Monthly Archives: February 2016

Just when you thought Dropbox couldn’t get any better, it has.

Many interesting cloud storage services have come and gone, but Dropbox is probably the one that’s been here the longest. And now it has upped its game with a host of new features. Let’s explore some of them from 2015 as well as some old but lesser-known ones. What we’re saying is let’s discover more stuff that you didn’t know you could do in and with Dropbox.

1. Request Files from Anyone

Sharing files saved in your Dropbox has always been easy. Collecting files in Dropbox from people? Not so much. You had to rely on third-party services for quite a long time…until Dropbox introduced its own file request feature. The best thing about it is that you can gather files even from people who don’t have a Dropbox account. No reason to force them to sign up for one, is there?

To initiate a file request, first head straight to your Dropbox account and click on File Requests in the sidebar to go to the file requests page. See that big blue plus icon there? Click on it create a file request.

You’ll have to specify a catchall name for the files that you want to collect. Dropbox creates a new folder with this name to direct the incoming files to. You can also use an existing folder instead.

For every file request that you create, you’ll get a unique link to share with the people you want to receive files from. Ensure that you have enough space in your Dropbox account for the incoming files. Otherwise, the person sending the files will encounter an error message.

Don’t worry about the privacy settings for the received files. Only you can see them, and later share them if and when you want to.

If you’re on the receiving end of a file request, you’ll get an email with a link to upload the requested files. Click on it and Dropbox will walk you through the straightforward upload process. You’ll have to limit the file size to 2GB if you’re sending it to a Dropbox Basic user and to 10 GB if you’re sending it to a Pro or Business user.

We also recommend giving Balloon a try, if you don’t mind ditching the built-in file request feature in favor of a third-party app.

2. Preview Photoshop and Illustrator Files

Has someone shared a PSD file or an AI file with you on Dropbox? You don’t need access to the right Adobe software to preview it. You can do that right from Dropbox’s web interface, thanks to the interactive file preview feature introduced mid-2015.

Click on the file you want to preview and you’ll get an image toolbar that you can use to zone in on any portion of the preview.

You can preview files not only in PSD and AI formats, but also in PNG, JPG, EPS, SVG, and BMP. But, the previews for certain formats like PSD, AI, and SVG will be sharper and clearer than for the rest. The file preview feature also allows you to preview PDFs, slideshows, videos, and more.

If you’re a creative professional, the preview feature ensures that you don’t have to worry about compressing high-resolution files or converting them to other, more easily viewable formats for sharing with clients. Share a Dropbox link to the design file and be done with it. Your client can preview the file (in full resolution!) and leave feedback on it from Dropbox on the web.

3. Rejoin Shared Folders

Let’s say you left a shared folder, accidentally or otherwise, by deleting it from your Dropbox, and now you want back in. Regaining access to that folder is as simple as clicking on Sharing in the sidebar and then clicking on the Rejoin link next to the folder you want fresh access to.

Remember, deleting files inside the shared folder works differently from deleting the shared folder itself. The former will make the files disappear from everybody else’s Dropbox account as well, but then again, anyone with access to the shared folder can restore them.

4. Find Files Faster with Dropbox Recents

You don’t have to dig through folder after folder to find a Dropbox file that you just edited. You’ll find a link to it under Recents in the sidebar. This section keeps an updated list of files that you have opened or modified recently. Share, download, comment, delete, or even view previous versions of the file straight from this list.

5. Work as a Team

Many Dropbox users — solopreneurs, for example — use the Basic and Pro versions of Dropbox for business. If you’re one of those users, congratulations. You can now collaborate better on projects using the new Team feature.

After you create a team, you’ll be able to add members to it, share files and folders with them, and create sub-folders for better organization. As the team administrator you get granular control over file and folder permissions. Also, you’re sure to appreciate the ability to link your work and personal Dropbox accounts and switch between them easily without having to log out of either.

Your work projects are not the only ones that can benefit from this collaboration feature. Personal projects also can. Have a family vacation coming up? Or a wedding? Or a friend’s birthday? Create a Dropbox team and get started on the planning!

6. Discuss Files You’re Viewing

You have probably noticed that Dropbox files on the web now come with a commenting mechanism. If you haven’t, shift your attention to the right sidebar when you have a file or file preview open, and there it is.

As is standard procedure on the web these days, you can @mention someone to get their attention, and in this case, to get their inputs on the file. They’ll receive an email notification about it and can leave a comment on the file even if they aren’t a Dropbox user.

The added advantage is that if it’s a Microsoft Office file that you’re discussing, you can edit it right there based on the feedback, thanks to the Dropbox-Office Online integration. Your edits will automatically get saved back to Dropbox.

7. Sync Files Faster

By default, Dropbox limits the bandwidth allocated to the files being uploaded to your account. If you want to take advantage of your network’s higher capacity, you can remove this limit altogether or set a custom one from Dropbox’s settings.

