere Encryption Deep Dive   


    Advertise here with BSA

    External Threats Nation states, profit motive, highly skilled, social engineering Internal Threats Snowden. Admins who abuse privileges Physical access to data VMware’s Vision for security – Secure Access, Secure Infrastructure, Secure Data VM Encryption Preview Encryption managed via storage policies – Encryption done in ESXi kernel, uses AES-NI, and uses XTS-AES-256. No modification within the […]

    The post VMworld 2016: vSphere Encryption Deep Dive appeared first on Derek Seaman's Blog.

               

              Calls for strong encryption in 'Five Eyes' countries   
    More than 80 different organisations and individuals from 'Five Eyes' countries are calling for strong encryption in order to protect online privacy and security.
              Comment on Velominati Super Prestige: Men’s World Championship Road Race 2016 by web.enerjiuzmanlari.org.tr   
    For the last 6 years now we have offered medical marijuana evaluations to patients in Sacramento and Santa Cruz. All information presently contained on the Medical playing cards will likely be discovered on each systems. Kenyon, who operates medical marijuana practices in Eugene and eleven different places, said he pays his medical doctors based mostly on the variety of patients they see. When discussing medical Hashish with your doctor, you must also ask your physician for a referral to a specialist who focuses on treating patients with medical marijuana. Beck Regulation P.C. is positioned in Santa Rosa and gives a whole scope of Medical Marijuana companies to shoppers in Santa Rosa, Petaluma, Cotati, Rohnert Park, Sebastopol, Healdsburg, Sonoma, Kenwood, Glen Ellen, Windsor, Bodega Bay, Ukiah, Willits, Clearlake, Lakeport, Kelseyville and all through Sonoma, Mendocino and Lake County. Still, after preliminary price bumps that are inclined to kick in briefly as shops get into compliance, each state that has legalized marijuana has seen prices go down considerably over time thanks to elevated competition. Don't take medical marijuana throughout state traces, particularly into states with out medical marijuana applications in place. It will not dispense marijuana, but will use a small team of cannabis-friendly medical doctors" and registered nurses to display applicants and monitor their progress, mentioned Sweatt, founder of Medical Hashish Outreach, the new clinic's operator. The Medical Marijuana Program (MMP) was established to provide a voluntary medical marijuana identification card issuance and registry program for qualified sufferers and their caregivers. Indeed, a legal framework has been in place for years (it's not good, there is not any denying that) to regulate medical marijuana consumption, and it's nonetheless the one means residents of the Golden State and guests alike can purchase the herb. OMMP will notify a grower when a patient submits a brand new or renewal software and lists them because the grower. Possess, transport, buy, get hold of, use, manufacture, or give away marijuana paraphernalia to peoples the age of 21 or older. Was created to close that loophole, however solely offered protections for sufferers who lawfully possess medical marijuana; consequently, the bills did not legalize distribution or cultivation, that means sufferers can't get legal entry to marijuana. For a more details in regards to the expertise, please visit our New Affected person or Renewal Patient page. SB420 allows probationers, parolees, and prisoners to use medical marijuana and to ask a decide to verify their rights. As for the age distribution, at the very least half of the population seeking medical recommendations through this doctor group was over the age of 35. For comparison, the median age for those 18 and older in the 2006 NSDUH who reported buying marijuana within the earlier month was in the 26-29 yr outdated category (those over 21 are placed into age classes). The City of San Diego municipal code allows as much as 1/2 lb of marijuana, 24 vegetation in 64 square feet indoors; no outdoors growing allowed besides in enclosed greenhouses. A study from 2009 means that regular and long-time period use of marijuana may enhance the risk for testicular most cancers. The Medical Marijuana Identification Card Program (MMICP) is a voluntary registry that allows for folks to confirm your medical marijuana card online by way of the California Department of Public Health database It is not needed to affix such a program, which prices further fees and will make your patient-standing publically available. Sugano discovered a pressure of marijuana by means of her own experimentation that she believes reduces her daughter's seizures. You may be asked to enter your credit card details at time of booking your consultation. The report is also unequivocal in its objective of preventing company consolidation within the marijuana business, as we've got seen with Huge Tobacco. We're specialists, licensed, comply the Medical Board of California Telehealth tips. Fortunately, innovative corporations like NuggMD make the net process extra convenient than you could even imagine, and let you rating a health care provider's recommendation for simply $39. I was about to expertise firsthand a course of the state is working to reform: how Californians get medical marijuana cards. They understood that I had been given an unlawful rec they usually helped me renew it, gave me proper documentation an info pamphlets. I have by no means sent in a review earlier than for anything however these guys were so good I wish to. The Physician came out to my car to do his evaluation as a result of I hurt so bad. The measure removes felony sanctions in opposition to those that use medical marijuana beneath doctor's orders, though dispensaries and cultivation facilities have yet to be developed. We had been advised for $299 we could get a particular exemption" card that would allow us to have 99 plants and 11 pounds of marijuana. Getting accepted for a medical marijuana card in California requires that you're beneficial for approval of the utilization of medical marijuana by a state board licensed practicing doctor. A giant sticking point is the convenience wherein marijuana could be smoked as drugs. In Orange County and all of California, medical marijuana supply providers and stroll-in dispensaries will settle for your recommendation in written letter format signed by a licensed Doctor. As long as they have original paperwork from their doctor where I can really feel the embossed state seal and their identification matches, that is all I need to allow them to in," stated Macfarlane of Sierra Wellness Connection. Additionally they can possess as much as an ounce of marijuana buds or 8 grams of hashish concentrates. Trulieve, Miami's first retail medical marijuana dispensary had its grand opening on Wednesday. You'd think about using topical wax or other marijuana balms when you've got ache in a specific area. However all of the talk about medical marijuana within the news of late did pique my curiosity. On this circumstance, California is the state identified for probably the most breakthroughs with hashish, to date. Sandee Burbank heads Mothers Towards Misuse and Abuse, a supplier that operates several clinics in Oregon, together with one in Bend, that help sufferers access marijuana and teaches them to use it safely and successfully. The Medical Marijuana Program (MMP) was established by the California Division of Health Services in 2004 to facilitate the registration of qualified sufferers and their caregivers, by way of a statewide identification system. We provide a Pockets Size ID Card, which has a picture and knowledge that will confirm along with your patient status along with a regular suggestion. SSL certificates assist both trade-commonplace 128-bit (utilized by banks to safeguard sensitive information) and excessive-grade 256-bit SSL encryption to protect on-line transactions. Solely a skilled doctor might perform a confidential evaluation to find out in case your medical situation qualifies beneath the Arizona Medical Marijuana Program, and if medicinal hashish could be an effective form of treatment. The rationale that medical doctors can not prescribe marijuana is that cannabis is still illegal in response to federal laws. Please usher in your Driver's license or state ID card showing that you are a resident of the state. Upon getting your medical hashish card, you'll be able to safely enter marijuana dispensaries and make purchases. The patients residence state exempts cardholders from prison prosecution for medical marijuana use. The selection of medical marijuana docs no longer matters, as a result of now you possibly can see one of some extraordinarily gifted and trusted medical doctors with zero hesitation or doubt, one hundred% online. Priceless Evaluations introducing Protection Plan for the medical marijuana sufferers. Here's a partial record of medical situations which are certified for the use of medical marijuana. These playing cards are the only acceptable document that legislation enforcement must accept as proof that you're a professional medical marijuana affected person. Whether or not you're a California native or new to The Golden State, should you wish to get hold of medical marijuana, you in all probability have some questions. Medical Marijuana Providers assets let you make an educated determination about the usage of medical marijuana as a remedy in your sickness. After years of working as the top doctor at other cannabis analysis clinics, Dr. Holtzman took the opportunity to open Seaside Medical Heart in January of 2011. The Minneapolis clinic was very very like a regular pharmacy, not anything too totally different," he stated. Of the 1500 physicians in California who've advisable cannabis underneath Prop 215, none have been federally prosecuted. Subsequent, patients needed to go to a doctor and obtain that doctor's recommendation for his or her cards, and then fill an software and send it with the doctor's note and $75 fee to Carson Metropolis. Sarah, clearly you might have been duped into believing much of the identical old worn out arguments against utilizing marijuana for helpful purposes that the outdated generation used and is using. There isn't a doubt that marijuana, medical or leisure, adjustments the sensorium when taken in sufficient quantity. Started in 2009, our medical clinic is run by a bunch of CA licensed holistic and various medication physicians that imagine in the scientific proof for the use of medical marijuana. The information there is shows it is a mixed bag: The number of prosecutions for all marijuana crimes, especially minor marijuana crimes, plummeted — together with for folks below 21. However citations for public use of marijuana rose. If registration goes smoothly and also you're accredited by the Medical Use of Marijuana Program, you'll print out a short lived Medical Marijuana Card that will final for 4 weeks. A separate estimate from California NORML locations the full number of present medical hashish shoppers between 2 and three %. When you dwell in a state with a medical program and you use hashish, I encourage you to get your license if possible. Dr. Joseph Dorn, who has labored in palliative and hospice take care of the last 12 years, will open the Medical Marijuana Treatment Center of Florida on Capital Medical Boulevard. Khalil later instructed me The Inexperienced Docs has never engaged in misleading pricing or promotion practices. Qualifying sufferers who do not need an I.D. card could elevate an affirmative protection motion to dismiss marijuana possession costs. The scent of marijuana and lure of music from the medicating space kept reminding these nonetheless on the surface what they were lacking. This special medical type card permits any patient who has a valid written advice from a licensed MD physician to be able to use hashish legally. In an try to rectify this downside and bring medical marijuana to the next customary (no pun supposed), the State's Medical Board has proposed policy adjustments that may make it more difficult to qualify for a medical marijuana card. However legally all you need is the DR's rec to visit any dispensary in California. There are so many types of medical marijuana that you will wish to ensure you get the correct form and use the suitable dosage. Our doctor makes an effort to grasp each patient in a comprehensive and personalized approach. Rooted in a basis of education and affected person rapport, Medical Marijuana Evaluations strives to empower each patient to make educated selections and reclaim their high quality of life using medical hashish. The legislation authorizes the establishement of eight state-run cannabis dispensaries to begin distribution on July 1, 2015. In 2012, Colorado and Washington voters elected to legalize marijuana for leisure functions. Shortly after being permitted by your physician, you may receive an e-mail with a PDF model of your suggestion that can be used immediately! http://web.enerjiuzmanlari.org.tr/UserProfile/tabid/57/userId/651696/language/en-US/Default.aspx
              Project Kopilka - Project-kopilka.com   
    I'm not admin.

    About:
    QUOTE
    It is a little about us, we the financial investment company which is engaged in microcredit of individuals and also our team trades in the market Forex, we trade in cryptocurrency.
    We diversify all money in such directions as: share purchase at construction and banking companies, we redistribute the financial portfolio every week, thus risks are minimum at highly profitable profit. Our project is created for everyone who wants to earn online and to fulfill the dream in reality because our analysts and professional traders work according to well developed scheme which shows very good results.
    It is not necessary to wait for weather by the sea, come, be registered in our program and already tomorrow your dreams will come true together with us.


    Investment plan:
    QUOTE
    1.00% Daily for 45 days
    Min: $10 / Max: $100

    Principal Withdraw: Available with 20.00% fee after 10 days or 15.00% fee after 25 days or 10.00% fee after 35 days


    > Payment system: AdvCash
    > Minimal spend $10
    > Referral commission 1%
    > Licensed script
    > SSL encryption
    > Paying 7 days a week

    View and invest ==>>


    My AdvCash deposit:

    50.00 USD
    Transaction ID: b2894fcb-092a-4430-adc4-f2461b6686f9
    01 Jul, 12:40
              Investing In China - Chininvest.com   
    I am not owner or administrator. Information has been posted here only for discussion.
    Start: May 6th, 2016
    Features: SSL encryption, Dedicated server/IP, Unique design, Unique script

    About HYIP (machine translation):
    QUOTE
    Investing in China - this is your chance to provide passive income! From you do not need any knowledge of the features of investment, our experts will do everything for you. You acquire the Company's shares directly on the site and make a profit! Our investment company collaborates with major Chinese cities - Hong Kong, Beijing, Shanghai, Guangzhou and Shenzhen. The team of specialists in different areas of investment conducts market analysis of the optimal investment portfolio of the Company with a high yield and moderate risk. Use species diversification, which consists in the distribution of funds in the various spheres of Commerce and Industry Investment, Tourism, stock market and real estate. Why China? Because today, China has become one of the economic powers, possessing the world's largest development potential.

    Investment Plans: 0.5% - 1% daily for 180 days
    Principal Return: Yes
    Charging: 7 days in week

    Minimal Spend: $10
    Maximal Spend: No Limit
    Referral: ?-8%
    Withdrawal: Manual
    Payment systems: Advanced Cash, Bank Wire, Bitcoin, NixMoney, Payeer, Perfect Money, WebMoney

    Our investment:
    Date : 05/26/2016 19:10
    From/To Account : U11209823
    Amount : -30.00
    Currency : USD
    Batch : 134696667
    Memo : API Payment. sqmonitor.

    Payment received:
    Date : 07/12/2016 09:50
    From/To Account : U11209823
    Amount : 1.00
    Currency : USD
    Batch : 139497489
    Memo : Investing in China

    Date : 07/01/2016 08:46
    From/To Account : U11209823
    Amount : 1.00
    Currency : USD
    Batch : 138289529
    Memo : Investing in China

    Date : 06/14/2016 19:29
    From/To Account : U11209823
    Amount : 1.00
    Currency : USD
    Batch : 136678405
    Memo : Investing in China

    Date : 06/07/2016 08:40
    From/To Account : U11209823
    Amount : 1.00
    Currency : USD
    Batch : 135948679
    Memo : Investing in China

    Link: http://chininvest.com/
              Report: Trump Commission Demanding Voter Data Over Unprotected Email   
    Names, addresses, partial Social Security numbers to be sent via system lacking basic encryption protections, says Gizmodo.
              Penetration Testing Bootcamp   

    Sharpen your pentesting skill in a bootcamp About This Book Get practical demonstrations with in-depth explanations of complex security-related problems Familiarize yourself with the most common web vulnerabilities Get step-by-step guidance on managing testing results and reporting Who This Book Is For This book is for IT security enthusiasts and administrators who want to understand penetration testing quickly. What You Will Learn Perform different attacks such as MiTM, and bypassing SSL encryption Crack passwords and wireless network keys with brute-forcing and wordlists Test web applications for vulnerabilities Use the Metasploit Framework to launch exploits and write your own Metasploit modules Recover lost files, investigate successful hacks, and discover hidden data Write organized and effective penetration testing reports In Detail Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing. This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test. In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing. Style and approach This book is delivered in the form of a 10-day boot camp style book. The day-by-day approach will help you get to know everything about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits. Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com . If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.


