TechzHome: 2016

Sunday 24 July 2016

5 Free Cyber Security Courses That Will Keep You Safe Online

Does ever the thought of your personal details lying unsafe online cross your mind? Have you ever thought of how to keep your personal data secure online? At some point of time, these questions do cross everyone’s mind at one point or the other.

With hacking and data breaches on the rise, internet and information safety is hugely important. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important.

For instance, if your credentials are stolen, there is very little you can do to stop their resale and reuse. However, there are plenty of free online resources designed to teach you about basic information security techniques that can keep yourself safe from criminals who could use them against you. Even though your credentials may be stolen, you can definitely lessen the potential damage that is causes.

In this article, we bring to a list of 5 free cyber and information security courses that you can take, right away to enhance your awareness of your online surroundings. Each course is designed for self-learning MOOCs (Massively Open Online Courses), and come with active communities and lecturers you can direct questions towards.

FutureLean: Introduction to Cyber Security

“Our lives depend on online services. Gain essential cyber security knowledge and skills, to help protect your digital life.” Anyone who is looking to know more about protecting their digital life, FutureLearn is the course to choose. Designed by the UK government and the Open University using the FutureLearn platform, this is an eight week long MOOC.

This free online course will help you to understand online security and start to protect your digital life, whether at home or work. You will learn how to identify the threats that could harm you online and the steps you can take to lessen the chances that they will happen to you. It basically looks to give you an understanding into basic infosec security principles, and grows on how to keep your personal data safe online.

As it is a MOOC, you will be able to work together with the other students enrolled on the course during the same period as you. Also, it does have a very active Google+ community.

FutureLearn: Cyber Security: Safety at Home, Online, in Life

The University of Newcastle’s School of Computing Science gets across this very short, three-week jaunt through information security in the modern world. This course concentrates on understanding three basic principles of Internet security: Privacy Online, Payment Safety, and Security at Home.

“As the world is increasingly interconnected, everyone shares the responsibility of of securing cyberspace” – Newton Lee, Counterterrorism and Cybersecurity: Total Information Awareness

Coursera: Internet History, Technology, and Security

This course concentrates on a range of Internet technologies, the history behind the Internet, and the requirement of increased and evolving security to remain safe in the 21st century. Instructed by Charles Severance, Associate Professor at the University of Michigan School of Information, the course comprises around 12 hours of video lectures and quizzes.

Some of the early weeks may cover information you already understand, such as how the Internet was developed, and why the Internet transformed business, which depends on your current level of knowledge. However, it all quietly flows toward security, networking, and encryption.

This course isn’t as self-paced as others, as you will be required to submit your coursework to advance to the next segment of the course.

Coursera: Cybersecurity and Its Ten Domains

The Cybersecurity and Its Ten Domains course is designed to introduce students, working professionals and the community to the exciting field of cybersecurity. Throughout the MOOC, participants will engage in community discourse and online interaction. It will give you comprehensive understanding of essential cybersecurity fields, including “governance and risk management, compliance, access control, network security, cryptography, business continuity and disaster recovery, security operations, software development security, physical and environmental security, and security architecture.” Learning will be assessed using strategies aligned to knowledge and understanding.

Coming in at just six hours, this is a slightly shorter course. However, this definitely makes it more manageable for those with time restrictions. Another advantage in this course is the diversity of languages available for learning. The video lectures are delivered in English, but come with subtitles for Dutch, Chinese (Simplified), and Portuguese (Brazilian).

Udemy: Cyber Security

The Udemy Cyber Security course aims to provide well-rounded, entry level information relating to important terms and the ideas supporting Internet security practices. The MOOC is instructed by DeVry University and Professor Robert Bunge. Starting with threat analysis and risk management, additional lessons explore core technologies such as encryption, firewalls, and intrusion detection systems. Cloud security is also featured, as are incident response, disaster recovery, and how to conduct cyber exercises. The course takes around 2.5 hours delivered over 15 lectures.

Learning is self-paced like most MOOCs. The Udemy course takes in an extensive range of security resources, from both the ethical and the hacktivist viewpoints.