To remove bandwidth limits for file uploads on a Mac, first open Preferences from Dropbox’s menu bar icon.

Next, switch to the Network tab and click on the Change Settings button next to Bandwidth: Now select the radio button next to Don’t limit, or if you want to specify a limit, select the radio button next to Limit to and type in an upload speed. You can also limit the download rate from the same section. Hit the Update button once you have made the changes.

To access the bandwidth settings on Windows 7 and above, click on the Dropbox icon in the system tray and go to Preferences > Bandwidth.

8. Instantly Delete Sensitive Files for Good…

Files that you delete from your Dropbox don’t disappear immediately from your computer or your Dropbox account. They get queued up for permanent deletion and stay part of the Dropbox ecosystem for at least 30 days. The deleted files also stay in the cache folder (.dropbox.cache) within Dropbox’s root folder on your computer for three days.

Note: If you have a Pro account with Extended Version History, the deleted files stay in the online deletion queue for up to one year.

If the files you deleted contain sensitive data, you might want to clear them out from the deletion queue manually. To do so, go to the home page of your account and click on the trash icon to the left of the search box. This displays the deleted files and they appear grayed out.

Now select a binned file that you want to erase permanently and click on the Permanently delete… option in the menu bar at the top. Do this for each file that you want to erase right away. Of course, you can select multiple files using Ctrl on Windows or cmd on a Mac.

Here comes another important step: getting rid of the deleted files from Dropbox’s cache folder. You can’t see this folder unless your system is set to show hidden files. You’ll need to access it and once again delete the files from there to get rid of them for good. Of course, if you do nothing, Dropbox will still clear the cache folder in three days’ time.

Based on whether you’re using Windows, Mac, or Linux, you’ll have to look up Dropbox’s instructions to reveal the cache folder on your computer.

Warning: You can’t recover any of the files you have deleted using the steps above, but someone with access to your computer and a good recovery software might be able to.

1. Be 100% sure that you want to delete a file before you delete it.
   
2. Look for a more advanced security solution to remove even the most deeply hidden remnants of deleted files.
   

   9. Add a 4-Digit PIN to the Dropbox App on Your Mobile
   

   You know all about protecting your Dropbox account with two-factor authentication and you have set it up already, right? Have you also secured the Dropbox app on your phone or tablet with a PIN or passcode? The passcode feature is not new, but it’s one that many people overlook.
   

   Set a passcode for the Dropbox app now via Dropbox settings > Advanced Features > Configure Passcode on your Android device or via Dropboxsettings > Passcode Lock on your iPhone. For iPads and Windows tablets, here are the instructions to set a passcode.
   

   
   

   Are you a Pro user? Then in addition to setting a passcode, you can enable the setting to remotely erase all Dropbox data on that device after 10 failed attempts at entering the correct PIN. This can prove helpful if your phone ever falls into the wrong hands. There’s a catch though. You can proceed with the remote data wipe only if the device is online.
   

   Also, if you’re a Basic user, you have to content yourself with unlinking the lost device by clicking on the “x” icon next to its name under Dropbox Settings >Security > Devices.
   

   10. Carry Your Bookmarks Everywhere
   

   Dropbox being such a great way to sync anything, we have all come up with various makeshift ways to sync bookmarks to the cloud. But we don’t need them anymore, because Dropbox has now added a feature to do just that.
   

   You can now drag and drop links to Dropbox on the web or on your computer. They get backed up just like your files do, so you can open them from any location.
   

   
   

   Unfortunately, clicking on a bookmark from Dropbox’s web interface loads a preview page for the bookmark instead of the link suggested by the bookmark. That’s why we recommend using the bookmark’s context menu to open the link in a new tab.
   

   You’ll really appreciate the convenience of this bookmarking feature when you’re collaborating with someone on a project and have a bunch of shared links to keep track of.
   

   11. Host a Podcast from Dropbox with JustCast
   

   We recently shared an exhaustive guide on how to start a successful podcast. If you’re gearing up to start a podcast yourself and are on the lookout for a decent, easy-to-manage podcast host, your search ends here — with JustCast, which is ridiculously simple to use.
   

   Once you connect JustCast to your Dropbox, a folder named JustCast will appear in /Dropbox/Apps. Any mp3 file you add to Dropbox/Apps/JustCast/podcast_name will automatically go in your podcast’s RSS feed. All you have to do is tell people to subscribe to the feed. Use the in-built metrics feature to track the subscriber and download count.
   

   
   

   To publish the podcast on iTunes, visit this link for podcast submission and paste the link to your RSS feed there to proceed.
   

   Now let’s talk money. You don’t have to shell out any if you’re content having just three of the most recent episodes showing up in the feed. For unlimited feed items, you have the Pro plan at $5/month.
   