              (USA-AZ-Phoenix) Sr Database Administrator   
    Description: Phoenix - AZ, PHX4701A, 4701 E Francisco Dr, 85044-5365 Sarah L Timms 20170519-2524 **We believe that** , when done right, investing liberates people to create their own destiny. **We are driven** by our purpose to champion every client’s goals with passion and integrity. **We respect** and appreciate the diversity of our employees, our clients, and the communities we serve. **We challenge** conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. **We champion** our employee strengths, guide their development, and invest in their long-term success. **We hire** optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed. As a company, we were established by Chuck at http://www.aboutschwab.com/about/leadership/charles_schwab over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future. **Our Opportunity:** The Stock Plan Services Technology team is responsible for building applications to support the equity compensation business. These solutions are essential to manage company’s equity compensation plans, taxation, reporting, and much more. We are seeking a Senior Database Administrator to manage our databases that run our business. **What you’ll do:** We have an exciting role for a Senior DBA who is up for helping us deliver transformational applications. We are looking for a self-motivated DBA who is experienced in various aspects of administration and development across different database products to tackle the following objectives: + Provide support to our production data operations team by reviewing data update scripts + Partner with our application engineering team by creating and modifying schemas, reviewing sql queries, building stored procedures, reviewing code to understand impacts to database usage and performance + Investigate production issues + Proactively identify and address database performance issues + Partner with other technology organizations within Schwab to define segregation of duties and identify responsible parties for various tasks + Provide oversight and guidance for the Unified Data Model project + Analyze and assist with a conversion from Oracle to MSSQL over the next 2 years + Routinely refresh, sanitize and scrub data from production environments into QA and Development environments + Lead the implementation of scripts to automate routine database management functions + Build relationships with technical partners across the organization + Ensure stored and transmitted data meets Schwab’s security and encryption policies + Learn the business of Stock Plan Services @ Charles Schwab & Co + Provide 2nd tier on-call support for troubleshooting and analysis for production issues + Proactively engage technical and business partners to overcome roadblocks and resolve issues **What you have:** + 8+ years’ experience in IT 6+ years Oracle and Microsoft SQL DBA experience + You will have worked as a technical leader effectively implementing world class solutions + You will have successfully managed a highly tuned Oracle database implementation + You have been a leader in major Oracle version upgrades + You will have effectively communicated with both technical and business partners + You are able to make things happen without being told what to do + You are a self-starter and are willing to dig in and learn + Bachelor's degree in Computer Science, Engineering, or a similar field + Must have experience with Oracle 11g (12c a plus), grid/ASM, RAC, compression, partitioning, data guard and high availability techniques. + Application coding skills desired in at least one of the following languages – Java, PERL, Python, C#, Shell Scripting, Ruby, Etc + Minimum of 2 years of Linux proficiency (as a power user and administrator) + Experience with modern 24x7 production environments is a plus + Experience with database replication and scaling issues is a big plus + Understands business strategy and cascades business intelligence needs to the database level + Willingness to work flexible / odd hours (as needed) + Successful experience working in a team environment + Excellent written and verbal communication skills + Expert in SQL and at a minimum intermediate PL/SQL + MongoDB experience is a plus **What you’ll get:** + Comprehensive Compensation and Benefits package + Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts + Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program + Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions + Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships + Not just a job, but a career, with an opportunity to do the best work of your life Learn more about Life@Schwab at http://www.aboutschwab.com/careers/life_at_schwab/" . Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law. Job Specifications Relocation Offered?: Yes Work Schedule: Days Languages: English - spoken Current Licenses / Certifications: None Relevant Work Experience: IT-DBA-6+ yrs Position Located In: AZ - Phoenix, TX - Dallas, TX - Westlake Education: BA/BS Job Type: Full Time Category:Information Technology Activation Date: Friday, June 30, 2017 Expiration Date: Thursday, August 31, 2017 Apply Here
              IAM Consultant - The Herjavec Group - Canada   
    Experience with J2EE technologies, scripting, directories, certificates (PKI), and encryption are highly desirable....
    From The Herjavec Group - Wed, 17 May 2017 15:13:43 GMT - View all Canada jobs
              Senior Mobile Developer - Samsung Pay - Burlington, MA   
    Develop encryption library for Samsung Pay Android Application; Do you want to help shape the path of mobile payments by working on the latest technology in a...
    From Samsung Pay - Wed, 24 May 2017 06:52:49 GMT - View all Burlington, MA jobs
              (USA-VA-Newport News) AMSEC Computer Sys Security Anlyst 4   
    **18669BR** **Job Title:** AMSEC Computer Sys Security Anlyst 4 **Department/Cost Center:** 135 - AMSEC LETTS - 13504 - STSTEMS INTEGR & CYBER SOLUT **External Job Description:** *This position is contingent upon contract award* Position Specifics: - Must be a US Citizen. - Must have an interim secret clearance to start. - Must be able to obtain and maintain a RAPIDGate or DoD CAC. - Must have an active DoD security clearance at a Secret Level or higher. - Must be a Fully Qualified Navy Validator for Risk Management Framework (RMF) - Must have CISSP Certification. - Must be DoD 8570 compliant IAT-3. - Must have experience analyzing software security. Responsibilities include, but not limited to the following: •Plan, coordinate, and implement security measures defined by DoD security standards. •Prepare Certification & Accreditation packages in compliance with Risk Management Framework (RMF) for DoD Information Technology (IT) (DoDI 8510.01), in support of NAVSSES, ensuring compliance with Federal, Department of Defense and Navy Information Assurance policies. •Coordinate certification and accreditation activities within scope of Program Director, IA PM, System IAM and Designated Approving Authorities (DAAs). •Disseminate Information Assurance Vulnerability Alerts (IAVAs) to System Administrators (SAs) and Information Assurance Security Officers (IASOs) ensuring IAVAs are received and acknowledged. •Monitor IAVA compliance and reporting, ensuring IS and networking security scans are performed, completed and documented. •Report program effectiveness to program director; ensure compliance of all program IS, ensuring assets are properly reported and scans validated. •Create, Submit, Validate Certification and Accreditation (C&A) packages in accordance with Risk Management Framework (RMF) for DoD Information Technology (IT) (DoDI 8510.01)/DIACAP •Create and process Platform IT (PIT) Risk Approval (PRA) packages in accordance with NAVSEAINST 9400.2 •Review risk analysis and accreditation documentation for timeliness, completeness, and accuracy; ensuring all necessary materials are forwarded for review. •Interface with project stakeholders, including operations, developers, and customers to ensure compliance IA compliance in all phases of projects. •Support and coordinate multiple project certification/recertification efforts including preparation and delivery of all C&A documentation, remediation/adjudication steps, etc. •Collaborate with teammates to improve quality and testability of solutions. Designs, tests, and implements state-of-the-art secure operating systems, networks, and database products. Conducts risk assessment and provides recommendations for application design. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Uses encryption technology, penetration and vulnerability analysis of various security technologies, and information technology security research. May prepare security reports to regulatory agencies. **Auto req ID:** 18669BR **Marketing Title:** AMSEC Computer Sys Security Anlyst 4 (RMF Navy Qualified Validator (NQV) **Basic Qualifications:** 9 Years relevant experience with Bachelors; 7 Years relevant experience with Masters; An additional 4 years of specific job experience with a HS diploma may be substituted for the Bachelor's degree requirement for this job. This experience is in addition to the relevant years of experience listed with the job's education requirements. Example: If this job required a Bachelor's degree + 5 years relevant experience the equivalency would equal HS diploma + 9 years job related experience. **Entity:** AMSEC (0480) **Schedule:** Full-time **Clearance Type:** Secret **Shift:** 1st **Travel:** Yes, 25% of the time **Company Statement:** AMSEC is a subsidiary of Huntington Ingalls Industries (HII). Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry. For more than a century, HII’s Newport News and Ingalls shipbuilding divisions in Virginia and Mississippi have built more ships in more ship classes than any other U.S. naval shipbuilder. HII’s Technical Solutions division provides a wide range of professional services through its Fleet Support, Integrated Missions Solutions, Nuclear and Environmental, and Oil and Gas groups. Headquartered in Newport News, Virginia, HII employs nearly 37,000 people operating both domestically and internationally. **Relocation Assistance:** No relocation assistance available **Minimum Education:** High School Diploma/GED **Location:** Newport News-Virginia-United States **US Citizenship Required for this Position:** Yes **EEO Statement:** Equal Opportunity Employer - Veterans/Disabled Welcome. U.S. citizenship required for most positions. **Preferred Qualifications:** Job performance requires adequate visual acuity and manual dexterity for meeting the requirements of a Systems Analyst discipline. Office work environment normally encountered.
              (USA-VA-Virginia Beach) Sr Analyst, Info Security   
    Job Description Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Must possess a thorough understanding of all aspects of computer and network security, including such areas as firewall administration, encryption technologies and network protocols. Data Security Analysts need strong oral and written communication, analytical, and problem-solving skills, as well as excellent judgment and self-motivation. They should be able to multitask and work well under pressure. They must be able to investigate alerts, anomalies, error, intrusions, malware, ect to identify the extent of a security incident and they must be able to help isolate the responsible agents. It is important that candidates keep abreast of industry security trends and developments, as well as applicable Government regulations. Typical duties include: + Leads incident response + Monitoring systems security and responding to security incidents + Participating in security systems testing + Ensuring integrity and confidentiality of sensitive data + Preventing and detecting intrusion + Engages with other internal and external parties to get and share information to improve security posture + Validate incident containment and remediation recommendations + Conducting forensic media analysis and log file analysis (to include Encase). Education Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience. Qualifications Eight years of intensive and progressive experience in the candidate's field of study and specialization. Must have experience with SIEM, log analysis, vulnerability analysis, and some scripting experience **Certification Requirements:** IAT Level III in accordance with DoDD 8140; C|EH As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.
              (USA-VA-Hampton) Storage and Virtualization Administrator   
    Job Description Duties: - Shall administer, operate, manage and maintain storage area networks and virtualized systems. - Shall administer, operate, manage, and maintain SAN environments. -- Configuring, analyzing, monitoring and optimizing storage and interfaces to storage and related data paths (such as iSCSI devices, Fiber Channel, LUN sizing) -- Working with product vendors to resolve hardware issues, and to improve the use and configuration of vendor products and technologies (such as replication and management software, RAID Configurations and multi-pathing) -- Managing permissions, maintenance, administration, capacity planning and monitoring, and assist in backup and data recovery -- Documenting, troubleshooting and resolving associated change requests and incidents tickets -- C reating reports and recommending courses of action for service improvement for administered SANs -- Ensuring SANs are patched, operational, and optimized for performance -- Installing hardware, software, and system components -- Integrating systems -- Conducting patch, account and performance management -- Troubleshooting and performing root cause analysis to resolve incidents -- Testing and implementing solutions -- Auditing, recording and tracking change and incident activities -- Creating draft functional and security procedures -- Documenting and maintain documentation for systems and environments -- Developing draft operational procedures -- Providing documentation on security protocols, authentication, authorization, auditing, anti-virus, spam prevention and encryption - Shall administer, operate, manage, and maintain virtualization systems and environments. -- Managing permissions -- Administering, maintaining, monitoring and planning for capacity and utilization -- Documenting, troubleshooting, and resolving associated change requests and incident tickets -- Ensuring servers are patched, operational, and optimized for performance -- Creating reports and recommending courses of action for service improvements -- Installing hardware, software, and system components -- Conducting patch, account and performance management -- Troubleshooting and root cause analysis to resolve incidents -- Testing and implementing solutions -- Auditing, recording and tracking change and incident activities -- Creating draft functional and security procedures -- Developing draft operational procedures for providing services within the APC -- Documenting and maintain documentation for systems and environments -- Providing documentation on security protocols, authentication, authorization, auditing, anti-virus, spam prevention and encryption - Shall administer, develop, manage, and perform disaster recovery procedures and processes for managed SANs and virtual environments. -- Performing backup and data recovery -- Troubleshooting errors in backups and restores -- Performing library management, license management, policy and schedule configuration management, client service management, and client object discoveries -- Managing permissions, maintenance, and administration -- Conducting capacity planning and monitoring -- Documenting, troubleshooting and resolving associated incidents and changes, creating reports, and recommending courses of action for service improvement for locally and/or remotely administered back-up systems -- Developing network bypass, recovery and backup procedures -- Performing incremental and full back-ups for all servers as outlined in operating procedures -- Providing back-up of all critical services and information stores, as available Government storage resources allow, and ensuring back out procedures exist before loading software updates and patches Please Note: Shift work is possible. Education Bachelors Degree in Computer Science, Engineering, or a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience. Qualifications 5-8 years of directly related experience in network analysis and administration. Requirements: - Current Secret Security Clearance or Higher - Current 8570 IAT II Level Certification (CNA-Security, GICSP, GSEC, Sec+ CE, SSCP) or higher - Experience operating and mainting large storage and/or virtual environment - Experience with CommVault backup application Desired Experience/Certifications: - CompTIA Cloud - EMC2 - Information Storage and Management Associate - VMWare Certified Professional 5 or 6 As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.
              Folder Lock 7.7.0 Final Full Version   

    Folder Lock 7.7.0 Final Full Version –  Folder Lock is an encryption and password protection tool for files, folders, USB and CD/DVDs. Folder Lock lets users encrypt and lock their files, pictures and personal information for security purposes. It creates...

    The post Folder Lock 7.7.0 Final Full Version appeared first on Fullversion33.com.


              Penetration Testing Bootcamp   

    Sharpen your pentesting skill in a bootcamp About This Book Get practical demonstrations with in-depth explanations of complex security-related problems Familiarize yourself with the most common web vulnerabilities Get step-by-step guidance on managing testing results and reporting Who This Book Is For This book is for IT security enthusiasts and administrators who want to understand penetration testing quickly. What You Will Learn Perform different attacks such as MiTM, and bypassing SSL encryption Crack passwords and wireless network keys with brute-forcing and wordlists Test web applications for vulnerabilities Use the Metasploit Framework to launch exploits and write your own Metasploit modules Recover lost files, investigate successful hacks, and discover hidden data Write organized and effective penetration testing reports In Detail Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing. This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test. In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing. Style and approach This book is delivered in the form of a 10-day boot camp style book. The day-by-day approach will help you get to know everything about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits. Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com . If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.


              SpeedNet Version 4.2 Release Date 16.06.2014   
    Purpose of release:

    Release of Version 4.2 is necessitated due to the following update requirements:

    i.                     Introduction of Direct Bagging for Bulk Addressees from origin Sorting and IC Hubs.

    ii.                   Handling of new barcode series with prefix ‘PP’ to allocated to Passport articles.

    iii.                  Requirement to allow Prepaid/Advance customers to book SP-COD articles.

    iv.                 New requirements and bug fixes as detailed in the ‘New Features’ section of this document.

    Further, SpeedNet Communication is now equipped with additional ability to download & perform auto-upgrade for SpeedNet versions, new scripts and office master files from a single location on SpeedNet Central Server. This is an additional facility to the feature made available in Speednet Communication 4.1, which facilitated pushing of Speednet Version 4.1.1 from Speednet Central Server.

    The beta version of Speednet 4.2 was under testing at various field locations and pan-India release made on 16.08.2014.

    This document covers the new features and bug fixes done in following versions viz.,

    1)      SpeedNet 4.0 Release Date 10.06.2013 (Test version for SP-COD)

    2)      SpeedNet 4.0 Release Date 12.09.2013 (Pan-India release for SP-COD)

    3)      SpeedNet 4.1 Release Date 31.10.2013

    4)      SpeedNet 4.1.1 Release Date 02.12.2013

    Index:


    I.    a)      New Features / options
          b)      Bugs Fixed          

    II.           Pre-requisites

    III.          Fresh Installation / Upgradation procedure

    IV.          Things to do - check list

    V.           Feed back / Error reporting

     
    I.       New Features / options:

    The following new options are included in SpeedNet 4.2 Release dated 16.06.2014:

    1)      Direct Bagging for Bulk Addressee from Sorting Hubs / IC Hubs:

    In Operator login under ‘Bulk Delivery’ menu, new option ‘Direct Bag from other Hub/ICH invoicing’ is available for Sorting Hubs / IC Hubs.  The operational guideline on bagging for Bulk Addressees is supplied separately.

    2)      New prefix ‘PP’ has been allocated for booking of Passports vide MB Division, Directorate lr.no.  30-35/2013-D dated 13.08.2014.

    The new prefix will now be allowed for booking and delivery operations in Speednet Version 4.2.

    3)      SP-COD booking facility made available to Prepaid/Advance customers.

    SP-COD booking facility was available to BNPL category, which is now extended to Prepaid/Advance customers.

    4)      Report on SPAs invoiced to BOs pending for Returns beyond seven days and thirty days:

    An alert during Supervisor and Operator login and a report on SPAs invoiced to BOs pending for Returns beyond seven days and thirty days:

    During each Supervisor and Operator login, an alert message will appear if SPAs invoiced to BOs are pending for returns beyond seven days.

    To get details of such SPAs, Supervisor / Operator can use Reports à Other Reports à BO Returns Pending Beyond Seven Days option.

    5)      Taking returns of SPAs invoiced to BOs is not allowed beyond 30 days:

    Taking returns of SPAs invoiced to BOs is restricted to 30 days period under Delivery à Speed Post Articles à Remarks From Other Offices option.

    6)      SpeedNet Communication - ability to download new version files, scripts, office master files:

    Speednet Communication has now got the ability to download new version files, scripts, office master files, etc from a single location on Speednet Central Server and perform auto-upgradation without any manual intervention.
     
    This is an additional facility to the feature made available in Speednet Communication 4.1, which facilitated pushing of Speednet Version 4.1.1 from Speednet Central Server.

    7)      SpeedNet Communication - updation of Branch Office Master Data with new Message file:

    Updation of Branch Office Master Data through SpeedNet Communication with new Message file.

    8)      SpeedNet Communication – Supervisor and Operator will get alert when messages found not transmitted from EMSClient folder.
     
    The following new options were included in SpeedNet 4.1 Release dated 31.10.2013:

    1)      RTS / Missent remark is made mandatory for despatching of SPAs in Post Offices

    2)      Provision to select delivery date while taking returns for delivered Bulk Addressee SPAs under Bulk Delivery option for SH / ICH

    3)      Bulk Addressee Special Delivery Manifest is redesigned to accommodate three SPAs per row

    4)      Updationof remarks for Articles under “Other Office Articles – Delivery Data” option is limited to PIN code jurisdiction of respective Post Office

    5)      Provision to upgrade local databases from Central Server through SpeedNet Communication

    The following new options were included in SpeedNet 4.0 Release dated 12.09.2013:

    1)     Speed Post - Cash on Delivery (SP-COD):

    BD & M Directorate has formulated the SP-COD scheme for customers, who place the orders for goods through mail order / on phone and make payment at the time of delivery of articles.

    For the purpose of SP-COD, special barcode series has been allotted to M/s. Amazon.com for Speed Post viz., ‘AW’ series and ‘AC’ series for cash on delivery articles. As such, SPAs with ‘AC’ series barcode are treated as cash on delivery SPAs.

    For more information on SP-COD and its applicability, please read SOP on SP-COD. Features of SP-COD are detailed in the PPT.


    BD & M Directorate has introduced the BRSP scheme for merchants / retail service providers, who wants a service which enables customers, who are either not satisfied with the product received or receives the product in damaged condition, to send back the merchandise to merchants / retail service providers at no cost.

    For the purpose of BRSP, special barcode prefix viz., ‘BR’ is used. As such, SPAs with ‘BR’ series barcode are treated as BRSP articles.

    For more information on BRSP and its applicability, please read SOP on BRSP.


    This option is meant for delivery of SPAs directly from Sorting / IC Hubs to Bulk Addressees and taking returns for such SPAs.

    The ‘Bulk Delivery’ menu is available only for Sorting Hubs / IC Hubs instead of ‘Delivery’ menu, which is available only for offices other than Sorting Hubs / IC Hubs.

    Initially, Bulk Delivery menu will be disabled for Operators in Sorting Hubs / IC Hubs, which needs to be enabled by selecting the menu options, ‘Bulk Delivery Invoicing’, ‘Bulk Delivery Returns’ and ‘Request Bulk Addressee Data’ under Supervisor àMaster à Duty Allocation à Modify option.