Top 2 must-have FREE tools for hackers and security researchers

Here are two must-have free tools that every hacker must know and have

Hacking is one of the most abused term in the tech world today. Hacking was a term that originated in 1990s and is associated with altering to the code to suit a particular objective. By definition, hacking is the practice of altering the features of a system, to accomplish a goal which is not in scope of the purpose of its creation.

“Hacker” was a term used to denote a skilled programmer who had competency in machine code and operating systems. Such individuals were proficient in solving unsatisfactory problems and often interpreted competitors’ code to work as intelligence agents for small software companies.

Many young enthusiasts want to learn hacking and take up hacking and security research as a career choice. The first step to being a good hacker is to know all that is happening in the security world. Cybersecurity conferences such as Black Hat, DefCon, BSides and the Chaos Communication Conferencecan provide the latest security research, demonstrations and theoretical knowledge for you to move forward.

Next step would be to enroll for online certification programs. One way to ensure you have proper training, Read this report to know how to become a better security researcher. Next, come the tools. Having knowledge of these two must-have hacking tools is necessary for every hacker and security researcher.

Metasploit

Metasploit, which has been labeled the Attacker’s Playbook by many in the cybersecurity community, offers a rich library of exploits you can run on a number of different servers. You can use Metasploit to stimulate various steps of APT attacks so that in future you can spot the attack paths and vulnerabilities that might have otherwise allowed major data breaches.

However, before you can start using Metasploit to its fullest potential, you will need specific training. Offensive Security offers a free training program for the toolkit called Metasploit Unleashed.

Cobalt Strike

Cobalt Strike is another such must-have hacking tool used by hackers to emulate real network threats. You can use the tools within Cobalt Strike to conduct penetration testing. The toolkit’s website says the software includes functionality for:

Network reconnaissance
Attack packages for Java Applet, Microsoft Office, Microsoft Windows, website cloning and more
Spear phishing
Collaboration within the penetration team
Post exploitation (execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads)
Covert communications to evade security systems
Browser pivoting to avoid two-factor authentication
Reporting and logging to analyze the results of the exercise

While Metasploit offers a collection of exploits for hackers to use, the tools and functionality in Cobalt Strike helps hackers gather information and move laterally without exploits. With the combination of an exploit toolkit and a set of tools reconnaissance and lateral movement, you can successfully carry out pentesting and uncover even the deepest layer of vulnerabilities.

Top 5 Most Popular Alternatives To KickassTorrents

KickassTorrents is dead, here are top 5 Torrent site alternatives to that was once world’s most popular torrent website

With the demise of KickassTorrents the search for alternate torrent websites has already begun.

Following the shut down of kickassTorrents after its alleged founder Artem Vaulin got arrested in Poland and an order given by a federal court in Chicago which led to the seizure of all official KAT domain names including kickasstorrents.com, kastatic.com, thekat.tv, kat.cr, kickass.to, kat.ph andkickass.cr. The torrent community has now come in need of finding top alternatives to KickassTorrents aka KAT.

Since KickassTorrents has lost its position forever after its deadly demise, Torrentz has taken its place totop the list of the top most popular torrent websites of 2016

Below is the top 5 torrent site alternatives to the KickassTorrents based on various traffic reports and stats. The ranking is listed in order of the torrent websites popularity on Alexa.

1. Torrentz (Alexa rank-188) / Most popular alternative to KickassTorrents

Torrentz has been the top BitTorrent meta-search engine for many years, unlike other torrent websites it does not have any torrent or magnet links hosted on it instead it directs users to proper search results from other torrent websites.

While Torrentz started this year with ranking at 3rd in the list of most popular torrent websites it took over the rankings to beat The Pirate Bay and now has topped the chart after the demise of KickassTorrents.

2. The Pirate Bay (Alexa rank-329) / Most popular alternative to KickassTorrents

The Pirate Bay started its journey long back in 2003 and since then has faced several ups and downs with its co-founders getting arrested and facing lawsuits worth in millions of $. It made a comeback of sorts after the Swedish police raided its data center in Nacka and arrested one of the admins in 2014. The Pirate Bay is popularly known as HYDRA due to its various domains. It has switched several domains time to time to avoid the authorities. Currently, it is using its original .org domain.