   Here’s something you should make a note of. Dropbox has some restrictions in place on file hosting and sharing. So once your podcast gathers momentum and your audience grows, you’ll need to consider upgrading your Dropbox account to keep up with the increasing number of file downloads.
   

   
   

   Even if starting a podcast is not in your plans, you can put JustCast to good use by turning it into a personal podcast playlist. Put any MP3 audio files you want to listen to into Dropbox as described above and use the RSS feed in your podcast client — just as you would with any other podcast.
   

   Be mindful of copyright restrictions for any files you’re uploading to Dropbox.
   

   12. Theme Your Dropbox with Orangedox
   

   If you use Dropbox for work, you might want to tweak its interface to align with your brand. And that’s where Orangedox steps in. It gives you tools to add special touches to the Dropbox portal, such as you own logo and color scheme.
   

   Orangedox also allows you to track the documents you have shared and get download stats for them. Note that only this feature is available in the Free Forever plan.
   

   
   

   We must admit that Orangedox has not quite picked up steam despite being launched more than a year ago i.e. in 2014. But considering that there seem to be zero apps that allow you to theme Dropbox, Orangedox is still worth a shot.
   

   13. Create Photo Galleries Using Dropbox Photos with Photoshoot
   

   Okay. We admit that we’re cheating a bit here. You already know of apps that turn your Dropbox photos into galleries. But we had to include Photoshoot in this list because it makes the process so easy.
   

   You drag and drop photos into Dropbox and Photoshoot takes care of creating the gallery, complete with items like thumbnails, titles, dates, and a lightbox display. You can leave the gallery visible to the public or hide it behind a password.
   

   Via: makeuseof
   

Different views of Skype’s group video call functionality.

 Credit: Skype

The new feature will let up to 25 people share a single video call on smartphones and tablets.

Skype announced that iOS and Android users in the U.S. and Western Europe can expect to start making group video calls from their smartphones and tablets in the coming week.

The feature will allow users to hold conversations with up to 25 friends at once. Skype designed two new views for group video conferences: the first allows users to see one another in a grid, and it’s designed for calls with a handful of people. A second active speaker view shows a big picture of the person talking by default, along with a small, scrollable row of other participants.

In that view, users can also “pin” someone, so they can always see a large view of the most important person in the conversation for them. Users can change who they’ve pinned during the call, or remove the pin and go back to Skype’s default mode of primarily showing the person talking.

It’s worth noting that this update doesn’t just allow mobile to mobile group video calls, where everyone is staring at a smartphone or tablet. It also means that people who are out and about can still join a group call being held by friends who are all using desktop computers.

Adding group calling to Skype on mobile devices is important for Microsoft, as the company faces increased competition from services like Google Hangouts, which also offers group video calling across platforms, and often comes pre-installed on phones running Android.

Users outside the U.S. and Western Europe can expect to see the new feature roll out in March.

Via: itworld

If you’d like an attacker to eavesdrop on calls made on VoIP phones, then leave the default password in place.

If you’d like an attacker to eavesdrop on your calls made on VoIP phones, then leave the default password in place. If not, then change it.

Using default or weak passwords will continue to bite companies, but this time instead of spying via IP cameras, it was enterprise-grade VoIP phones being pwned. When a client asked information security consultant Paul Moore how to improve security without disrupting ease of VoIP phone deployment, Moore discovered the company was using the default password.

Perhaps recalling how HD Moore remotely infiltrated boardrooms in top companies via videoconferencing systems setup outside firewalls, the IT staff felt confident about security since the VoIP phones were behind a “strong firewall.”

Oh really? Paul Moore set out to disprove the firm’s we’re-safe-from-eavesdropping-attack logic. He showed how an attacker can “make calls, receive calls, transfer calls (even before it rings), play recordings, upload new firmware and crucially…use the device for covert surveillance.”

Using a Snom 320 VoIP phone running 8.7.5.13 firmware in his demonstration, he set it back to a “default state” and discovered that the default configuration panel for the device’s setup console had “no authentication whatsoever” even if it was behind an enterprise-grade firewall. He noted that while some manufacturers do provide default credentials, such as the ever-popular “admin/admin,” the Snom phone just had an “HTTP password not set” warning on the configuration screen. Users are not prompted to setup a password, but if they do then the password can be as short as one character.

To exploit the phone for covert surveillance, Moore enlisted the help of security experts Scott Helme and Per Thorsheim, who played the part of attacker. Multitasking, Moore had a “private conversation” with Helme over Skype while browsing Thorsheim’s site, which was embedded with just a couple lines of JavaScript as an exploit payload.

Moore wrote:

Unbeknownst to me, Per has forced my VoIP phone to call his premium rate number and disabled the speaker, so unless I’m looking at the phone, I wouldn’t know it’s dialing.