    Requirement received from field units for provision to update the delivery information of RGI articles for which delivery returns are already taken, but shown as undelivered on RGI MIS and same has been provided.


    Provision has been made available in SpeedNet 4.0 for regeneration of Delivery messages for which delivery data is available in the local system. This option can be used to update delivery data in respect of RGI articles so that the RGI MIS is updated with delivery information.

    The option is available under Supervisor à Tools à Resend Booking & Delivery Data.

    6)     International EMS tariff revision w.e.f. 01.05.2013:

    International EMS tariff revision was effected w.e.f. 01.05.2013, which is now included in SpeedNet 4.0. The update for tariff revision was provided till now only on request.
     

    In view of data integrity especially in respect of SP-COD articles, which involve financial aspects, encryption policy has been adopted in SpeedNet communication.


    SpeedNet Communication now has the capability to upgrade databases without the implicit use of Meghdoot Scripter (ScriptTool.exe). Any EXL file received from CEPT can be copied to the Data folder in the RXD folder of EMSClient for further processing.


    Office Master data will be pushed from SpeedNet Central Server on a periodic basis and the same will be updated through SpeedNet Communication.

    However, the option to update the Office data implicitly by downloading Office Master file from SPC Office Configuration site is retained for the benefit of SpeedNet offices.


    In accordance with the orders received from Directorate the following modification has been done in Delivery à Returns option, Remarks from other offices option and Delivery Other Office Articles - Delivery Data option:

    a)    A Provision is made under Delivery à Remarks from other offices option to enter the time of delivery.

    b)   Uniformity in showing the current date and time is made across all the returns option.

    c)    In case if actual time of delivery is not entered, then local system time at the time of taking returns / uploading delivery information will be taken as time of delivery.



    A new report based on the requirements of BD & M Directorate for Speed Post MIS – Delivery Performance is included under Supervisor à Reports à Other Reports à Speed Post Delivery Incentive option.

    Note:

    Delivery data is retained in the POSPCC database for 45 days only. Hence, the Speed Post MIS - Delivery Performance Report needs to be generated / printed within 15 days from the completion of month.


    For WNX articles booked in Meghdoot Point of Sale module, booking data for the WNX articles is fetched along with other Speed Post articles and collection of WNX articles can be done in SpeedNet. After collection WNX articles can be closed using the option provided under Operator à Issues à Closing of WNX Bag. Bag closing and despatch process for WNX bag is same as that of other Speed Post bags.


    A single point installation / upgradation to SpeedNet 4.0 is implemented through use of “SpeedOne Installer.exe” and “SpeedOne Updater.exe” doing away the need for individual installation / upgradation process in vogue for the previous versions.

    Bugs fixed:


    1)        Booking of SP-COD articles using ‘EZ’ series in offices having more than one SP-COD customer (with different barcode range)

    2)        Allowing invoicing of foreign articles with ‘EZ’ series to beat / postman

    3)        Office Configuration issue during fresh installation

    4)        BNPL Monthly Bill Report display billing amount of more than 6 digits

    5)        Office Master updation in SpeedNet Communication (Bulk Upload error, invalid data error etc.,)

    6)        Handling of unprocessed files lying pending in SpeedNet Communication folders due to various reasons


    1)      Provision to Auto-save the articles invoiced in the Bulk Addressee option for Post Offices

    2)      Calculation of taxes updated for Prepaid/Advance Customers at the time of monthly billing

    3)      Issues relating to database configuration noticed during fresh installation have been rectified

    The following bugs were fixed in SpeedNet 4.0 Release dated 12.09.2013:

    1)      Error while modifying remarks under Remarks From Other Offices option

    2)      Mandatory requirement for scanning of Missent articles under Delivery à Dispatch à Missent Articles option is enforced

    3)      Closing of SP Bags error: SQL Server Deadlock issue

    4)      Constraint in repeated handling of same article in receipt and disposal

    5)      Virtual Scanning (opening of bag / receipt of articles) issues

    6)      Errors in opening of Transit bags and bundles

    7)      Errors during modification of bags opened including transit bags

    8)      Fetch from counter issues: Collation errors, Heterogeneous query errors, SQL 2005 and 2008 related errors

    9)      Abstract related issues

    10)   Discrepancy report modified to segregate articles collected and not disposed, articles received but not disposed

    11)   Configure Mail List error for offices like MBC, BNPL etc.,

    12)   Flush Data Logic change to speed up the flushing process

    13)   New concept of active status for offices implemented for excluding old offices data during bag receipt / open/ close options etc.,

    14) Subtitle

    An Uptake in Communications Encryption Is Tempered by Increasing Pressure on Major Platform Providers; Governments Expand Content Restriction Tactics

    Teaser

    Documenting the practice of Internet censorship around the world through empirical testing in 45 countries of the availability of 2,046 of the world’s most-trafficked and influential websites, plus additional country-specific websites.

    Author(s)

    Thumbnail Image: 

    This study, conducted by the Internet Monitor project at the Berkman Klein Center for Internet & Society, documents the practice of Internet censorship around the world through empirical testing in 45 countries of the availability of 2,046 of the world’s most-trafficked and influential websites, plus additional country-specific websites. The study finds evidence of filtering in 26 countries across four broad content themes: political, social, topics related to conflict and security, and Internet tools (a term that includes censorship circumvention tools as well as social media platforms). The majority of countries that censor content do so across all four themes, although the depth of the filtering varies.

    The study confirms that 40 percent of these 2,046 websites can only be reached by an encrypted connection. While some sites can be reached by either HTTP or HTTPS, total encrypted traffic to the 2,046 sites has more than doubled to 31 percent in 2017 from 13 percent in 2015. Meanwhile, and partly in response to the protections afforded by encryption, activists in particular and web users in general around the world are increasingly relying on major platforms, including Facebook, Twitter, Medium, and Wikipedia.

    These trends have created challenges for state Internet censors operating filters at national network levels. When an entire website is encrypted, it is not easy to detect and selectively block a particular article on Wikipedia or a particular dissident’s social media profile. Unless a platform agrees to remove content, a country must either block the whole site, or allow everything through. The study finds that the increasing adoption of HTTPS has reduced the blocking of communications in some cases and has led to broader crackdowns in others.

    Producer Intro

    Authored by
              Symantec shares Potential Motives behind Petya Ransomware attacks   
    Symantec has confirmed that MEDoc, a tax and accounting software package, is used for the initial insertion of Petya into corporate networks. MEDoc is accounting software that is widely used in the Ukraine, indicating that organizations in that country were the primary target. After gaining an initial foothold, Petya then uses a variety of methods to spread across corporate networks.


    Petya is a worm, meaning it has the ability to self-propagate. It does this by building a list of target computers and using two methods to spread to those computers.
    ·         Lateral movement:
    o    Execution across network shares: It attempts to spread to the target computers by copying itself to [COMPUTER NAME]\\admin$ using the acquired credentials. It is then executed remotely using either PsExec or the Windows Management Instrumentation Command-line (WMIC) tool. Both are legitimate tools.
    o    SMB exploits: It attempts to spread using variations of the EternalBlue and EternalRomance exploits.
    ·         Petya builds a list of IP addresses to spread to, which includes primarily addresses on the local area network (LAN) but also remote IPs. Once the list of target computers has been identified, Petya builds out a list of user names and passwords it can use to spread to those targets. The list of user names and passwords is stored in memory.

    • Initial infection:
      • Petya is initially executed via rundll32.exe using the following command: rundll32.exe perfc.dat, #1
      • Once the DLL has been loaded, it will first attempt to remove itself from the infected system. This is done by opening the file and overwriting its contents with null bytes before finally deleting the file from disk. Overwriting the file with null bytes is used as an attempt to thwart recovery of the file using forensic techniques.
    • MBR infection and encryption:
      • Once installed, Petya proceeds to modify the master boot record (MBR). This allows it to hijack the normal loading process of the infected computer during the next system reboot. The modified MBR is used to encrypt the hard disk while simulating a CHKDSK screen. It then displays a ransom note to the user.
    • Full blog post here.

    Petya outbreak: What’s the motive behind this major cyber attack?
    • Sometimes the obvious answer is the right one:
      • The person or persons behind the attack were technically capable and were attempting to compromise a choice group of financial targets that may be more likely to pay a ransom, as they would need to regain access to important financial records.
      • The attacker may not be a particularly smart criminal, however, as using a single bitcoin wallet, and a single e-mail account for contact, was not the best way to get payment. 
      • The e-mail account was rapidly suspended by its provider, thus disabling the ability of the attacker to interact with victims. 
    • There may be a more nefarious motive behind the attack, that is, disruption:
      • Similar to Killdisk, perhaps this attack was never intended to make money, rather to simply disrupt a large number of organizations. Launching an attack that would wipe victim hard drives would achieve the same effect, however, that would be an overtly aggressive action. Effectively wiping hard drives through the pretense of ransomware confuses the issue, leaving victims and investigators to ask: “Are the attackers politically motivated, or criminally motivated?”
      • Based on the current data, the motive behind the Petya attacks may be the second option. This attack was an ineffective way to make money, but a very effective way to disrupt victims, and sow confusion.



    For the LATEST tech updates,
    FOLLOW us on our Twitter
    LIKE us on our FaceBook
    SUBSCRIBE to us on our YouTube Channel!

              sg2002 posted a comment on discussion Open Discussion   
    Your call. Just FYI updating those files actually makes you Java more secure, not less. Due to US law SUN/Oracle was/is prohibitted from providing the most secure encryption algorhitms. Those files unlock them. Also note that those downloads are from Oracle official website.
              and on the morrow they went …   

    From 'we go tomorrow' to 'no place to hide'—a calendarial coincidence of two events finely illustrating the impact of encryption, the breaking of encryption, and computing power on world history.


              MySQL5.7のTDE   
    MySQL5.7にはTDE(Transparent Data Encryption)というデータ暗号化機能があります。 アプリケーション側で暗号化をしなくても、テーブルファイルなどを暗号化してくれます。 設定手順は以下のような感じです。 T […]
              Update: Cardex - Bank Card Holder (Finance)   

    Cardex - Bank Card Holder 1.3


    Device: iOS Universal
    Category: Finance
    Price: Free, Version: 1.2.2 -> 1.3 (iTunes)

    Description:

    Cardex helps you organize all your cards securely with a simple and easy to use interface. It offers support for card scanning solution to extract card number and valid through date to validate the card in real time.

    ## FEATURES
    * PIN code protected.
    * Support various cards including Visa, JCB, UnionPay, MasterCard, American Express and etc.
    * Fast scanning
    * The recognition results come out with the best level of accuracy
    * User data protection by encryption stored data

    What's New

    * improved stability
    * new colors added

    Cardex - Bank Card Holder


              IT Services Specialist II - Electronic Arts - Redwood City, CA   
    MS Offce Suite, MS Visual Studio, Skype for Business, Oracle, OKTA, Adobe Suite, Cisco VPN, Virtual Machines, Data Encryption, Python, Tableau, Slack, Box, Maya...
    From Electronic Arts - Tue, 13 Jun 2017 05:11:07 GMT - View all Redwood City, CA jobs
              Security Link Roundup - January 4, 2016   
    January 4, 2016 Oracle Consulting Security Link Roundup
    I'm Mark Wilcox.The Chief Technology Officer for Oracle Consulting- Security in North America and this is my weekly roundup of security stories that interested me.###Database of 191 million U.S. voters exposed on Internet: researcherSo 2016 starts off with another headline of a database breach. In this case 191 million records of US voters. This is ridiculous. And could have been prevented.And a sobering reminder to contact your Oracle represenative and ask them for a database security assessment by Oracle consulting.###Secure Protocol for Mining in Horizontally Scattered Database Using Association RuleData mining is a hot topic - it's essential to marketing, sales and innovation. Because companies have lots of information on hand but until you start mining it, you can't really do anything with it.And often that data is scattered across multiple databases.In this academic paper from the "International Journal on Recent and Innovation Trends in Computing and Communication" the authors describe a new protocol that they claim respects privacy better than other options.On the other hand - Oracle already has lots of security products (for example database firewall, identity governance) that you can implement today to help make sure only the proper people have access to the data.So make sure to call your Oracle represenative and ask for a presentation by Oracle Consulting on how Oracle security can help protect your data mining databases. ###A Guide to Public Cloud Security ToolsCloud computing is happening.And most people are still new to the space.This is a good general article into the differences in security between public and private clouds.Plus has a list of tools to help you with cloud security.And if you are wanting to use cloud to host Oracle software - please call your Oracle represenative and ask them to arrange a meeting with Oracle Consulting Security to talk about how Oracle can help do that securely.###Survey: Cloud Security Still a Concern Heading into 2016Security continues to be the biggest concern when it comes to cloud.While there are challenges - I find securing cloud computing alot simpler than on-premise. Assuming your cloud hosting is with one of the major vendors such as Oracle or Amazon.And if you are wanting to use cloud to host Oracle software - please call your Oracle represenative and ask them to arrange a meeting with Oracle Consulting Security to talk about how Oracle can help do that securely.###40% BUSINESS DO NOT USE " SECURITY ENCRYPTION" FOR STORING DATA IN CLOUD"Holy crap, Marie." I watch a lot of reruns of "Everybody Loves Raymond" and I feel like this story is another rerun.Except unlike Raymond this is a rerun of a bad TV show.Encrypting a database is one of the best ways to secure your data from hackers.So before you start storing data in the cloud, in particular with an Oracle database make sure you have Oracle Consulting do a security assessment for you. That way you can know what potential problems you have before you start storing sensitive production data.###image credit unsplash.
              Hashgate Limited - Hashgate.net   
    I'm not admin here!
    QUOTE
    HashGate Limited is an investment club revolutionising the digital coin trading market through investment robots trading over 100 cryptocurrencies.
    Despite appearances, cryptocurrency is a lot more than just a bunch of digital numbers that people have assigned monetary value to. Cryptocurrencies such as Bitcoin allow for a decentralised public ledger system, which is collectively known as the Blockchain. The cryptographic Blockchain technology is the power source behind Bitcoin, Litecoin, Dash, and all the other bitcoin alternatives and is what makes them “cryptocurrencies”.
    By having the right information at the right time, and understanding how the market will respond to the information, it becomes all too easy to stay head of trends and accurately predict whether cryptocurrencies will rise or fall. On top of having this fundamental analysis, HashGate Limited offers complete technical analysis with a cutting-edge modern automatic system.


    IPB Image

    0.16% Hourly Profit - 3.84% Daily
    0.0010000000 BTC: Minimum Amount
    0.9999999000 BTC: Maximum Amount
    Duration: Unlimited

    0.18% Hourly Profit - 4.32% Daily
    1.0000000000 BTC: Minimum Amount
    2.4999999900 BTC: Maximum Amount
    Duration: Unlimited

    0.20% Hourly Profit - 4.8% Daily
    2.5000000000 BTC: Minimum Amount
    Unlimited: Maximum Amount
    Duration: Unlimited

    QUOTE
    SSL EV Encryption
    DDos Protection
    Licensed Script
    Hosting provider: Dancom Ltd
    Registrar NAMECHEAP INC
    Created 2017-05-22
    Expire 2022-05-22
    NS DNS1.REGISTRAR-SERVERS.COM DNS2.REGISTRAR-SERVERS.COM
    DNS1.REGISTRAR-SERVERS.COM DNS2.REGISTRAR-SERVERS.COM


    Accept: Bitcoin

    Join here: https://hashgate.net/

    Reduced Size Image

              Dollarbill - Dollarbill.biz   
    DollarBill is an secure and profitable investment platform, backed up by Forex market trading, Stock Market trading, Cryptocurrency trading, and investing in various funds and activities. Profits from these investments are used to enhance our program and increase its stability for the long term.
    DollarBill is the best choice for people willing to achieve their financial freedom but unable to do so because they're not financial experts.
    DollarBill - Your first million is easy!

    2.1% Weekly, for 700 Days
    Plan Spent Amount ($) Weekly Profit (%)
    2.1% $30.00 and more 2.10

    QUOTE
    SSL Encryption
    DDos Protection
    Licensed Script
    Registrar TLD REGISTRAR SOLUTIONS LTD.
    Updated 2015-09-26
    Expire 2025-09-25
    NS NS1.HAWKHOST.COM NS2.HAWKHOST.COM
    NS1.HAWKHOST.COM NS2.HAWKHOST.COM


    Accept: PM

    Join here: https://dollarbill.biz/

              Brasoninv - Brasoninv.com   
    IPB Image

    I'm not admin here!
    QUOTE
    The modern financial market is presented to a wide choice of investment directions. However, only a small part of them is stable and can become a long - term source of profit and ensure the safety of financial assets. Undoubtedly, the real estate market is one of the most highly liquid and always demanded investment instruments.
    Investing in real estate, you can always calculate a stable income, even in periods of geopolitical instability and profound global crises. Despite the attractiveness of this area, a significant portion of private investors, who plan to work in this direction on their own, face a number of obstacles that lead to the failure.