3. ExtraTorrent (Alexa rank-449) / Most popular alternative to KickassTorrents

ExtraTorrent is well-known torrent website with its website design and interface making it easier to search for the content with proper category wise listing. ExtraTorrent has maintained its 3rd position in the list of top most popular torrent websites, starting from 2015. this site is also the home of the most popular torrent release groups including ETTV and ETRG release groups.

4. YTS aka YIFY (Alexa rank-690) / Most popular alternative to Kickasstorrents

yts.ag is not the original YTS or YIFY group. After the demise of original YIFY/YTS this website took its place and since it has gained lots of popularity with its unique style website look.

5. RarBG (Alexa rank-768) / Most popular alternative to KickassTorrents

Founded in 2008, RarBG gained quick popularity and provides torrent files and magnet links to facilitate p-p file sharing, the site has been blocked by UK, Saudi Arabia, Denmark, Portugal and several other countries though has managed to make it to 5th rank in top most popular torrent websites.

In addition to the above list of most popular torrent website alternative to KickassTorrents, few newcomers has also tried to clone and take place of the popular KickassTorrents.

Users are advised to block popups and not to provide their login credentials on any of the KickassTorrents clones

A member of IsoHunt team has also launched an unofficial working mirror of the KickassTorrentsas kickasstorrents.website

A redditor has given his list for Kickasstorrents alternatives which is as follows :

General purpose :

https://kat.al/
https://zooqle.com
https://www.torrentdownloads.me/
https://www.demonoid.pw/
http://www.btstorr.cc/
https://rarbg.to/top10
https://www.torlock.com/
https://extratorrent.cc/
https://www.torrentfunk.com/
https://www.limetorrents.cc/
https://1337x.to/
https://bit.no.com:43110/zerotorrent.bit

TV Shows torrents :

http://showrss.info/browse/all
https://eztv.ag/

Remember the above websites are also unverified by torrent users and you may block popups while surfing them.

IsoHunt launches a working mirror for KickassTorrents

IsoHunt launches unofficial KickassTorrents mirror, after its demise

The United States Department of Justice arrested Artem Vaulin, the kingpin of KickassTorrents (KAT) in Poland on Wednesday and shut down the widely popular file-sharing website. Now, the world’s number one BitTorrent site is back online, thanks to one of the member of IsoHunt. This torrent site has launched an unofficial mirror for KAT. It might look like the original KAT site, but upon a keen observation, it’s just a basic mirror.

IsoHunt is the file sharing organisation, which revived The Pirate Bay in April this year after Swedish government authorities raided its office.

The site, which is accessible at kickasstorrents.website, was setup yesterday and features an older copy of KAT’s database. The IsoHunt team has been hosting files on the KAT mirror only from the last one and a half years, but lacks the forums, community and support of KAT. Having said that, it does have most of the functionality that is needed for a typical torrentor and certainly looks the part.

It’s not perfect but if users need to save and archive something it’s time. We don’t know how long it can last, but at least it’s something,” the IsoHunt told VentureBeat.

It goes without saying too that uploading of new contents cannot be accommodated by the mirror at the moment as the site is far from being robust, but is certainly functional.

Besides putting the KAT mirror up, IsoHunt has called the arrest of Vaulin another attack on freedom and rights of the internet users all across the world. Therefore, IsoHunt’s team has created two petitions, with Change.org and the White House, with the hope of raising enough signatures to get Vaulin out of jail.

It’s highly unlikely the petitions will be able to achieve anything, but the U.S. government does have a rule that states petitions with over 100,000 signatures in 30 days must receive an official response.

Currently, the Change.org petition has 221 supporters while the White House petition only 69 signatures.

Below is the IsoHunt statement demanding KAT founder’s freedom, which appears the first time you access the KAT unofficial mirror.

“This morning the founder of kat.cr was arrested in Poland. It is another attack on freedom of rights of internet users globally. We think it’s our duty not to stand aside but to fight back supporting our rights. In the world of regular terrorist attacks where global corporations are flooded with money while millions are dying of diseases and hunger, do you really think that torrents deserve so much attention? Do you really think this fight worth the money and resources spent on it? Do you really think it’s the real issue to care of right now? We don’t!