Besides forcing calls to premium numbers, an attacker could receive and transfer calls, as well as use the phone for secret surveillance. Moore wrote, “In this demonstration, the attacker has not only compromised your phone and privacy with just a browser, but you’ve paid him for the privilege!”

Thorsheim expounded on that ouch and the payload by telling the BBC, “It will charge you a pound a minute and I will listen to whatever is being said close to your phone – you will be paying me to be eavesdropped.”

The Snom phone used in the test is not the only VoIP phone vulnerable, as similar exploits work on “current Cisco devices too.”

Moore concluded:

If you install, use or just find yourself sat next to one of these devices, just remember… it’s basically a PC, with all the security vulnerabilities associated with them. Don’t assume it’s safe because it’s running as the manufacturer intended; seek professional advice.

Via: networkworld

Google and Red Hat researchers released a patch for a critical remote code execution flaw in glibc 2.9 and later.

Researchers have discovered a critical vulnerability in the GNU C library, glibc, that could put modern Linux servers at risk for remote code execution attacks. API Web services and major Web frameworks like Rails, PHP, and Python are also affected.

The vulnerability (CVE 2015-7547), a stack-based buffer overflow in the getaddrinfo() function in the glibc DNS client-side resolver, has already been patched. Anyone using glibc 2.9 and later — since 2.9 was released in May 2008, that means pretty much anyone using glibc — should patch as soon as possible. Red Hat Enterprise Linux 5 has glibc 2.5, so it isn’t vulnerable, but Red Hat Enterprise Linux 6 (glibc 2.12), Red Hat Enterprise Linux 7 (glibc 2.17), Debian squeeze (glibc 2.11), Debian wheezy (glibc 2.13), and Debian jessie (glibc 2.19) are all affected.

“No, seriously, patch glibc today. This is bad,” Kenneth White, a security research and director of the Open Crypto Audit Project, wrote on Twitter.

The flaw was initially reported to the glibc project team by Robert Holiday of Ciena in July 2015. Carlos O’Donnell, a principal software engineer at Red Hat, and Florian Weimer, a member of the Red Hat Product Security Team, assessed the impact of the security hole and prepared the patch. Google researchers Fermin J. Serna and Kevin Stadmeyer found the vulnerability independently of the initial report and developed a proof-of-concept exploiting the flaw.

“We know of no known attacks that use this specific vulnerability,” O’Donnell said.

The getaddrinfo() function is typically used to resolve IP addresses, so in this case, attackers can use the vulnerability to gain control over applications and systems as they connect to a malicious DNS server. There are a number of ways to attack this vulnerability, including (but not limited to) ssh, sudo, and curl, Google researchers said.

“Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack,” Serna and Stadmeyer wrote in an advisory.

The vulnerability is triggered when the system receives from the DNS server an oversized UDP or TCP response, greater than 2048 bytes, followed by another response which overwrites the stack. One way to trigger the buffer management flaw requires the target system to attempt a DNS lookup for a domain controlled by the attacker. The first response it receives is 2048 bytes long, which fills the buffer entirely with no room left over. Since the buffer can’t be reused, a new buffer is created, but the bug causes the old buffer to be used along with the new, resulting in a buffer that is 65535 in size. The second response is flawed in a way that forces the system to retry the query. The third response contains 2048 bytes of valid response and the attack payload in the remaining 63487 bytes.

The flaw happens because when the query is restarted, it points to a buffer created with the wrong size, O’Donnell said. “There are other ways to trigger the buffer management flaw, but they require slightly more control over the timing of the responses and use poll timeout to carry out the exploit with just two responses from the attacker (as opposed to three),” O’Donnell said.

Red Hat researchers were able to control the execution of one free() call with the buffer overflow and gain control of the EIP register. While they did not try to exploit the vulnerability further, the single attempt showed that remote control execution was possible.

“A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches,” O’Donnell wrote on the glibc project mailing list.

The degree of exploitation depends on the countermeasures the system has in place against stack-based buffer overflows. Remote code execution is possible “but not straightforward,” because it requires bypassing ASLR, Google’s Serna said. Administrators and developers who cannot patch glibc right away should adopt temporary mitigations to protect against potential attacks. One option is to limit the response sizes accepted by the DNS resolver locally to 1024 bytes.

Be careful about the size limits, since systems using advanced features like DNSSEC need to be able to receive oversized UDP responses. DNSSEC requires EDNS0, a client feature that signals to servers that it can receive UDP responses larger than 512 bytes. Blocking large DNS responses can potentially break EDNS0. “DNS resolution may fail or will be significantly delayed,” warned SANS Institute’s Johannes B. Ullrich.

Administrators should make sure all systems on the network use a specific resolver and block outbound DNS unless it originates from the known resolver. Doing so limits exposure, and “is a good idea anyway,” Ullrich said.