    IPB Image

    20.5% - 25% Hourly For 5 Hours
    Plan Spent Amount ($) Hourly Profit (%)
    Plan 1 $1.00 - $1000.00 20.50
    Plan 2 $1001.00 - $1500.00 21.00
    Plan 3 $1501.00 - $2000.00 23.00
    Plan 4 $2001.00 - $2500.00 24.00
    Plan 5 $2501.00 - $5000.00 25.00

    9% - 20% Hourly For 12 Hours
    Plan Spent Amount ($) Hourly Profit (%)
    Plan 1 $1.00 - $2500.00 9.00
    Plan 2 $2501.00 - $5000.00 13.00
    Plan 3 $5001.00 - $7000.00 15.00
    Plan 4 $7501.00 - $10000.00 17.00
    Plan 5 $10001.00 - $15000.00 20.00

    135% - 300% After 3 Days
    Plan Spent Amount ($) Profit (%)
    Plan 1 $1.00 - $10000.00 135.00
    Plan 2 $10001.00 - $15000.00 150.00
    Plan 3 $15001.00 - $20000.00 200.00
    Plan 4 $20001.00 - $25000.00 250.00
    Plan 5 $25001.00 - $50000.00 300.00

    300% - 1200% After 7 Days
    Plan Spent Amount ($) Profit (%)
    Plan 1 $1.00 - $20000.00 300.00
    Plan 2 $20001.00 - $25000.00 500.00
    Plan 3 $25001.00 - $50000.00 750.00
    Plan 4 $50001.00 - $75000.00 1000.00
    Plan 5 $75001.00 - $100000.00 1200.00

    1000% - 6500% After 49 Days
    Plan Spent Amount ($) Profit (%)
    Plan 1 $1.00 - $50000.00 1000.00
    Plan 2 $50001.00 - $70000.00 2500.00
    Plan 3 $75001.00 - $100000.00 5000.00
    Plan 4 $100001.00 - $200000.00 6500.00

    QUOTE
    SSL Encryption
    DDos Protection
    Licensed Script
    Registrar NAMECHEAP INC
    Created 2017-05-27
    Expire 2018-05-27
    NS NS1.EDDOSPROTECTION.COM
    NS2.EDDOSPROTECTION.COM


    Accept: PM, Payeer, Bitcoin, Advcash

    Join here: https://brasoninv.com/

    Reduced Size Image

              ♪ “အင္တာနက္ မခ်ိတ္ဆက္ထားတဲ့ ကြန္ပ်ဴတာမ်ားကိုေတာင္ Hack ႏို္င္တဲ့ CIA” ♫   
    No automatic alt text available.

    Central Intelligence Agency (CIA) ဟာအင္တာနက္ ခ်ိတ္ဆက္ ထားျခင္းမရွိတဲ့ ကြန္ပ်ဴတာမ်ားကိုေတာင္ ဟက္ႏုိင္တယ္ဆိုတဲ့ သက္ေသအေထာက္အထားစာရြက္စာတမ္းမ်ားကို WikiLeaks က ျပသလိုက္ပါတယ္။ စုစုေပါင္းစာမ်က္ႏွာ ၁၅၀ ပါရွိၿပီးစီအိုင္ေအက Brutal Kangaroo အမည္ရ Malware နဲ႔ USB Drive ကိုအသံုးျပဳ၍ အင္တာနက္ မခ်ိတ္ဆက္ထားတဲ့ ကြန္ပ်ဴတာမ်ားကိုဟက္ႏုိ္င္တာ ျဖစ္ပါတယ္။

    WikiLeaks က Brutal Kangaroo ဟာကြန္ပ်ဴတာကြန္ရက္တစ္ခုအထဲမွာ လွ်ိဳ႕၀ွက္စြာ ေျခရာေဖ်ာက္ႏုိင္တဲ့အတြက္ ဟက္ရာမွာပိုမိုလြယ္ကူေစတယ္ လို႔ ေျပာပါတယ္။ ကြန္ပ်ဴတာကြန္ရက္ တစ္ခုအထဲမွ တစ္လံုးကို USB Drive ျဖင့္ ဗိုင္းရက္စ္ ကူးစက္ေစၿပီးေနာက္မွာအျခားကြန္ပ်ဴတာမ်ားကို ဗိုင္းရက္စ္က ကူးစက္ႏုိင္ပါတယ္။ Brutal Kangaroo က USB Thumb Drives မ်ားကိုအထူးဖန္တီးထားတဲ့ ဗိုင္းရက္စ္ လင့္္မ်ားျဖင့္ ကူးစက္ ေအာင္ ျပဳလုပ္တာ ျဖစ္ပါတယ္။

    Brutal Kangaroo မွာအစိတ္အပိုင္းေလးခု ပါ၀င္ပါတယ္။ အဲဒါေတြ ကေတာ့ Thumb Drive ကိုဗိုင္းရက္စ္ ကူးစက္ေစတဲ့ Drifting Deadline ၊ Thumb Drive မ်ားကိုအလိုအေလွ်ာက္ ဗိုင္းရက္စ္ ကူးစက္ေစၿပီး Server Tool ျဖစ္တဲ့ Shattered Assurance ၊ သတင္းအခ်က္အလက္မ်ားခိုးယူတဲ့ Broken Promise နဲ႔ ဗိုင္းရက္စ္ကိုအသက္ရွင္သန္ေအာင္လုပ္ေပးတဲ့ Shadow တို႔ ျဖစ္ပါတယ္။

    WikiLeaks က ယခင္ကလည္းစီအိုင္ေအရဲ႕ Sophisticated Software Tools နဲ႔ ပတ္သက္တဲ့ စာရြက္စာတမ္းမ်ားကိုဖြင့္ခ်ခဲ့ဖူးပါတယ္။ အဲဒီ ေဆာ့ဖ္၀ဲက နာမည္ႀကီး Messenger Apps အခ်ိဳ႕ရဲ႕ Encryption မ်ားကိုေက်ာ္ျဖတ္ႏုိင္ျခင္း၊ ကြန္ပ်ဴတာမ်ားကိုဟက္ႏုိင္ျခင္း၊ တီဗီကို မိုက္ကရိုဖုန္းအျဖစ္ အသြင္ေျပာင္းျခင္းစတာေတြကို ျပဳလုပ္ႏုိင္ပါတယ္။ 



    Mobile Guide Journal (Every Monday)
    https://www.facebook.com/officialmobileguidejournal








    <<<ေအာက္ကေၾကာ္ျငာကိုတစ္ခ်က္ေလာက္ႏွိပ္ခဲ့ေပးေစခ်င္ပါတယ္ဗ်ာ။ ကၽြန္ေတာ့္ကိုတစ္ဖက္တစ္လမ္းကကူညီရာေရာက္ပါတယ္ဗ်ာ။>>>

     
     
     
     
     
     
     
     
    www.pyaephyo.com

              Bluetooth Low Energy The Developer`s Handbook   
    Bluetooth Low Energy: The Developer's Handbook by Robin Heydon
    2012 | ISBN: 013288836X | English | 368 pages | EPUB + MOBI | 18 + 4 MB
    The First Complete Guide to Bluetooth Low Energy: How It Works, What It Can Do, and How to Apply It

    A radical departure from conventional Bluetooth technology, Bluetooth low energy (BLE) enables breakthrough wireless applications in industries ranging from healthcare to transportation. Running on a coin-sized battery, BLE can operate reliably for years, connecting and extending everything from personal area network devices to next-generation sensors. Now, one of the standard’s leading developers has written the first comprehensive, accessible introduction to BLE for every system developer, designer, and engineer.

    Robin Heydon, a member of the Bluetooth SIG Hall of Fame, has brought together essential information previously scattered through multiple standards documents, sharing the context and expert insights needed to implement high-performance working systems. He first reviews BLE’s design goals, explaining how they drove key architectural decisions, and introduces BLE’s innovative usage models. Next, he thoroughly covers how the two main parts of BLE, the controller and host, work together, and then addresses key issues from security and profiles through testing and qualification. This knowledge has enabled the creation of Bluetooth Smart and Bluetooth Smart Ready devices.

    This guide is an indispensable companion to the official BLE standards documents and is for every technical professional and decision-maker considering BLE, planning BLE products, or transforming plans into working systems.

    Topics Include
    BLE device types, design goals, terminology, and core concepts
    Architecture: controller, host, applications, and stack splits
    Usage models: presence detection, data broadcasting, connectionless models, and gateways
    Physical Layer: modulation, frequency band, radio channels, power, tolerance, and range
    Direct Test Mode: transceiver testing, hardware interfaces, and HCI
    Link Layer: state machine, packets, channels, broadcasting, encryption, and optimization
    HCI: physical/logical interfaces, controller setup, and connection management
    L2CAP: channels and packet structure, and LE signaling channels
    Attributes: grouping, services, characteristics, and protocols
    Security: pairing, bonding, and data signing
    Generic Access Profiles: roles, modes, procedures, security modes, data advertising, and services
    Applications, devices, services, profiles, and peripherals
    Testing/qualification: starting projects, selecting features, planning, testing, compliance, and more uploaded.net (epub)
    uploaded.net (mobi)
              Pay What You Want: White Hat Hacker 2016 Bundle for $1   
    Master Penetration Testing with 7 Courses (60+ Hours) on Hacking Node.js Apps, Windows OS, Wi-Fi Devices & More
    Expires October 08, 2017 23:59 PST
    Buy now and get 99% off

    The Complete Hacking Course: Go from Beginner to Advanced!


    KEY FEATURES

    This course is your introduction to white hat hacking, or testing methodologies designed to safeguard against security threats on a system. You'll learn to think and act like a malicious hacker, preemptively launching attacks they may perpetuate in order to prevent them. By mastering penetration testing techniques like attacking routers and cracking passwords, you'll not only learn how to identify security vulnerabilities--you'll learn a skill set coveted by many employers.
    • Master penetration testing & ethical hacking w/ over 25 hours of training and 108 lectures
    • Gain a valuable skill set to help companies test & enhance network security
    • Penetrate networks, exploit systems, break into computers & compromise routers
    • Understand key hacking concepts like white hat, gray hat & black hat hacking
    • Build your hacking environment by installing VirtualBox, setting up Kali Linux, etc.
    • Easily navigate the Linux terminal
    • Use Tor, ProxyChains & VPNs to stay anonymous and keep your activities covert
    • Steal data, attack routers, use SQL injections, etc.
    • Crack passwords, execute DoS attacks, gain remote control of devices & more

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Jerry Banfield has been an online entrepreneur since 2011, having served hundreds of clients in over 20 countries and managed billions of Facebook ads. He has learned how to drive large amounts of organic Google and YouTube traffic to his website, and teaches online courses sharing his experience with students worldwide. A member of the MENSA society, Jerry holds degrees from the University of South Carolina and the University of South Florida. For more details on the course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Learn Wi-Fi Hacking/Penetration Testing From Scratch


    KEY FEATURES

    Deep dive into penetration testing techniques designed to expose a Wi-Fi system's security weaknesses, helping you address them before external threats can target them. You'll learn how wired networks function and execute practical attacks against them, including creating fake access points, executing fragmentation attacks, and much more.
    • Master wi-fi hacking & penetration testing techniques w/ over 50 videos of instruction and 5 hours of content
    • Execute practical attacks against any wireless enabled device
    • Install Kali Linux & connect your Wi-Fi card to a virtual machine
    • Understand network concepts such as MAC addresses & wireless modes
    • Execute pre-connection attacks, gain network access & launch post connection attacks
    • Gather data w/ your wi-fi card, create a fake access point to attract users & more
    • Crack WEP/WPA/WPA2 encryption w/ fake authentication, fragmentation attacks, etc.
    • Use Netdiscover to find connected clients, gather info w/ Autoscan, etc.

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: beginner

    Compatibility

    • Internet required

    THE EXPERT

    Zaid Al-Quraishi is an ethical hacker, pentester, and programmer. He has extensive experience in ethical hacking and penetration testing, more specifically with regard to network security. Zaid started making video tutorials in 2009 for the ethical hacking website iSecuri1ty, and has also served as an editor, manager, and penetration tester for the company. He teaches mostly by example, specifically by first explaining the theory of each technique and then how it translates to a real-life situation. For more details on the course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Windows Exploit Development Megaprimer


    KEY FEATURES

    This course packs a punch for anyone interested in shoring up security for the latest Windows operating systems. You'll master effective penetration testing techniques including using debuggers, writing shellcodes, and creating exploits using the Egg Hunter program--invaluable knowledge for anyone who's a pentester by profession or personally interested in learning more about exploit development.
    • Learn different techniques for exploiting the Windows platform w/ over 15 lectures & 4 hours of content
    • Understand the protection mechanism of operating systems & bypass them
    • Write & execute exploits for the latest Windows operating systems
    • Read, comprehend & modify existing exploits
    • Learn stack based buffer overflow, write shellcodes & bypass memory protections
    • Use tools like debuggers, the Mona extension & more to execute exploit development
    • Learn advanced exploit development techniques: use Egg Hunter to write an exploit, bypass DEP using ROP Chains & more
    • Accrue an in-demand skill set for a career in pentesting, network administration, etc.

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: beginner

    Compatibility

    • Internet required
    • Working knowledge of Windows & Linux OS
    • Knowledge of scripting languages: Python, Perl, Ruby, etc.
    • Familiarity w/ command-line utilities
    • Knowledge of Assembly language basics

    THE EXPERT

    Ajin Abraham is an Application Security Engineer with 5+ years of experience, including 2 years of Security Research. He is passionate about developing new, unique security tools instead of using existing, potentially unreliable tools available today. Some of his hacking contributions include the OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), and Xenotix xBOT. He has also been invited to speak at notable security conferences, including ClubHack, NULLCON, OWASP AppSec AsiaPac, BlackHat Europe, and more. For more details on the course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Intensive Ethical Hacking Series


    KEY FEATURES

    Take another step closer towards an ethical hacking career by augmenting your pentesting knowledge with key techniques. You'll start by learning about networking concepts such as how protocols work, then master practical techniques such as using the Metasploit pentesting tool and bypassing Windows authentication schemas. By applying this theory to real-life scenarios throughout your lessons, you're certain to become a full-fledged ethical hacker in no time.
    • Learn to protect websites by understanding how attackers exploit them w/ 8 hours of content & 55 lectures
    • Set up your hacking environment: install VMware, Kali Linux, etc.
    • Understand networking concepts: protocols, Domain Name Systems & TCPs
    • Learn & apply key cryptography concepts
    • Conceal your activities using proxy servers & VPNs
    • Utilize the Metasploit pentesting tool to find & manage security issues
    • Learn about dangerous viruses such as remote access trojans & ransomwares
    • Hack Windows systems: bypass authentication schemas, create backdoors, etc.
    • Execute password attacks & breach firewalls

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: beginner

    Compatibility

    • Internet required

    THE EXPERT

    Zeal Vora works as a Cloud Security Engineer, and his domain of expertise lies in Linux & Information Security. He holds many professional certifications, including Certified Ethical Hacker, RedHat Certified Engineer, VMware Certified Associate for Cloud Computing, Data Center Virtualization, Workforce Mobility. Additionally, one of his passions is teaching, and he enjoys passing on his experience to other people, including through this online tutorial. For more details on the course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Ultimate Wi-Fi Hacking & Security Series


    KEY FEATURES

    Get another comprehensive look at security threats that may endanger wireless networks, and learn how to address them. Whether seeking to fortify home or corporate networks, you'll learn key techniques to help you address the security challenges of various wireless technologies, including but not limited to hacking SSIDs, deploying fake Wi-Fi devices, and much more.
    • Understand the security challenges of various wireless technologies w/ 4 hours of instruction & 24 lectures
    • Comprehend wireless security threats from an attacker’s perspective
    • Identify & neutralize threats that expose wireless technology
    • Learn how to attack WEP, WPA/WPA2, WPS & other systems
    • Hack hidden SSIDs & MAC filters
    • Create & deploy fake Wi-Fi devices, deploy a Wi-Fi jammer, etc.
    • Learn about coming developments in Wi-Fi security

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: beginner

    Compatibility

    • Internet required

    THE EXPERT

    Zeal Vora works as a Cloud Security Engineer, and his domain of expertise lies in Linux & Information Security. He holds many professional certifications, including Certified Ethical Hacker, RedHat Certified Engineer, VMware Certified Associate for Cloud Computing, Data Center Virtualization, Workforce Mobility. Additionally, one of his passions is teaching, and he enjoys passing on his experience to other people, including through this online tutorial. For more details on the course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Node.js Security: Pentesting & Exploitation


    KEY FEATURES

    A useful platform for building fast and scalable network apps, Node.js is enjoying widespread adoption by organizations everywhere. Therefore, it's imperative for developers to familiarize themselves with the security issues underlying Node.js apps. Start with this course: you'll learn a variety of pentesting and exploit development tools, such as how to execute a code review, implement secure code, and more.
    • Learn about & identify various Node.js security issues w/ 2 hours of content and 14 lectures
    • Understand the role of information disclosure in Node.js web apps
    • Execute code reviews of Node.js apps to secure them
    • Master use of the security analysis tool NodeJsScan
    • Address the vulnerabilities of insecure code
    • Add valuable skills to your pentesting arsenal

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Ajin Abraham is an Application Security Engineer with 5+ years of experience, including 2 years of Security Research. He is passionate about developing new, unique security tools instead of using existing, potentially unreliable tools available today. Some of his hacking contributions include the OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), and Xenotix xBOT. He has also been invited to speak at notable security conferences, including ClubHack, NULLCON, OWASP AppSec AsiaPac, BlackHat Europe, and more. For more details on the course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Cross Site Scripting (XSS) Attacks for Pentesters