“Kat.cr is a website we all know and love, and the world will never be the same without it. That’s why before it will come back we’ve made the mirror of Kat.cr with all the torrents we could find. It’s not perfect but if you want to save and archive something, now it’s the time! We don’t know how long it can last, but at least it’s something. We will continue to fight for our freedom and you’re welcome to join us! Sign this petition on Change.org and let everybody know that there are many of us who refuse to be silent.

“Our freedom is to share the human right which Artem Vaulin has been providing to millions of users from all over the world. By arresting him our rights are violated.”

How To Quickly Lock Your Keyboard And Mouse When Moving Away From The PC

These Windows tools will help you to lock your keyboard and mouse quickly when you are not around the PC

There are several methods such as setting up a local or Microsoft account to be able to rapidly lock the PC by pressing Win + L and unlock it with a password to stop your inquisitive friends or co-workers from spying on your Windows computer when you’re not around. Another method is by opting for third-party tools to quickly lock and unlock the keyboard and mouse while keeping the screen’s contents visible.

In this article, we show how you can without any effort do this with KeyboardLock, Child Lock and BlueLife KeyFreeze that are free to use.

KeyboardLock

You do not require to install this app. All you need to do is double-click the .exe file from the downloaded package to launch Keyboard Lock

You have to enter a password to lock and unlock the keyboard and mouse. By default, the password is cake, but you can change it into anything of your choice. Click Start and just type the password to lock the PC, and type it again to unlock it. While the pointer can be moved in locked mode, but nothing occurs if you try to type something or click the mouse buttons.

Please note that KeyboardLock allows the Ctrl+Alt+Delete command to be activated, so someone can do this to access Task Manager and switch to open windows.

Child Lock

An icon in the systray is created by Child Lock at start-up, which has four buttons displayed in the main window. If you wish to automatically lock the application, click Auto Lock, if it hasn’t been active in the last 10 minutes. Double-click the tray icon of Child Lock and click Cancel in the main window, if you wish to cancel this task.

Click Lock to block the keyboard and mouse immediately or press Shift+Alt+End. While they are locked, any key press or mouse click will turn the mouse pointer into the prohibited sign.

Click Allow Only to allow only a few keys to be pressed: Space, PageUp and PageDown, or Click Block Win Ctrl to block only control keys, i.e. Ctrl, Alt and Win key. This mode starts a few seconds after clicking its button to give you time to choose a window to limit the buttons inside it. The mouse pointer cannot be moved in this mode.

Activate the Shift+Alt+Home key combination to unlock the keyboard and mouse. In the main app window, click Options to review the hotkeys for locking and unlocking, if you forget them. It’s not possible to change them.

Please note that Child Lock allows the Ctrl+Alt+Delete command to be activated (even if you trigger Block Win Ctrl), so someone can do this to access Task Manager and switch to open windows.

BlueLife KeyFreeze

Since BlueLife KeyFreeze isn’t enclosed in a setup kit, you can double-click the .exe file from the downloaded package to run the program. It gets integrated into the systray.

Right-click the tray icon to lock the keyboard and mouse, and choose Lock All Keys or press Ctrl + Alt + F. There’s a small interruption before locking, during which you can cancel the task.

You can lock only the keyboard or the mouse (right-click the tray icon and choose Lock Keyboard or Lock Mouse).

Press Ctrl + Alt + F to unlock the keyboard and mouse. If you want to make changes to this combination (Ctrl + Alt + any letter or number), right-click the tray icon, go to Options, click the menu next to Hotkey for lock/unlock: and select the preferred combo. You can also block mouse movement (clear the Allow mouse movement box) or Hide mouse pointer (tick this box). Once you’re done, click Apply Options to commit alterations.

After locking the devices with BlueLife KeyFreeze, if someone sends the Ctrl + Alt + Delete command, the computer gets locked instead.

Note: The apps mentioned above cannot stop anyone from pressing the power button on your computer to shut it down, thus losing any work that has not been saved, and switching it on again to gain access to your data unless Windows login is requested. Therefore, you should still create a local or Microsoft account to make sure that your PC is secure.

Pokémon Go - 6 Important things you must know

Pokémon GO launched just two weeks ago, and people have been getting crazy to catch 'em all.