While avoiding dual A and AAA queries may help mitigate the vulnerability, disabling IPv6 outright will not disable AAAA queries or prevent exploitation. Blocking IPv6 at a local or intermediate resolver does not work to prevent exploit because the exploit payload can still be delivered. “It is the parallel query that triggers the buffer management flaw,” O’Donnell wrote.

While the patch is available, the race is on as to who moves faster: attackers or defenders. “Now that the cat is out of the bag, dev teams need to quickly determine which of their applications are at risk: a difficult task given how deeply glibc integrates into applications,” said Black Duck Software’s Patrick Carey. The patching process can be a lengthy process, especially for mobile devices and other user-facing applications.

The glibc library is the GNU Project’s implementation of the standard C library and is widely used in GNU Linux and other systems using the Linux kernel. This is the second critical vulnerability in the library in recent months: researchers discovered the GHOST vulnerability (CVE 2015—235) in glibc just last year.

Via: infoworld

Security researchers are warning owners of Android smartphones about a new malware attack, spreading via SMS text messages.

As the team at Scandinavian security group CSIS describes, malware known as MazarBOT is being distributed via SMS in Denmark and is likely to also be encountered in other countries.

Victims’ first encounter with the malware reportedly comes via an unsolicited text message that their Android smartphone receives. The txt message uses social engineering to dupe unsuspecting users into clicking on a link to a downloadable Android application.

CSIS provided a (sanitised) version of a typical message to warn users what to look out for:

“You have received a multimedia message from +[country code] [sender number] Follow the link http://www.mmsforyou[.]net/mms.apk to view the message”

Once the APK package is downloaded, potential victims are urged to grant the malicious app a wide range of permissions on their Android device:

• SEND_SMS
  
• RECEIVE_BOOT_COMPLETED
  
• INTERNET
  
• SYSTEM_ALERT_WINDOW
  
• WRITE_SMS
  
• ACCESS_NETWORK_STATE
  
• WAKE_LOCK
  
• GET_TASKS
  
• CALL_PHONE
  
• RECEIVE_SMS
  
• READ_PHONE_STATE
  
• READ_SMS
  
• ERASE_PHONE
  

Once installed, MazarBOT downloads a copy of Tor onto users’ Android smartphones and uses it to connect anonymously to the net before sending a text message containing the victim’s location to an Iranian mobile phone number.

With the malware now in place, a number of actions can be performed, including allowing attackers to secretly monitor and control smartphones via a backdoor, send messages to premium-rate numbers, and intercept two-factor authentication codes sent by online banking apps and the like.

In fact, with full access to the compromised Android smartphone, the opportunities for criminals to wreak havoc are significant – such as erasing infected phones or launching man-in-the-middle (MITM) attacks.

In its analysis, CSIS notes that MazarBOT was reported by Recorded Future last November as being actively sold in Russian underground forums and intriguingly, the malware will not activate on Android devices configured with Russian language settings.

This, in itself, does not prove that the perpetrators of the malware campaign are based in Russia, but it certainly sounds as if that is a strong possibility. Malware authors in the past have often coded a “safety net” into their malware to prevent them from accidentally infecting their own computers and devices.

For more detailed information about the threat, check out the blog post from CSIS.

And, of course, remember to always be wary of unsolicited, unusual text messages and installing apps from third-party sources on your Android smartphone.

Via: tripwire

In a video found on the YouTube channel of Samy Kamkar, a USB drive beaded in a necklace has been shown which is capable of doing some really dangerous hacking tricks with a horrifying outcome. This necklace is called USBDriveby, which is a necklace that can hijack your computer in just 60 seconds.

USBdriveby is basically a USB-powered microcontroller which is beaded into a necklace or a chain. The reason behind beading this USB-driven microcontroller is that one can take the advantage of security flaws in one’s computer’s USB ports. Once inserted into one of the USB ports, it just needs a minute or better say, 60 seconds to infect and annihilate a personal computer.

How does USBDriveBy work?

• Once USBDriveby is inserted into one of the USB ports on a PC, it pretends to be a mouse or a keyboard.
  
• It automatically uses of a number of keystrokes to satisfy the PC’s network monitor app to convince that everything is ok.
  
• In the next step, it disables the system’s firewall.
  
• After disabling the firewall, it alters the DNS settings next. By changing the DNS Settings, it provides full control to the hacker.
  
• Once the control goes into the hands of the hacker, a hacker can redirect any website the user wishes to visit with the website of hacker’s choice.
  
• Using the website of the hacker’s choice, the USBDriveBy creates an outbound connection by opening up a backdoor port to a remote server, allowing the computer to receive remote commands.
  
• Once the control goes to the remote server, a hacker can exploit the entire PC.
  
• While leaving the computer, any windows and settings screens that have been opened up are closed and footprints are swept up while the hacker leaves the PC.
  