    KEY FEATURES

    Finish up your pentesting journey by learning about Cross Site Scripting, or XSS. It's a computer security vulnerability that enables attackers to inject malicious script into Web apps to steal data and violate user privacy. You'll learn the theory behind how XSS functions, then practical XSS mitigation techniques you can apply to guard against attacks like keylogging, phishing, reverse TCP shell attacks, and much more.
    • Understand what XSS is & why it's important to address this common security vulnerability w/ 2 hours, 16 hours of content
    • Learn about different types of XSS: Reflected, Stored, DOM & more
    • Comprehend the different sources from which XSS originates
    • Understand the different contexts in XSS: HTML, attribute, etc.
    • Exploit XSS w/ the OWASP Xenotix XSS Exploit Framework
    • Master how to implement XSS protection

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Ajin Abraham is an Application Security Engineer with 5+ years of experience, including 2 years of Security Research. He is passionate about developing new, unique security tools instead of using existing, potentially unreliable tools available today. Some of his hacking contributions include the OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), and Xenotix xBOT. He has also been invited to speak at notable security conferences, including ClubHack, NULLCON, OWASP AppSec AsiaPac, BlackHat Europe, and more. For more details on the course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

              Essential Data Mastery Bundle for $39   
    Extract, Manipulate, Manage, Even Analyze Data Sets with 7 Courses & 36+ Hours of Instruction
    Expires June 02, 2018 23:59 PST
    Buy now and get 94% off

    Projects in MongoDB: Learn MongoDB Building 10 Projects


    KEY FEATURES

    MongoDB has quickly become one of the most popular NoSQL database solutions available, and will quickly enhance your ability to handle data with ease. With a document-based approach, MongoDB lets professionals model data however they prefer. While MySQL limits modeling to rows and columns, MongoDB is much more flexible, allowing developers to use a familiar programming language like Ruby, and a JSON format. What does this mean? Faster and more intuitive storage of data.
    • Utilize MongoDB to manage data more efficiently w/ over 67 lectures & 12 hours of content
    • Develop quickly w/ a document-based approach
    • Utilize JavaScript to communicate w/ MongoDB for faster development
    • Study best practices for NoSQL development
    • Get querying capabilities w/ the flexibility of storing data in an intuitive manner

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Eduonix creates and distributes high-quality technology training content. Their team of industry professionals has been training manpower for more than a decade. They aim to teach technology the way it's used in the industry and professional world. They have a professional team of trainers for technologies ranging from Mobility, Web and Enterprise, and Database and Server Administration. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Learning SQL, MySQL & Databases Is Easy


    KEY FEATURES

    Knowledge of SQL is an invaluable asset that can set you up for any tech-based career from web design to data analysis to quality assurance. Learn to store and manipulate data on multiple database systems from MySQL to Oracle for your own personal development, to start a new business, or to get a leg up on your coworker. You’ll be a competent database designer and query writer after watching these lectures.
    • Become a competent database designer & query writer w/ 57 lectures & 4 hours of content
    • Manipulate MySQL, SQL Server, Access, Oracle, Sybase, DB2 & other database systems w/ SQL
    • Master MySQL queries w/ an instructor that has managed databases at large companies
    • Advance your career w/ knowledge of databases
    • Add a valuable notch on your résumé when you complete the course

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Wil Tru has built technology and marketing programs for Fortune 500 companies, top websites, and starts ups alike. He has over 10 years' experience in business technology and marketing. He has worked in house and consulted for over 100 companies including AutoZone, Business(dot)com, AngiesList, CafePress, AutoAnything, WD40, Google, and Adobe. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    SQL Server Fast Track for Novices: Tables


    KEY FEATURES

    So you have a basic understanding of SQL, but you're ready to take your skills to the next level? This in-depth course is the perfect place to start. Get up to speed on proper table design, creation, scripting, and management, and start executing simple TSQL statements. With real world examples of Stored Procedures, you'll understand the importance of production database development in your industry and beyond.
    • Take your SQL skills to the next level w/ over 37 lectures & 2 hours of content
    • Design, build, manage & maintain a wide variety of database tables
    • Learn to streamline functions like INSERT, UPDATE & DELETE
    • Access real world examples
    • Download included Stored Procedures
    • View several code examples of simultaneous techniques in action
    • Learn how mastering SQL Server can boost your career

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Dave Merton is a software developer, troubleshooter, problem solver, software trainer, author, and entrepreneur. For the past 20 years, he's been designing high-end custom software. In addition to software development, Dave has personally instructed hundreds of individuals in programming. He has trained several persons in VB skills, one-on-one as well as in larger groups for both VB and SQL Server. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Taming Big Data with MapReduce & Hadoop


    KEY FEATURES

    Big data is hot, and data management and analytics skills are your ticket to a fast-growing, lucrative career. This course will quickly teach you two technologies fundamental to big data: MapReduce and Hadoop. Learn and master the art of framing data analysis problems as MapReduce problems with over 10 hands-on examples. Write, analyze, and run real code along with the instructor– both on your own system, and in the cloud using Amazon's Elastic MapReduce service. By course's end, you'll have a solid grasp of data management concepts.
    • Learn the concepts of MapReduce to analyze big sets of data w/ over 56 lectures & 5.5 hours of content
    • Run MapReduce jobs quickly using Python & MRJob
    • Translate complex analysis problems into multi-stage MapReduce jobs
    • Scale up to larger data sets using Amazon's Elastic MapReduce service
    • Understand how Hadoop distributes MapReduce across computing clusters
    • Complete projects to get hands-on experience: analyze social media data, movie ratings & more
    • Learn about other Hadoop technologies, like Hive, Pig & Spark

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Frank Kane spent 9 years at Amazon and IMDb, developing and managing the technology that automatically delivers product and movie recommendations to hundreds of millions of customers, all the time. Frank holds 17 issued patents in the fields of distributed computing, data mining, and machine learning. In 2012, Frank left to start his own successful company, Sundog Software, which focuses on virtual reality environment technology, and teaching others about big data analysis. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Collect, Extract & Use Online Data Quickly and More Easily


    KEY FEATURES

    Once you’ve got the data basics down, it’s time you learn to extract the data you need, when you need it. Learn how with Kathleen Farley’s course, which takes you through hands-on exercises and real world examples. With 13 short tutorials that teach you a variety of data extraction methods, you’ll be able to efficiently collect useful information in the correct formats with the best tools available.
    • Study a variety of data extraction methods w/ 13 lectures & 1.5 hours of content
    • Take screenshots & PDFs of any website
    • Use OCR to extract text from scanned documents or images
    • Quickly take text from website to spreadsheet
    • Create organized tables from web data
    • Take advantage of relational databases by collecting the data you need
    • Automate online data retrieval tasks without writing code
    • Collect & extract data in the formats you need
    • Access course material when you want a refresher w/ lifetime access

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required
    • Spreadsheet software such as Microsoft Excel, LibreOffice, or OpenOffice

    THE EXPERT

    Kathleen Farley is a computer geek, teacher, learner, vinyl junkie, hockey fan, and recovering non-profit executive. Occasionally she breaks (and fixes) computers. Not necessarily in that order. The Montreal-born technologist trained as an audio engineer before moving to Hamilton, Canada in 2007. She now runs Maisonneuve Music, a Hamilton-based independent record label. She's also the co-founder of Audiohackr, a startup that helps indie musicians, producers, and DIY labels make the most of technology. Kathleen produces technology training videos under the moniker Robobunnyattack! For more details on this course and instructor, click here.

    Beginner's Guide to PostgreSQL


    KEY FEATURES

    With an ever-increasing focus on big data and cloud-based initiatives, it's time you learn to work effectively with data. Start the route to PostgreSQL expertise with this extremely approachable beginner’s guide. You’ll learn basic database concepts like creating tables and manipulating data—a great baseline to use with any modern database systems—before moving on to using the open-source relational database PostgreSQL. You’ll get all the nitty-gritty on what SQL is, and how to use it in real world applications.
    • Gain an understanding of database concepts w/ 70 lectures & 6 hours of instruction
    • Learn the written language used to communicate w/ databases
    • Get a step-by-step look at how a database is structured
    • Learn how to install PostgreSQL
    • Insert & manipulate data w/ PostgresSQL
    • Write SQL queries
    • Get an introduction to data w/ an approachable class meant for all levels

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: beginner

    Compatibility

    • Internet required

    THE EXPERT

    Miguel Alho, developer and owner of Miguel Alho-Multimedia, runs a web-based software development company (mainly .NET based) building HRIS (Human Resource Information Systems) software for HR teams. He’s also been employed as a teacher to seventh and eighth graders in Tech. Ed. classes, and voluntarily accepts 12th grade internships of IT students through local schools. He is experienced with developing customized software, service, and database solutions for businesses. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    MySQL Database Training for Beginners


    KEY FEATURES

    MySQL is an incredibly popular database solution utilized by companies worldwide - and mastering it is beneficial to anyone in the tech industry. Beginning with the fundamentals, this course will teach you to design and administer a database with practical lectures.
    • Master MySQL w/ over 41 lectures & 5.5 hours of content
    • Install MySQL & study the architecture
    • Discover critical concepts for designing a database
    • Administer a database by limiting access, creating users, performing database backup & monitoring performance
    • Learn SQL for developers, database replication, data encryption & more
    • Use indexing for database performance
    • Understand query analysis & optimization

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Since 2008, individuals, small businesses, and Fortune 500 companies with thousands of employees have benefited from the easy and hands-on software training offered by Simon Sez IT. With 70+ courses and 3,500+ video tutorials on a range of software programs, Simon Sez IT ensures stress-free e-learning and enhanced employee productivity - whether you're implementing new software or a technological upgrade for your workplace. With over 225,000 Udemy students in over 180 countries, Simon Sez IT is the preferred e-learning choice for individuals and businesses everywhere. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

              Pay What You Want: JavaScript Development Bundle for $1   
    Master This Popular Language with 10 Courses (+ 2 Bonus Courses) on Dev Frameworks, Database Management & More
    Expires November 13, 2017 23:59 PST
    Buy now and get 99% off

    Learn MeteorJS By Building 10 Real World Projects


    KEY FEATURES

    Meet Meteor.js: a powerful JavaScript framework that enables you to develop powerful, production-grade apps across Web and mobile. With Meteor, you'll have the libraries and tools you need to turn your idea into a live product in no time. You'll complete 10 real projects in this course--including a to-do app and product review app--and will emerge a far more effective JavaScript developer than you ever thought possible.
    • Master use of Meteor.js to quickly build Web & mobile apps
    • Cement your knowledge w/ 10 projects, including a product review app & custom login system
    • Easily navigate Meteor using the command line tool
    • Use the Cordova integration to create mobile apps corresponding w/ your Web app
    • Understand how to craft & implement a UI
    • Build a wide range of features ranging from login systems to post creation mechanisms
    • Deploy your fully finished apps for use

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels
    Projects included:
    • Project 1: myTodos App
    • Project 2: Microposts
    • Project 3: FAQ Component
    • Project 4: Spatit Product Reviews
    • Project 5: Custom Login System
    • Project 6: Helptickets
    • Project 7: WebPlans
    • Project 8: Codefolio
    • Project 9: PhotoStory
    • Project 10: TechMeetups App

    Compatibility

    • Internet required

    THE EXPERT

    Eduonix creates and distributes high-quality technology training content on the web! Their team of industry professionals have been training manpower for more than a decade, and aim to teach technology the way it’s used in the professional world. They have a professional team of trainers for technologies ranging from mobility to web to enterprise to database and server administration. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Projects in ExpressJS - Learn ExpressJs Building 10 Projects


    KEY FEATURES

    Express.js is a powerful JavaScript framework that allows developers to efficiently approach back-end development. Built on the Node.js runtime environment, it's widely used by developers due to its minimalism and ease of use, and is utilized in many Web apps today.
    • Master Express.js by completing 10 Web apps
    • Gain the skills to build single page, multi-page & hybrid Web apps
    • Use the full MEAN stack: Express.js, MongoDB, Angular.js & Node.js
    • Learn to use a number of other Web dev technologies: Mongoose, Passport API, SocketIO, Mean.js, Kraken.js, Mongoose & CouchDB
    • Delve into important back-end development concepts
    • Understand general principles transferrable to other app development projects

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels
    Projects included:
    • Project 1: HTTP server
    • Project 2: Computer repair business website
    • Project 3: Sports blog application
    • Project 4: User login system
    • Project 5: Chat application
    • Project 6: Client management app
    • Project 7: Job board
    • Project 8: Movie listing app
    • Project 9: Instagram app
    • Project 10: Business directory

    Compatibility

    • Internet required

    THE EXPERT

    Eduonix creates and distributes high-quality technology training content on the web! Their team of industry professionals have been training manpower for more than a decade, and aim to teach technology the way it’s used in the professional world. They have a professional team of trainers for technologies ranging from mobility to web to enterprise to database and server administration. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Mastering D3 & Rapid D3


    KEY FEATURES

    These two courses will walk you through the D3.js and Rapid D3.js frameworks, both of which are powerful tools for generating data visualizations from spreadsheet data. You’ll dive into the logic behind data visualization and understand which types of graphs or charts are most effective for different kinds of projects. Before you know it, you'll be turning out visualizations that don't just look sleek and stunning, but also display your data in the most effective way possible.
    • Use the D3.js & Rapid D3.js frameworks to turn spreadsheet data into data visualizations
    • Set up your development environment
    • Prep your raw data for ingestion by parsing & cleaning it
    • Create different kinds of visualizations: histograms, pie charts & more
    • Label your visualization so that it clearly & accurately displays your data
    • Make your visualization responsive by adding animations & user interactions
    • Add extra features using libraries like Bootstrap, Figue & Lo-dash
    • Debug your code & ensure it executes seamlessly
    • Render your visualization so that it looks sleek & easy to read
    • Understand the principles underlying good visualization & information design

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Over the past 10 years, Packt Publishing has developed an extensive catalogue of over 3000 books, e-books, and video courses aimed at keeping IT professionals ahead of the technology curve. From new takes on established technologies through to the latest guides on emerging platforms, topics and trends – Packt’s focus has always been on giving customers the working knowledge they need to get the job done. For more details on the courses and instructor, click here and here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    3D Programming with WebGL & Babylon.js for Beginners


    KEY FEATURES

    Take your JavaScript expertise to the next level with WebGL, an API that allows you to render 3D images in your browser without plugins. Used in conjunction with the Babylon.js library, WebGL will allow you to integrate stunning, interactive images in everything from apps to games and much more.
    • Master 3D programming w/ over 18 lectures & 2 hours of content
    • Understand the basics of 3D programming
    • Render scenes, meshes, materials, textures & lights
    • Work w/ cameras to get your desired effects
    • Include mobile support for your rendered images
    • Create stunning environments w/ skyboxes
    • Add Babylon.js apps to existing websites

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: intermediate

    Compatibility

    • Internet required
    • Basic HTML & JavaScript knowledge required
    • Installed local web server required (to run course examples)
    • Code editor required

    THE EXPERT

    Pablo Navarro is the founder of ZENVA, as well as a web and mobile app developer and entrepreneur. Besides teaching courses on how to create games, apps, and websites to over 85,000 students, Pablo has created content for companies such as Amazon and Intel. Pablo holds a Master ofInformation Technology (Management) degree from the University of Queensland (Australia) and a Master of Science in Engineering degree from the Catholic University of Chile. For more details on the course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Learn JavaScript Server Technologies From Scratch


    KEY FEATURES

    Consider this course a one-stop training program to turn you into an undisputed JavaScript master. You’ll dip your toes into the most popular JavaScript technologies today, including powerful frameworks such as Node.js and Angular.js. By course’s end, you’ll have added some serious firepower to your web dev repertoire, as well as your employability and earnings potential.
    • Easily build both server & client systems w/ one language
    • Add some of the most desired technical skills to your resume
    • Get a refresher on basic JavaScript: variables, conditionals, functionals & more
    • Use the jQuery library to easily create Web pages & apps
    • Master a number of powerful frameworks, including Node.js, Express.js, Backbone.js, Angular.js & Ember.js
    • Acquire a highly sought-after skill set to increase your attractiveness to employers everywhere

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Eduonix creates and distributes high-quality technology training content on the web! Their team of industry professionals have been training manpower for more than a decade, and aim to teach technology the way it’s used in the professional world. They have a professional team of trainers for technologies ranging from mobility to web to enterprise to database and server administration. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Projects in JavaScript & JQuery


    KEY FEATURES

    JavaScript may enable developers to quickly build robust, scalable apps, but the jQuery library further expedites JavaScript Web development by simplifying client-side HTML scripting. This course will acquaint you with this dynamic duo, walk you through 10 projects encompassing everything from YouTube API integration to content slider creation, and teach you the art of crafting dynamic, feature-rich apps without breaking a sweat.
    • Master JavaScript & jQuery by building working apps & features
    • Utilize supplementary languages & technologies: HTML5, CSS3, GitHub, etc.
    • Craft statements using variables, loops, arrays & more
    • Build interactive features such as content, accordion & Apple-style image sliders
    • Use the YouTube Data API w/ the “search . list’ method & the FancyBox lightbox script
    • Create a plugin & upload it to the jQuery.com plugin registry
    • Use the jQuery Mobile framework to craft a mobile app

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels
    Projects included
    • Project 1: Simple JavaScript Quiz
    • Project 2: jQuery Content Slider
    • Project 3: YouTube Search Engine
    • Project 4: FAQ Accordion Slider
    • Project 5: Ajax PHP Shoutbox
    • Project 6: Apple Style Thumbslider
    • Project 7: Create a jQuery Plugin
    • Project 8: jQuery Portfolio Gallery
    • Project 9: jQuery Mobile App
    • Project 10: Tic Tac Toe

    Compatibility

    • Internet required

    THE EXPERT

    Eduonix creates and distributes high-quality technology training content on the web! Their team of industry professionals have been training manpower for more than a decade, and aim to teach technology the way it’s used in the professional world. They have a professional team of trainers for technologies ranging from mobility to web to enterprise to database and server administration. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Learn NodeJS by Building 10 Projects