Users, on an average, are spending more time engaged with the new Pokémon GO app than any other apps like Snapchat.

But, before downloading and playing Nintendo's new location-based augmented reality game, users are required to keep the following points in their minds:

1. Unofficial Pokémon GO app might contain Malware

Since Pokémon GO is currently available in only a few countries, many third-party gaming websites are offering tutorials due to huge interest surrounding the app, recommending users to download the APK from a non-Google Play link.

Users need to "side-load" the malicious app to install the APK by modifying their Android core security settings, which allows their device's OS to install apps from "untrusted sources."

However, researchers have discovered that many of these online tutorials are linked to malicious versions of the Pokémon GO app that install a backdoor, called DroidJack, on victim's phones, enabling hackers to compromise their device completely.

2. Protect Privacy While Using Pokémon GO

If you're playing Pokémon GO, then forget about your privacy.

Since this augmented reality game requires your GPS location and a data connection (either WiFi or cellular data), you can not expect your privacy to be secured while playing this game.

However, still, users can avoid playing in locations where they do not want to be tracked.

Also, don't use your personal Gmail account to log in, as this links your personal information including your GPS location and Pokémon GO activity. Either use a burner Google account.

For this, create an all new Google account, with nothing in it, and use this account to sign into Pokémon GO as well as other apps that you may find doubtful.

Although the security hole has been patched, previous versions of Pokémon GO app required extensive permissions to your Google account, so make sure your app is up to date.

3. Beware of Pokémon GO-themed Malicious Apps on Google Play Store

Yes, malicious Pokémon Go apps have even made their ways into the official Google Play Store.

Researchers from popular antivirus firm ESET have spotted at least three fake Pokémon Go apps on the Google Play Store. Of them, the one titled "Pokemon Go Ultimate" posed the biggest threat to Android users.

Pokemon Go Ultimate renames itself "PI Network" and deliberately locks the screen of the victims’ devices immediately after being installed, rending the devices unusable.

The only ways to get the infected phone unlocked are to remove the device's battery or reboot the device via the Android Device Manager.

Even after restarting the device, the app removes itself from the device's app menu, but still continues to run in the background and silently clicks on porn advertisements in an attempt to generate ad revenue for its creators.

The worse: Researchers say that the malicious app is just one step away from being Ransomware.

Although Google has removed the fake Pokémon GO app, users who had already downloaded the app would need to uninstall PI Network manually through their device's application manager.

The rest of the two fraudulent Pokémon apps produced fake security messages in an attempt to trick users into paying for an antivirus service that actually does not exist.

Currently, all three apps seem to be removed from Google Play, but be on guard: more are likely to show up in the coming days.

So, before head out to catch 'em all, just make sure you are downloading the legitimate Pokémon Go app. Here're ESET's full advisory and security recommendations.

4. Go catch Pokémon, But Just Watch Out!

It's less than two weeks since the launch of Pokémon GO, and the Nintendo’s game is fueling public safety fears after the first major car crash in Auburn, New York.

Later it was revealed that a 28-year-old car driver was reportedly playing "Pokémon GO" and got distracted, thereby ran his vehicle off the road and crashed into a tree.

Another case reported by the San Diego Union-Tribune involved two men apparently playing Pokémon GO were rescued after falling off a 90-foot ocean bluff in California Wednesday afternoon.

The victims are fine, but that's not the point.

The point here is that do not put your or others lives in danger. Don't play the game while walking, driving and biking.

The Auburn Police Department has also released an advisory to remind drivers to use "common sense" while catching Pokémons and keep their eyes on the road at all times.

Here're some important points that players must keep in their minds:

Do not use the Pokémon GO app when you are operating a motor vehicle or bicycle.
Do not trespass onto private property when trying to catch a Pokemon.
Be aware of your surroundings when searching for Pokémon and do not just stare your phone without knowing hazards around you, like roadways, drop-offs, and waterways.
Always use caution when sharing your locations — strangers can see your location data.
Travel in groups in public/well lit areas.

In simple words: don't be a dumb crap; grow up!