So, basically, within a minute, an entire PC can be hacked by disabling a number of security layers and cleaning up its mess as well. It permanently leaves the computer with an open connection for all sorts of remote manipulations even after the USBDriveBy has been removed from the USB port.

Although the video shown below talks only about the Mac OS X but Kamkar states that the process is quite ‘easily extendable to Windows or Linux’. Once the harm is done, there is nothing much a user can do to protect himself from such attacks except for guarding his USB ports.

You can find more information about the USBDriveBy on Samy Kamkar’s website.

If you are also aware of these sorts of stylish hacking materials, leave the comment about the cool gadgets in the comment section below.

Via: fossbytes

Google is marking Safer Internet Day, which falls today, by introducing new authentication features to Gmail to help better identify emails that could prove to be harmful or are not fully secure.

The company said last year that it would beef up security measures and identify emails that arrive over an unencrypted connection and now it has implemented that plan for Gmail, which Google just announced has passed one billion active users. Beyond just flagging emails sent over unsecured connections, Google also warns users who are sending.

Gmail on the web will alert users when they are sending email to a recipient whose account is not encrypted with a little open lock in the top-right corner. That same lock will appear if you receive an email from an account that is not encrypted.

Encryption is important for email because it lowers the possibility that a message might be hijacked by a third-party. Google switched to HTTPS some while ago to ensure that all Gmail-to-Gmail emails are encrypted, but not all other providers have made the move. Last year, Google said that 57 percent of messages that users on other email providers send to Gmail are encrypted, while 81 percent of outgoing messages from Gmail are, too.

Another measure implemented today shows users when they receive a message from an email account that can’t be authenticated. If a sender’s profile picture is a question mark that means Gmail was not able to authenticate them.

Authentication is one method for assessing whether an email is a phishing attempt or another kind of malicious attack designed to snare a user’s data or information.

“If you receive a message from a big sender (like a financial institution, or a major email provider, like Google, Yahoo or Hotmail) that isn’t authenticated, this message is most likely forged and you should be careful about replying to it or opening any attachments,” Google explained in its Gmail help section.

Unauthenticated emails aren’t necessarily dangerous, but, with this new indicator, Google is giving users more visibility on potential threats to help them make better decisions related to their online security.

Finally, because good news is supposed to come in threes, Google said today that it is gifting users 2GB of addition storage for Google Drive at no cost. To grab the freebie, simply complete the new security checkup for your Google account.

The process, which Google claimed takes just two minutes, will see you check your recovery information, which devices are connected to your account and what permissions that you’ve enabled. Google offered the same deal last year for Safer Internet Day, and the company said the 2GB expansion is open to all users — including those who snagged 2GB last year. (Small caveat: the offer isn’t open to Google Apps for Work or Google Apps for Education accounts.)

Simply head to your Google account to get started.

Via: techcrunch

There’s Box, DropBox, Drive and iCloud, but which is right for you?

The cloud is full of free storage, if you know where to look.

From relatively new companies such as Box and DropBox, to heavyweights Google, Apple and Microsoft, many vendors use free cloud storage as a way to entice users into their clouds in hopes that they will pay more for additional volumes and services.

Below, in alphabetical order, are 19 free cloud services – but a word of caution: The cloud is a volatile place and offers from these vendors change frequently. 

ADrive

The deal: 50GB of free cloud storage.

Details: ADrive may not be very well known, but it offers a compelling deal. The catch is it’s an advertiser-supported platform, so you get a lot of storage space, but a lot of ads too. For 100GB, plans start at $2.50 per month or $25 per year. ADrive has some basic features, such as sharing and backup, but its business and enterprise account offer encryption and multi-user access.

More information: ADrive

Amazon Cloud Drive 

The deal: 5GB free in S3; free unlimited photo storage for Amazon Prime customers.

Details: Amazon Cloud Drive no longer offers a completely free consumer-oriented cloud storage service, but Amazon Prime members get free unlimited cloud storage for photos with their subscription, which costs $99 per year and includes free two-day shipping on eligible Amazon.com products. For non Amazon-prime members, unlimited photos can be stored for $12 per year after a free three-month trial. For $60 per year, Amazon offers an “Unlimited Everything” plan, which allows any file or document to be stored.

Amazon’s business-oriented cloud storage service named the Simple Storage Service (S3) has a free tier of up to 5GB.

More information: Amazon Cloud Drive and Amazon S3.

Apple iCloud Drive

The deal: 5GB of free cloud storage.

Details: Apple iCloud Drive comes with 5GB of free storage. Users looking to bump up their storage can do so for 99 cents month for 20GB, $4 per month for 200GB and $20 per month for 1TB. ICloud is meant for Apple users, but there is an iCloud app for the Windows. Android users would have to use a third-party app to access their iCloud storage.

More information: Apple iCloud.

Bitcasa

The deal: 5GB of free cloud storage.