    KEY FEATURES

    Further strengthen your JavaScript skills with Node.js, an open source cross-platform environment for creating server-side and network apps. This course will walk you through 10 projects through which you'll gain practical experience in a number of important Node.js technologies, including HTML, CSS, NoSQL, and much more. By the time you're finished, you'll know all you need to create Web apps that are lightweight and highly scalable.
    • Gain experience in Node.js by completing 10 projects
    • Learn about a number of different Web technologies: HTML, CSS, NoSQL & more
    • Quickly & easily create lightweight, highly scalable Web apps
    • Dive into both front-end & back-end development principles
    • Design & build user interfaces for different apps
    • Implement different features including password encryption, user registration, etc.
    • Add a valuable skill set to your development repertoire

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels
    Projects included:
    • Project 1: SImple Web Server
    • Project 2: Basic Express Website
    • Project 3: User Login System
    • Project 4: Node Blog System
    • Project 5: Community Events
    • Project 6: Bookstore
    • Project 7: ChatIO
    • Project 8: FindaDoc Directory
    • Project 9: Portfolio App
    • Project 10: eLearning System

    Compatibility

    • Internet required

    THE EXPERT

    Eduonix creates and distributes high-quality technology training content on the web! Their team of industry professionals have been training manpower for more than a decade, and aim to teach technology the way it’s used in the professional world. They have a professional team of trainers for technologies ranging from mobility to web to enterprise to database and server administration. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

    Learn Apache Cassandra from Scratch


    KEY FEATURES

    When it comes to storing and manipulating large quantities of data, Apache Cassandra is the go-to database management system. It’s designed to operate across many servers, meaning you can still access your data with no problem if a server fails. In learning how to use this increasingly popular NoSQL system, you'll supercharge your JavaScript knowledge and add an invaluable skill to your web development repertoire.
    • Get an overview of basic Cassandra concepts
    • Install Cassandra onto your computer
    • Seamlessly navigate Cassandra’s data model
    • Use CQL to insert, select, update, alter & delete data
    • Build tables & utilize queries
    • Craft server-side web apps w/ Node.js
    • Select, display, add & update users

    PRODUCT SPECS

    Details & Requirements

    • Length of time users can access this course: lifetime access
    • Access options: web streaming, mobile streaming
    • Certification of completion not included
    • Redemption deadline: redeem your code within 30 days of purchase
    • Experience level required: all levels

    Compatibility

    • Internet required

    THE EXPERT

    Eduonix creates and distributes high-quality technology training content on the web! Their team of industry professionals have been training manpower for more than a decade, and aim to teach technology the way it’s used in the professional world. They have a professional team of trainers for technologies ranging from mobility to web to enterprise to database and server administration. For more details on this course and instructor, click here. This course is hosted by StackSkills, the premier eLearning destination for discovering top-shelf courses on everything from coding—to business—to fitness, and beyond!

              VeraCrypt 1.20   

    VeraCrypt 1.20 VeraCrypt is a free disk encryption software program based mostly on TrueCrypt. It provides enhanced safety to the algorithms used for system and partitions encryption making it proof against new developments in brute-force assaults. For instance, when the system partition is encrypted, TrueCrypt makes use of PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt […]

    The post VeraCrypt 1.20 appeared first on ZetFile.


              IT Services Specialist II - Electronic Arts - Redwood City, CA   
    MS Offce Suite, MS Visual Studio, Skype for Business, Oracle, OKTA, Adobe Suite, Cisco VPN, Virtual Machines, Data Encryption, Python, Tableau, Slack, Box, Maya...
    From Electronic Arts - Tue, 13 Jun 2017 05:11:07 GMT - View all Redwood City, CA jobs
               AMD presenta i processori Ryzen PRO destinati al mondo professionale    
    Com'è noto, AMD è finalmente tornata a sfidare Intel 'a tutto campo'. Oltre ai processori per il mondo 'consumer', AMD ha presentato le CPU Epyc destinate ai server (AMD aggredisce il mercato server con i nuovi processori Epyc 7000) ed è di oggi la notizia del lancio dei nuovi Ryzen PRO destinati al mercato business.

    Tre le famiglie che raccolgono i processori Ryzen: Ryzen 3 PRO, Ryzen 5 PRO e Ryzen 7 PRO. Le varie CPU sono al momento sei, con 4, 6 o 8 core.


    I Ryzen 7 PRO dispongono di 4 MB di cache L2 e di 16 MB di cache L3; i Ryzen 5 PRO di 3 MB e 16 MB; i Ryzen 3 PRO 2 MB e 8 MB. Questi ultimi sono quad-core senza il supporto per il multi-threading.

    Sul versante della sicurezza i Ryzen PRO sfruttano la tecnologia Transparent Secure Memory Encryption (TSME), fatta derivare da Secure Memory Encryption (SME).
    I processori supportano anche Secure Boot, Content Protection, fTPM 2.0, Microsoft Device Guard e così via.

    AMD assicura che i processori Ryzen PRO rimarranno in produzione per almeno 24 mesi e che le società partner offriranno una garanzia di tre anni.

    Maggiori informazioni sui nuovi processori AMD saranno diffuse il prossime 29 agosto..
              Penetration Testing Bootcamp   

    Sharpen your pentesting skill in a bootcamp About This Book Get practical demonstrations with in-depth explanations of complex security-related problems Familiarize yourself with the most common web vulnerabilities Get step-by-step guidance on managing testing results and reporting Who This Book Is For This book is for IT security enthusiasts and administrators who want to understand penetration testing quickly. What You Will Learn Perform different attacks such as MiTM, and bypassing SSL encryption Crack passwords and wireless network keys with brute-forcing and wordlists Test web applications for vulnerabilities Use the Metasploit Framework to launch exploits and write your own Metasploit modules Recover lost files, investigate successful hacks, and discover hidden data Write organized and effective penetration testing reports In Detail Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing. This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test. In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing. Style and approach This book is delivered in the form of a 10-day boot camp style book. The day-by-day approach will help you get to know everything about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits. Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com . If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.


              NC4 PANTAU RAPI SERANGAN TERKINI SIBER   

    Dalam group wassap masih tular isu serangan NotPetya Ransomware yang sedang melanda negara-negara di Eropah. Bagi negara Malaysia, ianya sedang dikawal dan dipantau oleh pasukan NC4.

    Majlis Keselamatan Negara (MKN) melalui Pusat Kawalan dan Penyelarasan Siber Negara (National Cyber Coordination and Command Centre (NC4)) kini sedang memantau rapi situasi ancaman serangan siber NotPetya Ransomware iaitu sejenis perisian komputer merbahaya yang sedang berlaku secara berleluasa di seluruh dunia terutama di Eropah sejak seminggu yang lalu.

    Ransomware ini merupakan sejenis perisian merbahaya yang menyekat akses kepada komputer yang dijangkitinya menggunakan kaedah penyulitan (encryption) dan menuntut wang tebusan sebagai syarat untuk membenarkan akses semula kepada komputer tersebut. Ianya menggunakan kod ransomware Petya yang telah diwujudkan pada tahun 2016 yang telah diubah suai sepertimana kaedah yang digunakan oleh ransomware Wannacry.

    Bagi insiden serangan ini, ia mengeksploit komputer yang mengguna pakai perisian Microsoft Windows yang tidak dikemaskini dengan patches terkini. Seterusnya wang tebusan dalam bentuk Bitcoin (iaitu sejenis matawang digital) dituntut daripada mangsa sebagai syarat untuk mendapatkan semula akses kepada komputer mereka bagi mendapatkan kunci melalui alamat email wowsmith123456@posteo.net. Walau bagaimanapun, pembekal perkhidmatan email Posteo telah menyekat akaun email tersebut yang menghalang mangsa mendapatkan kunci yang dihantar. Sehubungan itu, mangsa disarankan supaya tidak membuat sebarang bayaran.

    Sehingga kini, pelbagai sektor dan perkhidmatan kritikal seperti sektor Kerajaan, tenaga, pengangkutan, komunikasi, kesihatan dan perbankan telah dijangkiti oleh serangan ini yang melibatkan 13 buah negara iaitu Ukraine, Rusia, Britain, Netherlands, Sepanyol, Perancis, Itali, Denmark, Poland, Norway, Amerika Syarikat, India dan Australia.

    Sumber NC4 menyatakan bahawa tiada sebarang insiden yang signifikan dikesan atau dilaporkan di Malaysia buat masa ini. Walau bagaimanapun, Malaysia juga berpotensi untuk mengalami serangan ini dan kini dalam fasa berjaga-jaga. Agensi- agensi Infrastruktur Maklumat Kritikal Negara (Critical National Information Infrastructure (CNII)) telah di nasihatkan supaya mengambil langkah-langkah perlindungan melalui advisories yang telah diedarkan.

    Pengguna komputer dinasihatkan supaya mengemaskini sistem pengoperasian windows, perisian anti-virus, membuat salinan fail-fail penting serta tidak membuka email yang diragui. Syarikat-syarikat kecil dan orang ramai juga boleh mendapatkan panduan berkaitan di http://www.nc4.gov.my/alert_advisory_public

              MarshallSoft dBase AES Library 4.1   
    Visual dBase 256-bit AES encryption library
              Mandatory TLS Connection for XMPP   


    Although, according to RFC7590 “Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)”, TLS was recommended for XMPP connection. But it is not mandatory. Despite the consensus to switch XMPP on mandatory encryption reached by XMPP communities on 2014, there are still some XMPP service providers support non-encrypted connection as a fallback along with TLS.
    This will probably lead to some security risks. For example, in some cases, certain client will try to connect server automatically without any encryption when they failed to enable TLS. But user is usually not noticed, or even have no idea about what is TLS. And next, all the messages will deliverd by cleartext through the network.
    xmpp.jp once deal with the connection like that. We tried to contact their administrator on the early of this year, to require switch to the mandatory TLS. We got the reply message on 16 Mar 2017. They promised to change settings at next maintenance.
    On 29th Apr, we found there is a service outage due to maintenance. But it still allow non-TLS login and communication after service coming back. We contact them again with email and got feedback message immediately, in which they explained that the switch will happened in one week as the plan.
    On 08 May 2017, we experienced another round of service down. Then we found xmpp.jp had already switched to mandatory TLS connection, which was confirmed by testing with Psi+. At the same time, the administrator sent us a message - “done.”, and we replied to show our thanks.
    By that time, the task has been finished. It is really a smooth and pleasure communitcation, although the duration of whole process is a little bit long.
    We will engage in more promotion actions in future to keep improving the security of free software related services by finding potential weakness, and then trying to get connection with service providers.

    中文版

    安全促进行动:XMPP 服务的强制 TLS 连接

    虽然依据 RFC7590 “传输层安全协议 (TLS)在可扩展消息及表示协议(XMPP)中的使用“,TLS 已成为 XMPP 的推荐 连接方式,但其并非是强制的。尽管 XMPP 社区已于2014年达成了切换至强制加密 的共识,但仍有一些 XMPP 的服务提供商在支持 TLS 的同时支持非加密连接, 以作为备用连接方式。
    这种行为有可能导致一些安全风险。例如,特殊情况下,某些特定的客户端 会在无法启用 TLS 的情况下,自动尝试使用非加密方式连接服务器。而用户通常 并不会的到任何提示,甚至不知道 TLS 为何物。接着,所有的信息将通过明文 在网络中传递。
    xmpp.jp 曾使用此方式处理通信连接。我们在年初曾尝试联系其管理员,请求 将服务切换到强制 TLS 模式。我们在2017年3月16日收到回复,其承诺将于 下次例行维护时修改设置。
    2017年4月29日,我们注意到一次由于例行维护导致的服务下线。但是服务恢复后, 服务器仍然允许非 TLS 登录和通讯。我们再次通过邮件方式联系其管理员,并 迅速得到反馈,称按原先计划将于一周之内进行切换。
    2017年5月8日,我们经历了另一轮的服务下线。之后便发现 xmpp.jp 已切换到 了强制 TLS 连接模式。通过使用 Psi+ 客户端进行测试证实了这点。与此同时, 收到管理员的来信 - “done.”,我们回复表示了感谢。
    至此为止,任务完成。这是一次愉快且顺利的沟通,虽然整个过程所经历的 时间略长。
    我们将于未来更多的投入到与自由软件相关服务的安全推广行动之中。寻找 潜在的安全缺陷,之后尝试联其系服务提供商解决问题.
    from https://hardenedlinux.github.io/security-promotion/2017/05/26/security-promotion-mandatory-tls-connection-for-xmpp.html

              Hourlycool - Hourlycool.com   
    IPB Image

    I'm not admin here!
    QUOTE
    Hello, dear users. Our investment company Hourlycool.com offers you a unique view of earnings. You will not need to do anything, just invest in our own Forex trading and make profits. We give you 100% assurance in hourly profit. You can dramatically change your life, just joined with us. Just make deposit into your account and watch the growth of profits. Does Hourlycool pay referral commissions to people who do not have active investments to their accounts? No, Hourlycool.com believe that in order for promoters to really refer investors to us, they must first experience what Hourlycool is all about, therefore, we require everyone to be active depositors before getting rewarded for their referrals. Please do not ask us for custom referral commissions because we have our fair terms and conditions regarding this matter


    IPB Image

    4% Hourly for 33 Hours
    Plan Spent Amount ($) Hourly Profit (%)
    Plan 1 $3.00 - $450.00 3.25
    Plan 2 $451.00 - $1000.00 3.50
    Plan 3 $1001.00 - $2000.00 3.80
    Plan 4 $2001.00 - $5000.00 4.00

    130% after 1 day
    Plan Spent Amount ($) Profit (%)
    Plan 1 $10.00 - $450.00 106.00
    Plan 2 $451.00 - $1000.00 113.00
    Plan 3 $1001.00 - $2000.00 121.00
    Plan 4 $2001.00 - $5000.00 130.00

    200% After 3 Days
    Plan Spent Amount ($) Profit (%)
    Plan 1 $450.00 - $1000.00 150.00
    Plan 2 $1001.00 - $2000.00 175.00
    Plan 3 $2001.00 - $5000.00 200.00

    600% after 7 days
    Plan Spent Amount ($) Profit (%)
    Plan 1 $500.00 - $1000.00 250.00
    Plan 2 $1001.00 - $2000.00 400.00
    Plan 3 $2001.00 - $5000.00 600.00

    VIP I 1000% After 10 Days
    Plan Spent Amount ($) Profit (%)
    Plan 1 $300.00 - $1000.00 500.00
    Plan 2 $1001.00 - $2000.00 800.00
    Plan 3 $2001.00 - $5000.00 1000.00

    QUOTE
    SSL Encryption
    DDos Protection
    Licensed Script
    Registrar ENOM, INC.
    Created 2016-09-05
    Expire 2017-09-05
    NS DNS1.REGISTRAR-SERVERS.COM DNS2.REGISTRAR-SERVERS.COM
    NS1.REGISTRAR-SERVERS.COM DNS2.REGISTRAR-SERVERS.COM


    Accept: PM, Payeer, Bitcoin, Advcash

    Join here: https://hourlycool.com/

    Reduced Size Image
              VMware Tackles HCI Security with Unique Software-Defined Encryption   
    Building a Secure Private Cloud with VMware vSAN Hyper Converged Architecture A financial firm recently shared with us that it was fending off 10,000 unauthorized hacking attempts per day.  A hospital shared their need to comply with the latest privacy regulations, and a transportation firm explained how decommissioned hard disk drives needed to be physically […]
              IT Services Specialist II - Electronic Arts - Redwood City, CA   
    MS Offce Suite, MS Visual Studio, Skype for Business, Oracle, OKTA, Adobe Suite, Cisco VPN, Virtual Machines, Data Encryption, Python, Tableau, Slack, Box, Maya...
    From Electronic Arts - Tue, 13 Jun 2017 05:11:07 GMT - View all Redwood City, CA jobs
              POODLE Security Vulnerability Breaks SSLv3 Secure Browsing   
    When you access high profile sites and services such as your bank, Twitter or Google you typically access sites using https:// or a feature called SSL (secure sockets layer) but a new security defect could break that open. SSL or TLS (Transport Layer Security) provides encryption to protect your information [...]
              TrueCrypt Is Back, But Should It Be?   
    Last week I wrote about the suspicious and abrupt announcement that TrueCrypt, a popular free open source encryption solution, was being abandoned and is considered “harmful and no longer secure”. In the article I covered the potential motives for this including the technical challenges with producing full disk encryption on [...]
              Open Source Crypto TrueCrypt Disappears With Suspicious Cloud Of Mystery   
    Encryption is a silent, unsung hero of our modern connected society . From protecting your sensitive details when you log on to Internet banking to protecting data on your laptop or mobile phone if it is lost or stolen, ‘crypto’ (the oft used shortened version of cryptography which includes the [...]
              Heartbeat Heartbleed Bug Breaks Worldwide Internet Security Again (And Yahoo)   
    If you are looking for tips on how to handle Heartbleed take a look at my other blog post here. Every day you use encryption technology to protect your data, your applications and online services .Most of the time most people are blissfully unaware it is even happening. Whether you [...]
              Folder Lock 7.7.0 Free Download   
    Folder Lock 7 – Folder Lock protects files in Windows, DOS, and Safe modes, even when you change your OS or boot from a disk. Folder Lock doesn’t let you delete its own program folder, and it can’t be uninstalled without the correct password. Additional options include Stealth Mode, Hacker Attempt Monitoring, Shred files, AutoLock, Auto Shutdown PC, Lock your PC, Erase PC tracks, 256-bit Blowfish Encryption and Context Menu in Explorer.


    Features of Folder Lock 7

    • Encrypt Files. Encrypt your personal files using 256-bit on-the-fly encryption technology totally dynamic and fool-proof.
    • Backup Online. Backup all your encrypted files automatically to an online storage and easily restore it back.
    • Protect USB / CD. Convert your encrypted storages into executables and take your portable drives anywhere.
    • Lock Files. Protect important files from unwanted access by blocking visibility or accessto files, folders and drives.
    • Make Wallets. Store sensitive information in encrypted form. A safe haven for private info like Credit Cards and Bank Accounts.
    • Shred Files. Shred and permanently delete restorable files, folders and drives and even empty hard drive space.
    • Stealth Mode. Run Application in complete Stealth. Don’t let anyone know you ever installed Folder-Lock on your PC.
    • Hack Security. Don’t let hackers use dictionary attacks. Monitor, control and perform actions on incorrect password attempts.
    • Password Security. Restrict access to various parts of the application with use of admin level master password.
    • Auto Protection. Set inactivity based security policy in order to secure everything when you’re away from your PC.
    • Folder Lock works under all flavors of 32-bit and 64-bit versions of Windows XP, Vista, Windows 7, Windows 8/8.1 and Windows 10.

    Software Information
    Title: Folder Lock v7.7.0
    License: ShareWare
    Language: Multi
    OS: Windows






    Tags:  folder lock software, folder lock for windows 7, folder lock for windows 10, folder lock for windows pc, folder locker, folder locker full version, folder lock full version, folder lock for windows 10, folder lock free download full version, folder lock windows 8, folder lock app, folder password, folder lock serial key, folder lock crack, Lock folder without any software, folder lock software for windows 10, folder lock software free download full version, folder locker, folder lock for windows 8, download folder lock full version, folder lock app for windows 10, folder lock for windows 7 free download full version with key, best folder lock software, How To Password Protect a Folder in Windows 10, Download Folder Lock, Folder Lock - Free download and software reviews, Download Folder Lock - latest version, How to Lock Folders in Windows 10, Lock and Hide Folder, 6 best file and folder locker tools and software for Windows 10, 10 best file and folder locker tools and software, folder lock free download full version, download folder lock full version, folder lock for windows 8, folder lock free download full version for windows 7 with key, folder lock full version free download with serial key, best folder lock software, folder lock serial key,

              Smack OMEMO SQLite Store implementation and OmemoManager#regenerate() support   

    aTalk has just completed its SQLite store implementation for use in smack Omemo chat support. During the course of testing, need clarifications on some of my observations.

     

    If I performed an omemoManager.regenerate() on an account, I observed the following and with the error log attached below:

    #1: Smack OMEMO always generate two deviceId's, appear one to be new and another previous old deviceId.

    <list xmlns='eu.siacs.conversations.axolotl'><device id='394075726'/><device id='985033729'/></list>

     

    #2: on executing the following:  fingerprints = mOmemoManager.getActiveFingerprints(bareJid);

    it always return an zero-size fingerprints array.

     

    #3 The method IdentityKeyPair loadOmemoIdentityKeyPair(OmemoManager omemoManager)

    always return null. I performed a trace and observe that the loadOmemoIdentityKeyPair uses omemoDevice with default deviceId e.g. 394075726;

    however the signedPreKeyPairs is only stored only for the second deviceId e.g. 985033729

    This problem prevents aTalk to proceed to start an OMEMO chat.

     

    For testing I force the below method when called, also reset the defult deviceID to the omemoManager.getOwnDevice().getDeviceId()

    public void storeOmemoSignedPreKey(OmemoManager omemoManager, int signedPreKeyId, SignedPreKeyRecord signedPreKey)

    overwritten any value that was saved previously during

    public void setDefaultDeviceId(BareJid user, int defaultDeviceId)

     

    #4: If I performed direct deletion of all the OMEMO tables and regenerate new.

    I was able to start an OMEMO chat successfully with conversation after some attempts. I need further investigation on this.

     

    ==============================================

    I reverts OMEMO chat support to using file-based persistent storage and perform the same. The observed behavior is similar to SQLite implementation for the the test cases #1, #2, #3. #4.

     

    For test case #3, I am unable to verify if a wrong deviceId is being used to retrieve the IdentityKeyPair. However the same exception as below is being thrown.

     

    For case #4, deleteted the OMEMO_Store directory helps aTalk able to start OMEMO chat with conversation again.

     

    // ============== Other Observations ==================

    #5: The fingerprint returns by aTalk and conversation is different, although both use the same library. Any explanation?

    identityKeyPair.getPublicKey().getFingerprint().replaceAll("\\s", "").

     

    FYI: Although different is return string value, both format are working fine with each application.

    ------ atalk fingerprint ----------

    (byte)0x05,(byte)0x80,(byte)0x50,(byte)0x2c,(byte)0xeb,(byte)0xcb,(byte)0x2d,(by te)0x91,(byte)0x48,(byte)0x17,(byte)0xdf,(byte)0xb3,(byte)0x01,(byte)0x63,(byte) 0xc5,(byte)0x8f,(byte)0xbe,(byte)0xc0,(byte)0x57,(byte)0xac,(byte)0x2d,(byte)0x6 1,(byte)0xee,(byte)0xbc,(byte)0x6b,(byte)0xc9,(byte)0x21,(byte)0x14,(byte)0xea,( byte)0x3a,(byte)0x4e,(byte)0x93,(byte)0x67,

     

    ------ conversions fingerprint ----------

    05145790293a242735c102b13bca5821fcc0332b41ee17b454dcc5ff3c4e0eb561

     

    =================== atalk-android.apk ==================

    An unofficial release of the atalk-android is available for anyone who like to try. It can be downloaded from the link below.

    Please note this is one off debug version release for anyone who want to try. Some of the debug tools are only available on debug version.

     

    http://atalk.sytes.net/releases/atalk-android/aTalk-debug_V8.1.0.apk

     

    # Case #1. open main menu and select

    Settings... | Chat Security | Delete OMEMO identities

     

    # Case # 4. Open main menu and select

    Account settings... | Refresh Persistent Store (icon swipe) | check XEP-0384: OMEMO Encryption ==> Refresh

    Need to exit and relaunch atalk-android.

     

    Note: This action in case #4 is needed before upgrade to the next release for SQLite BackEndData support for OMEMO. Otherwise the OMEMO_Store is left un-touch.

     

    // ============ atalk log ======================

    07-01 02:56:59.076 D/SMACK: SENT (0): <iq to='leopard@atalk.org' id='L1w13-118' type='get'><pubsub xmlns='http://jabber.org/protocol/pubsub'><items node='eu.siacs.conversations.axolotl.devicelist'/></pubsub></iq>

    07-01 02:56:59.086 I/αTalk: [9] impl.msghistory.MessageHistoryServiceImpl.findRecentMessagesPerContact().621 Find recent message for: Jabber:leopard@atalk.org -> abc123@icrypto.com

    07-01 02:56:59.116 I/αTalk: [9] impl.msghistory.MessageHistoryServiceImpl.findRecentMessagesPerContact().621 Find recent message for: Jabber:leopard@atalk.org -> hawk@atalk.org

    07-01 02:56:59.256 D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>

    07-01 02:56:59.256 D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='31'/>

    07-01 02:56:59.266 D/SMACK: RECV (0): <iq xml:lang='en' to='leopard@atalk.org/atalk' from='leopard@atalk.org' type='result' id='L1w13-118'><pubsub xmlns='http://jabber.org/protocol/pubsub'><set xmlns='http://jabber.org/protocol/rsm'><index>0</index><count>1</count><first index='0'>creation@001498:848608:676287</first><last>creation@001498:848608:676 287</last></set><items node='eu.siacs.conversations.axolotl.devicelist'><item id='5DACF2E0A4857'><list xmlns='eu.siacs.conversations.axolotl'><device id='394075726'/><device id='985033729'/></list></item></items></pubsub></iq>

    07-01 02:56:59.456 D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>

    07-01 02:56:59.466 D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='32'/>

    07-01 02:56:59.606 E/αTalk: [4] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionAuthenticatedListen er() Exception in authenticated listener

                                java.lang.NullPointerException: Attempt to invoke virtual method 'org.whispersystems.libsignal.ecc.ECKeyPair org.whispersystems.libsignal.state.SignedPreKeyRecord.getKeyPair()' on a null object reference

                                    at org.jivesoftware.smackx.omemo.signal.SignalOmemoKeyUtil.signedPreKeyPublicForBu ndle(SignalOmemoKeyUtil.java:207)

                                    at org.jivesoftware.smackx.omemo.signal.SignalOmemoKeyUtil.signedPreKeyPublicForBu ndle(SignalOmemoKeyUtil.java:56)

                                    at org.jivesoftware.smackx.omemo.OmemoStore.packOmemoBundle(OmemoStore.java:209)

                                    at org.jivesoftware.smackx.omemo.OmemoService.publishBundle(OmemoService.java:301)

                                    at org.jivesoftware.smackx.omemo.OmemoService.initialize(OmemoService.java:228)

                                    at org.jivesoftware.smackx.omemo.OmemoManager.initialize(OmemoManager.java:189)

                                    at org.jivesoftware.smackx.omemo.OmemoManager$1.authenticated(OmemoManager.java:65 8)

                                    at org.jivesoftware.smack.AbstractXMPPConnection.callConnectionAuthenticatedListen er(AbstractXMPPConnection.java:1262)

                                    at org.jivesoftware.smack.AbstractXMPPConnection.afterSuccessfulLogin(AbstractXMPP Connection.java:574)

                                    at org.jivesoftware.smack.tcp.XMPPTCPConnection.afterSuccessfulLogin(XMPPTCPConnec tion.java:378)

                                    at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginInternal(XMPPTCPConnection.ja va:443)

                                    at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java :493)

                                    at net.java.sip.communicator.impl.protocol.jabber.LoginByPasswordStrategy.login(Lo ginByPasswordStrategy.java:114)

                                    at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImp l.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1145)

                                    at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImp l.connectAndLogin(ProtocolProviderServiceJabberImpl.java:901)

                                    at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImp l.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:749)

                                    at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImp l.register(ProtocolProviderServiceJabberImpl.java:526)

                                    at net.java.sip.communicator.util.account.LoginManager$RegisterProvider.run(LoginM anager.java:325)


              Penetration Testing Bootcamp   

    Sharpen your pentesting skill in a bootcamp About This Book Get practical demonstrations with in-depth explanations of complex security-related problems Familiarize yourself with the most common web vulnerabilities Get step-by-step guidance on managing testing results and reporting Who This Book Is For This book is for IT security enthusiasts and administrators who want to understand penetration testing quickly. What You Will Learn Perform different attacks such as MiTM, and bypassing SSL encryption Crack passwords and wireless network keys with brute-forcing and wordlists Test web applications for vulnerabilities Use the Metasploit Framework to launch exploits and write your own Metasploit modules Recover lost files, investigate successful hacks, and discover hidden data Write organized and effective penetration testing reports In Detail Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing. This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test. In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing. Style and approach This book is delivered in the form of a 10-day boot camp style book. The day-by-day approach will help you get to know everything about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits. Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com . If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.


              Doctor Web: we have already encountered similar infection methods   

    June 29, 2017

    According to some Internet sources, it was reported that Trojan.Encoder.12544 penetrated an operating system using an update program of the application MEDoc, which is designed for taxation management. This encryption worm is also known as Petya, Petya.A, ExPetya and WannaCry-2. Doctor Web specialists have already encountered the similar distribution method of malicious programs before, and they know how to avoid such incidents in future.

    Security researchers, who examined Trojan.Encoder.12544, inform that the original source of the Trojan was an update system of the program MEDoc. This program helps Ukrainian users in taxation management. The security researchers found that a tool named EzVit.exe, included in the MEDoc distribution kit and designed to update the main application, executed a CMD command at one point. This command launched the download of a malicious library. The main functionality of Trojan.Encoder.12544 was implemented in this library. Given that this encryption ransomware spreads via a network independently using a vulnerability in the SMB protocol and steals Windows user account data, further distribution of the infection is a matter of just one infected machine.

    Back in 2012, Doctor Web security researchers detected a targeted attack on drugstores and pharmaceutical companies with the use of malicious program called BackDoor.Dande. This spyware Trojan stole information about a medication procurement from special programs used in the pharmaceutical industry. Once launched, the backdoor checked a system for presence of relevant applications for procurement and recording of purchase of medication and, if there weren’t any, it would shut down. More than 2800 drugstores and Russian pharmaceutical companies became victims of the infection. Thus, it is a fair assumption to say that BackDoor.Dande was used for business espionage.

    Doctor Web specialists have conducted an investigation that lasted as many as 4 years. One of the affected companies provided its hard drives compromised by BackDoor.Dande. Our analytics determined the creation date of a driver that launched all other backdoor components. This driver was mentioned in the Windows paging file and log of Avast anti-virus, which was installed on the infected machine. Analysis of these files showed that the malicious driver was created right after a launch of an application called ePrica (D:\ePrica\App\PriceCompareLoader.dll). This application was developed by a company called “Spargo Tekhnologii”. It allows executives of drugstores to analyze medication prices and to choose the best supplier. Examination of ePrica allowed to determine that it loads a library into the system. This library covertly downloads, decrypts and launches BackDoor.Dande. The Trojan was downloaded from http://ws.eprica.ru. This website belonged to “Spargo Tekhnologii” and was designed to update ePrica. In addition, the module that covertly downloaded the malicious program had the valid digital signature “Spargo”. The Trojan loaded stolen data to servers located outside Russia. In other words, just as Trojan.Encoder.12544, the backdoor was “hidden” in the update module of the program.

    screenshot Trojan.Encoder.12544 #drweb

    Similarity of these cases shows that infrastructure of the software development requires a heightened level of awareness in terms of information security. To begin with, update process of any commercial software must be performed with a close attention of developers themselves and users. Some update tools of different programs have rights to install and launch executable files in an operating system. It can be an unexpected source of infection. In case of MEDoc, the infection was caused by the hack of cybercriminals and compromise of the update server. In the occasion of BackDoor.Dande, specialists assume that spread of infection was caused by deliberate actions of insiders. This method could be used by cybercriminals to conduct an effective aimed attack on users of practically any software.


              Oracle Introduces Identity-Centric Cloud Security with Identity SOC by Rohit Gupta    

    New Challenges Require Identity-Centric Security

    In a 2016 Cloud Security Research Report by Crowd Research Partners, 91% oforganizations have security concern about adopting public cloud, however only14% believe that existing network security tools are capable of trulyprotecting the public cloud.

    The reality is, just as organizations were getting comfortable with theirsecurity solutions sitting on the edge of the network, the network perimeterhas dissolved. Now users are accessing SaaS applications directly from mobiledevices, bypassing network-centric tools. It’s not just SaaS applicationseither, more and more companies are lifting and shifting workloads to the cloudrunning in IaaS environments.

    To make matters worse, good security resources are scarce. Budgets areshrinking, and even if you can find the money, an Economist Intelligence Studyindicates that 66% of cyber-security job openings cannot be filled by skilledcandidates. All this while the sophistication of threats is growing.

    Today’s attacks have increased in sophistication. The threat of zero-dayexploits is expanding on a scale unseen before and putting a strain onresearcher’s ability to identify and prevent using signature-based techniques.This makes anomaly detection the only way to spot the needle in a haystack.Today’s threats now leverage multiple vectors, and breaking apart the attacksequence into smaller, more difficult to identify, chunks that are re-packagedand executed making sequence awareness of the attack chain critical. The attackfocus is now targeted where it used to be indiscriminate which makes userawareness and attribution invaluable in detection. Early detection is the keyto containment, as today’s attacks no longer go on for just hours, they arepersistent as networks, applications and services can be probed for days, weeksor months.

    With all these challenges our old network-centric tools are being asked tosecure data/assets in ways that they are not capable of. It is only identitythat is bringing these disparate worlds together. It is the identity contextbrought together with new technologies such as machine learning, big data, andadvanced analytics that allows a security professional to centralize andnormalize user activities.  Then correlate and analyze those user eventsagainst cloud application, device and network based events to identifyanomalistic and potentially risky behavior in near real-time. Last, the outcomeof this leads to preventative actions to defend against current and futureattacks across the affected planes.

    Downloadthe new Solution Brief on Identity SOC


    Modern Security Requires a New Detection & Response Paradigm

    Historical security measures are reactive and focused on protecting the frontdoor to applications and data. These controls are absolutely important andrequired for a defense-in-depth model, but alone are not sufficient for today’sthreats. The demand for preventive technologies using advanced and lean-forwardsecurity technologies is growing. Organizations have been responsible withputting the “locks and cameras” on in their organization, but lack in theability to correlate multiple penetration attempts together to look forpatterns, root cause, and predict the next phase of the attack sequence.Security professionals are starting to accept the reality today, which it isn’ta matter of IF you will be attacked, it is HOW frequent, and WHAT data (if any)was compromised.  This is the driver behind faster detection and responsewith complete audit & analysis of the event sequence.[GJ1]

    What’s needed is a full cycle controls environment that combines for preventiveand detective solutions. Leading organizations are recognizing a need for afour stage model that includes Discover, Secure, Monitor and Respond.

    Discover: To improve you must measure and have visibility into whatservices are being used, how and by whom. This includes visibility into bothsanctioned as well as un-sanctioned activity that is occurring with Shadow IT.