Details: Beyond the 5GB of free cloud storage, Bitcasa offers 1TB of storage for $10 per month or 10TB for $99 per month or $999 per year.

More information: Bitcasa Personal.

Box

The deal: 10GB of free cloud storage

Details: Box offers a number of plans, but the basic, single-user free plan comes with 10GB of storage, with a 250MB file upload size limit. The company’s other plans are targeted at teams and businesses and include more stringent security measures. A “starter” package for $5 per month comes with 100GB of storage and a 2GB file size limit for up to 10 users. A Business account for $15 per month includes unlimited storage with a 5GB file size limit. Custom-priced enterprise plans are also available.

More information: Box

Copy

The deal: 15GB of free cloud storage.

Details: Copy is a cloud service by Barracuda Networks, an IT company specializing in security and storage. For $5 per month or $49 per year users can get 250GB of storage. There’s also an EFSS product named Copy for Companies that starts at $699 for 500GB on a dedicated virtual appliance.

More information: Copy and Copy for Companies.

Cubby

The deal: 5GB of free cloud storage.

Details: Made by LogMeIn, Cubby offers additional plans starting at $4 for 100GB of storage. Users can choose many other amounts, including more than 2TBs for $100 per month. There are also business plans that come with additional security and sharing capabilities.

Dropbox

The deal: 2GB of free storage.

Details: One of the original and most popular cloud storage products, DropBox used to offer 5GB free, now it only offers 2GB. For $10 per month users can upgrade to DropBox Pro, which comes with 1TB of space. DropBox for business, for $15 per user/month provides unlimited storage.

More information: DropBox

DumpTruck

The deal: 5GB of free storage.

Details: Users can get up to 21GB by referring friends to Dump Truck – beyond that additional storage starts at $5 per 50GBs or $50 per month for 500GB (there are other options of plans in between those). VPN provider Golden Frog hosts it.

More information: Dump Truck.

Google Drive

The deal: 15GB of free storage.

Details: If you need more than the 15GB, for $2 per month customers get 100GB of storage, and for $10 per month customers receive 1TB of storage. Any data associated with your Google email account counts against your Drive storage limit, but anything stored in Google Docs, Sheets or Slides does not count against the 15GB limit. Small photos are stored for free in Google, but those larger than 2048×2048 count against your storage.

More information: Google Drive

HiDrive

The deal: 5GB of free storage.

Details: Beyond the 5GB of free storage, up to 100GB cost $6.30 month and 500GB costs 12.50 per month. HiDrive is hosted by Starto AG, a Germany technology company.

More information: HiDrive

Hive

The deal: Unlimited free storage.

Details: It’s free and unlimited, but it does come with catches. First, it’s ad-supported. Second, there are no desktop or mobile apps, so users have to access Hive directly through the website and while sharing is allowed, users must pay for HD stream sharing and customers can only share with other Hive users. Paid plans start at $8 per month, which allows for HD streaming and removes ads.

More information: Hive

IDrive

The deal: 5GB of free storage.

Details: Users can get additional storage by referring friends; or a 1TB plan is available for $44 per year. There is also a business service with additional granular security controls.

More information: IDrive

Mega

The deal: 50GB of free storage

Details: Founded by Internet provocateur Kim Dotcom, Mega offers one of the more enticing deals in the cloud: 50GB of free storage. Users can get 4TB for about $9 per month (the company uses Euros). A word of caution: Mega does not store users’ passwords, so the company recommends you keep a secondary backup of files stored in the service. Basically this means that if you lose your password, Mega can’t help you recover it.

More information: Mega

Microsoft OneDrive

The Deal: 15GB free storage

Details: Microsoft OneDrive (formerly SkyDrive) now comes with 15GB of free storage, with 100GB for $2 per month, while up to 1TB costs $7 per month. Microsoft offers other goodies too, including an extra 15GB of storage when you backup your camera roll to OneDrive, and customers can get an extra 5GB by referring friends (refer up to 10 friends at 500MB free for each friend). Microsoft Office, which gives access to Microsoft apps such as Word, Excell and Outlook, costs $7 per month (or $70 per year) and comes with 1TB of storage.

More information: Microsoft OneDrive

pCloud

The deal: 20 GB of free storage.

Details: pCloud offers initial customers 10GB of free storage and users can get up to an additional 10GB by inviting friends to the service. For even more space, pCloud offers 500GB for $4 per month or $8 per month for 1TB. PCloud started in 2013 and is based in Switzerland.

More information: pCloud

SpiderOak

The deal: 2GB of free storage

Details: SpiderOak markets itself as a secure cloud storage service with its “Zero-Knowledge” promise, which means it encrypts customer data and does not store it in plain text. Other plans include: 30GB for $7 per month or 1TB for $12 per month ($129 annually).