    Secure: We still need all the preventive controls with proactiveapplication and content security to ensure sensitive data is protected. Westill need to authenticate and give authorization to users and applications aswell as protect data with strong application encryption to keep it safe.

    Monitor
    : However those preventive controls are not enough. We mustcontinuously monitor the environment to detect threats and identify anomalousactivity when it’s occurring.

    Respond
    : Automated response is necessary to augment your already stretchedsecurity teams. Organizations don’t have the resources to detect issues andthen hand the over for a forensic professional to research and ultimately comeup with a manual response plan for each threat.

    Download the Solution Brief on Identity SOC

    Oracle Delivers the World’s First Identity SOC

    Oracle has recognized this shift in the security landscape and in our customer’s needs. Not only do we need to protect our own cloud, but our customers are looking for modern techniques to help them provide consistent security controls across cloud and on-prem environments. A 2016 Right Scale study said enterprises plan to use an average of six (6) cloud services to run their workloads. More than ever, coordinated security management is needed.

    Oracle is making a big investment in the world’s first Identity SOC. With three (3) new security cloud services that integrate several new technologies into a homogeneous set of services. The integrated technologies include Security Incident and Event Management (SIEM), User & Entity Behavior Analytics (UEBA), Identity Management (IDM), and Cloud Access Security Broker (CASB). Each of these new services will integrate with the rest of your security fabric, but when joined together they offer the full benefit of a true Identity SOC with bi-directional controls and actionable intelligence.

    Download theSolution Brief on Identity SOC


              Announcing global availability of Identity Cloud Service!   

    We announced a few weeks ago about the imminent availability of the Identity Cloud Service (IDCS) - Oracle's comprehensive Identity and Access Management platform for the cloud. We are pleased to announce today that the service is now GA (Generally Available) and onboarding enterprise customers the world over. 

    As a quick recap of what we've mentioned earlier about this exciting new platform, IDCS is a multi-tenant microservices-based platform built from the ground up for the cloud. Releasing IDCS is the culmination of years of effort in developing Identity and Access Management, 100% native for the cloud - instead of simply hosting our market-leading on-premise IAM products in the cloud.  

    IDCS differentiates itself from first-generation Identity-as-a-Service (IDaaS) products in its ability to provide three unique benefits to enterprise customers:

    1. Hybrid Identity and Access Management - IDCS enables customers to manage and govern identities for applications that are on-premises and in the cloud. This includes not just synchronizing identities and federating access to an on-premises Identity Provider (like Oracle Access Manager), but also integrating workflows for Access Certification, Segregation of Duties, Reporting and Audit right from our Oracle Identity Governance product. 

    2. Secure Defense in Depth - The architecture of IDCS was designed with security of customer data in mind. IDCS uses the Oracle Cloud Platform's data security at rest via data protection technologies such as Transparent Data Encryption (TDE) and schema isolation - which help protect our customer data in the cloud. IDCS also provides native role-based access control policies to enforce granular control on application access. 

    3. Open and Standards-based Platform - IDCS was built and continues to be developed with an API-first development approach. That means every product feature visible on the UI has an equivalent API for it, therefore ensuring 100% API coverage for all product features. This makes it easier for developers to integrate IAM functionality into custom homegrown applications.

    Also, Oracle being a leader in open standards bodies for several years now, IDCS has full support for SAML, SCIM, Open ID Connect and OAuth 2, allowing customers to integrate with any application via open standards. 

    You can find more information about the product and collateral on our product webpage as well as on cloud.oracle.com.  



              Russia, suspected in attacks, allowed access to cybersecrets   

    This week's cyberattack, which is wreaking plenty of havoc across the globe, is just the latest in a growing list of attacks Russia is suspected of launching against nations around the world.

    At the same time, though, Western tech companies, including IBM and Cisco, are allowing Russian authorities to review some of their security products’ source code, according to an investigation by Reuters.

    The report, “Under pressure, Western tech firms bow to Russian demands to share cyber secrets,” finds that:

    1. “Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country.”

    2. “The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any ‘backdoors’ that would allow them to burrow into Russian systems.”

    3. “Those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code - instructions that control the basic operations of computer equipment.”

    There are no known cyberattacks or hacks that originated as a result of information gained through the review process, according to the report.

    But current and former US officials and security experts say they are concerned about the vulnerabilities these reviews could expose and how they might be used.

    “The demands are being made by Russia’s Federal Security Service (FSB), which the U.S. government says took part in the cyberattacks on Hillary Clinton’s 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts. The FSB, which has denied involvement in both the election and Yahoo hacks, doubles as a regulator charged with approving the sale of sophisticated technology products in Russia,” the report reads. 

    Read the full report here or listen to an interview with one of its authors by clicking the "play" button above.


              Crypviser: Blockchain-based IM encryption   

    Being a DeepDotWeb user, you know that keeping your information secure is important. Although message encryption, like any other technology, can be used for less than noble purposes, the benefits it brings to ordinary users and companies outweigh the damage by far. This is why users, from tech-savvy to average, are always looking for better ...

    The post Crypviser: Blockchain-based IM encryption appeared first on Deep Dot Web.


              IAM Consultant - The Herjavec Group - Canada   
    Experience with J2EE technologies, scripting, directories, certificates (PKI), and encryption are highly desirable....
    From The Herjavec Group - Wed, 17 May 2017 15:13:43 GMT - View all Canada jobs
              APFS encryption vs FileVault   
    none
              No thumbnails in folders of Boxcryptor encryption program (after decryption)   
    Hello developer team! I´m encrypting my files with BOXCRYPTOR encryption program which creates kind of removable drive on MAC during decrypted...
              Im about to make myself look stupid.   
    Lately I have been thinking about encryption (haven’t we all?) and as an exercise I have written my own encryption algorithm that I’m going to describe in this article. Of course i know rolling your own is a bad idea, but that doesn't mean its not fun. I base it on the idea that i want to use the simplicity of a one time pad, but to have a considerably shorter key. If we have a small key we should be able to procedurally generate an infinitely long key from the initial key seed. Note: at this point anyone who knows anything about encryption can see an obvious weakness here: the procedural algorithm will produce a pattern that can be found and used to break the key. True, but that is a mathematical way of thinking about it: a specific algorithm yields a specific pattern. But what if the algorithm isn’t specific? What if the key describes the algorithm? If the key is data that can be used as an algorithm to produce data, we can create a cycle where the algorithm is self modifying and therefor wont create a pattern. One way of thinking about it is to imagine the encryption algorithm as a virtual machine that produces a one time pad, and new instructions for the virtual machine. All we really need to do is to ensure that the virtual machine never gets stuck in a loop where it produces an output that makes it repeat its previous operations over and over. That’s pretty much the basic idea, and once you start to think about it you realize that you don’t need a full virtual machine, you can do something much simpler that has similar characteristics. pos_a = key[0]; pos_b = key[1]; pos_c = key[2]; for(i = 0; i < length; i++) { old_a = pos_a; pos_a = key[pos_b] % key_size; pos_b = (pos_a + 1 + key[pos_c] % (key_size - 1)) % key_size; pos_c = (pos_a + 1 + key[old_a] % (key_size - 1)) % key_size; decrypted[i] = encrypted[i] ^ key[pos_a] ^ key[pos_b]; key[pos_c] = (key[pos_c] << 31) | (key[pos_c] >> 1); key[pos_a] ^= key[pos_c] ^ i ^ decrypted[i]; } Lets go over this code and start by first analyzing the key line here: decrypted[i] = encrypted[i] ^ key[pos_a] ^ key[pos_b]; This is the encryption using a simple XOR. XOR in it self is unbreakable because any input can yeld any output with the right key value. However If we re-use the same XOR key more then once it becomes possible to guess the key. The assumption of any encryption algorithm must always be to make the message unbreakable even if the breaker has a part of the message in plain text. So the first thing we do is to XOR with 2 different parts of the key; key[pos_a] and key[pos_b]. The breaker now knows two numbers if XORed together will produce the XOR difference between the message. if we a working with a 32 bit implementation that means 4 billion combinations. That’s a lot, but its still a clue. So the next thing we do is to destroy that clue: key[pos_c] = (key[pos_c] << 31) | (key[pos_c] >> 1); key[pos_a] ^= key[pos_c] ^ i ^ decrypted[i]; Here we take a third portion of the key, key[pos_c], that the adversary still haven got a clue about and use it to destroy one of the two XOR factors. To this we add in the decrypted message and a counter, that will add a poison pill and prevent the algorithm to ever get stuck in a pattern. By adding the decrypted message we also add the same entropy as the message it self has to the possible combinations. To make sure we have good entropy we also shift the key one step, so that we aren’t constantly XORing the same bits. Then finally we get to this: old_a = pos_a; pos_a = key[pos_b] % key_size; pos_b = (pos_a + 1 + key[pos_c] % (key_size - 1)) % key_size; pos_c = (pos_a + 1 + key[old_a] % (key_size - 1)) % key_size; Here we simply use the key to recursively select the 3 sections of our key we will use in our above algorithm. Since none of these position values are exposed, they obfuscate how the algorithm work as they will just modify how the algorithm selects its key values, they wont actually be used in the math relating to the message. Since the keys at pos_a and pos_c will be XORed to destroy the key, they cant be the same, and since the key at pos_a and pos_b are used to decrypt the message, they cant be the same. The core idea here is that the adversary can crack the key, but not how the key was generated as that process is fenced of from the encryption process. I would love to see if anyone can break this. If you want to try here are a few assumptions you can make: The key is only used once and is random, but assume that you have access to both the encrypted and a significant part of the plain text message (The encryption should hold up even if an attacker can accurately guess significant parts of the plain text). I’m very curious as to how the key size and amount of plain text data is given can impact the security of the encryption. This is one of thous times I wish i was very rich so that i could offer up a big cash price, but maybe i can owe you beer if you break it? Edit: The lines: pos_a = key[0]; pos_b = key[1]; pos_c = key[2]; should obviously be: pos_a = key[0] % key_size; pos_b = key[1] % key_size; pos_c = key[2] % key_size; See? I already look stupid!
              Steganography in C#   
    It has been a while since I wrote my last blog, but anyway I am back again. I am going to talk today about Steganography using C#.

    Well let us define Steganography first. According to Wikipedia:
    Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message. By contrast, cryptography obscures the meaning of a message, but it does not conceal the fact that there is a message.”

    So it is all about information hiding, today I will not get into the different techniques of steganography . I will just talk about one of my project that I used steganography in it.
    It was required to implement an application that will be able to sign files digital using the RSA Algorithm.


    The application provides some features and they are listed as follows:

    1. Signing Files: Files can be signed and store the signature inside it or in another separate file
    2. Signing Wave Files: The application signs wave files by signing the header of the file and then store and hide this information inside the wave file

    The operation of the file signing is divided into three states:
    1. Hashing:
    In this operation we read the data that is going to be hashed. Depending on the hash function provided by the framework, you can hash the data in order to be ready for the next step.

    2. Signing:
    In this operation we are going to sign the data received from the previous step. All we have to do is to encrypt the provided data using the private key of the user.

    Here is the method I used to sign the data:

    public byte[] SignData(string data, HashType hashType)
    {
    HashWrapper hasher = new HashWrapper(hashType);
    byte[] bytesArraySignedValue = rsa.SignData(HelperFunctions.ConvertStringToByteArray(data), hasher.GetHasher());

    SignedValue = HelperFunctions.ConvertByteArrayToHexString(bytesArraySignedValue);

    return bytesArraySignedValue;
    }

    3. Verification:
    In this step we are going to verify the signature. In order to do that we have to hash data and keep the digest, then decrypt the signature using the public key. Both should match in order to be a valid signature.

    Here is the method I used to verify the signed data:

    public bool VerifySignedData(string data, HashType hashType, byte[] signature)
    {
    HashWrapper hasher = new HashWrapper(hashType);
    return rsa.VerifyData(HelperFunctions.ConvertStringToByteArray(data), hasher.GetHasher(), signature);
    }

    It seems that Microsoft has done all the work for you ;)

    I will give you a breif about reading wave files in C#, For more information regarding reading wave files format please refer to the following link. The WAVE file format is a subset of Microsoft's RIFF specification for the storage of multimedia files. A RIFF file starts out with a file header followed by a sequence of data chunks. A WAVE file is often just a RIFF file with a single "WAVE" chunk which consists of two sub-chunks -- a "fmt " chunk specifying the data format and a "data" chunk containing the actual sample data.
    Signing Wave Files:
    I used a new idea by signing wave files. Signing wav files operations is similar to signing a normal file. First, we have to calculate the signature of the input file but instead of calculating the digest for the whole file. We will calculate the digest for the header only. Then encrypt this hash using the private key. The only difference is the storing operation. We will store the signature bits, by changing the least significant bit in all the wave samples according to the signature bits. This bit won’t make a difference in the sound of the file and we will have the digitally signed.

    Application Logical Design:



    *Logging Module: This module is responsible for the logging functionality across all the application
    *Helper Classes: This module includes some common functionalities like handling the bit manipulation using the c# language
    *Wave File Module: This module is responsible for handling the wave operations: Reading wave binary data, writing a new wave file and signing the wave files
    *RSA Wrapper: This module wraps the functionality of the RSA algorithm. It facilitates the using of encryption depending on the application logic
    *Hash Wrapper: This module is responsible for wrapping the hash algorithm. It uses the hash service providers available through the dot net framework
    *Presentation Layer: This module is responsible for handling the UI functionalities across all the application


    I used Visual C# 2005 to implement this application. I am sharing the source code, I hope it could be helpful. You can find it here. Pleas let me know your feedback.



    Download: DigitalSigner.zip
              Lineage OS 14 Custom Rom For Xiaomi MI 6 [sagit]   
    Lineage OS 14 Custom Rom For Xiaomi MI 6, This Rom work smooth, great and can be used for daily drive, download flash and enjoy this enjoy this wonderful ROM Special thanks to our Dev that made this ROM work for Xiaomi Mi 6. 
     Prerequisites:
    • This Android ROM is meant for only Xiaomi Mi 6
    • Your phone should have a custom recovery installed to install this ROM on your phone.
    • We will be using TWRP Recovery for flashing this ROM.
    • This ROM will wipe out all your data. Make sure you backup all your data in your phone before proceeding.
    • Perform a Dalvik Cache wipe before proceeding from the Recovery Mode.
    • Don’t worry we are going to share step by step guide to safely
    What’s working:
    • Boots
    • RIL (Calls, SMS, Data)
    • Wi-Fi
    • Bluetooth
    • Video Playback
    • Audio
    • Camera
    • Sensors
    • LED
    • GPS
    Known issues:
    • file based encryption
    • fpc fingerprint sensor
    • Ambient display
    • Others I don’t currently know…
    Follow our guide below to download the Rom and install it yourself.

    How To Lineage OS 14 For Xiaomi MI 6

    1. Download the ADPT OS Rom to your computer or device.
    2. Connect and mount your device USB memory on your computer using the USB cable.
    3. Now copy/paste the downloaded Android ROM zip file and Google Apps.zip files to your SD card. Make sure the files are in the SD card root (not in any folder).
    4. Then turn OFF your phone and disconnect from the USB cable.
    5. Now boot into the Recovery Mode. Switch ON the phone while pressing and holding Volume Up + Home + Power buttons together
    6. Once you are in Recovery Mode, select perform a full data wipe by selecting “wipe data/factory reset”. Use the Power button to select everything while in the Recovery Mode.
    7. Then, perform a cache wipe by selecting “wipe cache partition”.
    8. Now, this is optional, but it is recommended to perform a wipe of your Dalvik cache as well. You will not get into boot loops or any other errors. From recovery, go to ‘advanced’ and then select “wipe Dalvik cache”.
    9. Then go back to the main recovery screen and select “install zip from SD card”.
    10. Now select “choose zip from sdcard”. Using your volume keys, navigate to the Android 7.1.1 ROM zip file that you copied to your SD card and select it using the Power button. Confirm the installation on the next screen and the installation procedure should start now.
    11. Google Apps: Repeat the above step for the Gapps zip file as well and install it on your phone.
    12. After the installation completes, go to “+++++Go Back+++++” and reboot the phone by selecting “reboot system now” from the recovery menu.
    Your Xiaomi  Mi 6 will boot now and it might take about 5 minutes to boot up on your first time. So, please wait. Your Xiaomi Mi 6 should now haveLineage OS 14 For Xiaomi MI 6 installed on It! Go to Settings & About phone to verify.
    Hit the share buttons below to share this article with your friends on Facebook, Google + and Twitter.
    Credits –
    @Porter
    @Androidvillaz

    Download Link

              Phạm Nhật Hào chia sẻ bài viết   

    Mình mới học Nodejs, chia sẻ bài này xem như một lần nữa đọc lại Smile


    Chủ đề là Nodejs là gì và tại sao, khi nào phải dùng Nodejs


    Kể từ khi được Joyent đưa ra từ năm 2009, NodeJS đã được giới công nghệ để ý và phát triển mãnh mẽ. Ngày nay, NodeJS đã được ứng dụng rộng rãi trong rất nhiều ứng dụng trên khắp thế giới, đặc biệt là các đại gia công nghệ như Yahoo, Microsoft, LinkedIn hay các tập đoàn thương mại hàng đầu như Walmart, Groupon, PayPal và kể cả GoDaddy, Voxer... cũng sử dụng.....
    Nhiều nơi trên thế giới, thậm chí tại thung lũng Silicon, người ta tuyển dụng Lập trình viên NodeJS với mức lương cao ngất ng