More information: SpiderOak

StreamNation

The deal: 20GB free storage

Details: StreamNation is meant to store photos, videos and long-form movies. It comes with sharing privileges and paid accounts give offline access to the media (so you can watch it on an airplane, for example). The service comes with a basic package of 20GB free, although users may have to refer friends or follow the company on social media sites to get that full amount. Additional storage runs $4 for 100GB, and $14 per month for 1TB. Those prices increase by $1 each if customers pay month-to-month instead of commit to a full year of service.

More information: StreamNation

Syncplicity

The deal: 10 GB of free storage

Details: Syncplicity is EMC’s enterprise file synch and share service (EFSS), which is meant to compete with Box. It offers a personal plan that comes with 10GB free per month and has other business-oriented plans starting at $60 per month, which comes with 300GB, plus 5GB for each user.

More information: Syncplicity

Via: networkworld

There are many reasons why you should get Netflix if you don’t already have it — such as the fact that it has many original shows in development and it can reduce your household expenses — but perhaps the most compelling reason is that it’sway more convenient than traditional television.

That being said, nostalgia can be a powerful force, and maybe you miss the “old way” of watching TV. On-demand entertainment is awesome, but there’s a strange appeal in being able to “surf channels” to see what’s “currently playing”.

If you feel like that describes you, then here’s the good news: there’s a new Chrome extension called OttoPlay that brings back the whole activity of channel surfing, and in addition to working with Netflix, it also supports Hulu and YouTube.

Once installed, the extension lets you pick from a particular theme (e.g. drama, comedy, girls, science fiction, anime, etc.) and will load up a “schedule” of shows to watch. It’s really simple and highly reminiscent of cable TV.

Those outside of the U.S. may experience regional playback issues due to content unavailability. It’s a bit inconvenient, but should work fine otherwise.

So if you want to cut the cord of cable but still want the magic of channel surfing, this is one way to do it. Hopefully in the future OttoPlay will support all of the other streaming services on the market.

Via: makeuseof

T9000 is being used in targeted attacks against U.S. organizations.

Researchers found a complex backdoor malware which targets Skype, capturing video, audio, and chat messages as well as grabbing screenshots and stealing files, before sending the data back to the attacker.

Researchers at Palto Alto Networks analyzed a new variant of backdoor malware that goes to “great lengths to avoid being detected and to evade the scrutiny of the malware analysis community.” T9000 is a newer variant of T5000, or the Plat1 malware family that APT actors used in spear phishing attacks after the disappearance of Malaysian Flight MH370. T9000 is being used in targeted attacks against multiple U.S. organizations, dropped by a RTF file, but its functionality indicates the malware is “intended for use against a broad range of users.”

Palto Alto Networks

Instead of having limited functionality, T9000 is described as complex, as it uses a multi-stage installation process to evade detection and fly under the radar. In stage one, researchers explained that T9000 “goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed.” Those security products include: Sophos, INCAInternet, DoctorWeb, Baidu, Comodo, TrustPortAntivirus, GData, AVG, BitDefender, VirusChaser, McAfee, Panda, Trend Micro, Kingsoft, Norton, Micropoint, Filseclab, AhnLab, JiangMin, Tencent, Avira, Kaspersky, Rising and 360.

When a malicious DLL is loaded in stage two, T9000 again queries the security products and then – depending upon what it found – uses one of three separate techniques for starting stage three. The core malware isn’t loaded until stage four, but it checks for running processes and will exit without performing malicious activity if those processes are found. The victim’s username and OS version are sent back to the attacker via C&C server, which then sends specific modules to steal data.

The first plugin runs multiple threads, taking screenshots of the desktop, monitoring the foreground window every 20 seconds, and collecting information from Skype. If Skype is running and the victim is logged in, then the target will see a dialog box asking to allow explorer.exe to access Skype.

Just say no, as the researchers pointed out:

The victim must explicitly allow the malware to access Skype for this particular functionality to work. However, since a legitimate process is requesting access, the user may find him- or herself allowing this access without realizing what is actually happening. Once enabled, the malware will record video calls, audio calls, and chat messages.

T9000 steals documents and more – even from removable drives

If a victim did allow access, then T9000 also sets out to steal other files, such as documents, presentations, and spreadsheets – even those on a removable drive – including the file types: .doc, .ppt, .xls, .docx, .pptx, .xlsx. The FlaskDiskThief plugin allows the attacker to “collect files that are being passed around from one machine to another via removable drives.”

The third plugin logs any changes, such as when a file is created, copied, moved, or deleted. The researchers suggested attackers use it “to record important actions taken by the victim, which in turn may allow them to gain additional access as well as insight into the victim’s actions.”

Palto Alto Networks included a list of indicators of compromise; the researchers hope that by sharing the details of how T9000 works, then it will help others defend themselves against the backdoor malware’s attacks.

Via: networkworld