5. Pokémon GO: Crimes, Robberies, Deaths & Other Problems

The game craze has been blamed for several robberies of distracted smartphone players.

Pokémon GO sends players out to capture the virtual Pokémon characters that are superimposed in parks, streets, stores as well as inappropriate locations like the Holocaust Memorial Museum, 9/11 Memorial, and Arlington National Cemetery, as reported by CNN.

Across the America, the gamers have been drawn down dark alleys and into dangerous neighborhoods in search of the Pokémon characters, only to be targeted by criminals.

So, Pokémon fans need to be a little more vigilant while playing the game, because your life and your money are more important to an imaginary character.

6. Pokémon GO Cheats, Hacks, Punishment and Bans

Since Pokémon GO has taken the world by storm with gamers of all ages joining in with the Pokémon catching fun, players are making use of Pokémon hack and cheats to catch Pokémons with fewer efforts.

This augmented reality game requires gamers to walk around homes, parks and local surroundings to find new Pokémon, as well as achieve goals like hatching incubating eggs.

One can find the most common Pokémon in the distance of 2km eggs, with the rarest ones in the 10km eggs. This means you are required to walk a lot if you want to advance in the game.

So, players are using tricks like placing their phones on a record player or tieing their phones with a fan in order to increase their walking distance in no time at all.

In fact, tech-savvy players are spoofing their GPS locations with rooted and jailbroken devices, so that they can catch Pokémon without physically going to locations where the imaginary characters are actually located.

However, before using these cheats, players should be aware of the fact that they can be banned for up to five hours from playing the game.

Even worse, cheaters are being punished by encountering wild Pokémon characters, which runs away from them.

Although the company, as of now, is not imposing harsher punishments or bans, some rumors claim that Niantic could completely block players after a certain number of temporary bans.

So, we advise users to walk and find their favorite Pokémon characters as guided by the map.

Play the game the right way. Gotta catch 'em all!

Uh-Oh! Pokémon GO grants itself 'Full Access' to your Google Account — Fix It NOW

Nintendo's new location-based augmented reality game Pokémon GO has been making rounds since its launch just a few days ago. People are so excited to catch 'em all that brought Nintendo's market-value gains to $7.5 Billion (£5.8 Billion) in just two days – the highest surge since 1983.

Due to the huge interest surrounding Pokémon GO, even hackers are using the game's popularity to distribute malicious versions of Pokémon GO that could install DroidJack malware on Android phones, allowing them to compromise user's devices completely.

However, the latest threat is related to the privacy concerns raised about the iOS version of the official Pokémon GO app.

Pokémon GO – A Huge Security Risk

Adam Reeve labeled the game "malware," saying that Pokémon GO is a "huge security risk" as the game, for some reason, grants itself "full account access" to your Google account when you sign into the app via Google on iPhone or iPad.

Yes, you heard that right: Full Account Access.

Any app, according to Google's own support page, that granted Full account access, can:

"See and modify nearly all information in your Google Account (but it can't change your password, delete your account, or pay with Google Wallet on your behalf)."

What exactly this means is quite unclear, but Reeve claimed that the Nintendo's Pokémon GO – developed by Niantic – can now:

Read all your email.
Send email on your behalf.
Access your Google Drive documents (including deleting them).
Look at your search history as well as Maps navigation history.
Access your private photos stored in Google Photos.
And a whole lot more.

Although Reeve, who reported the issue on his Tumblr blog, said this issue appears to mostly affect iOS users, some Android users are reporting that their devices are also being affected.

Pokémon GO doesn't Intend, but has Power to look inside:

Game developer Niantic, who is behind the smash-hit game Pokémon GO, released a statement saying that it never intended for its game to get full access to your Google account and that the app hasn't accessed any user data beyond "basic profile information" such as your User ID and email address.

Niantic also said that the company is actively working on a fix to downgrade the permission.

"We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user's Google account," Niantic said.

"Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access."

Well, agreed that Pokémon GO didn't intend to look inside your Gmail inbox, but there is no doubt that the app was initially granted wildcard access to users Google accounts.

How to Revoke Pokémon GO's Access to Google Account

In the meantime, gamers can revoke Pokémon GO's full account access to their Google account.

Here's how to revoke it:

Head onto your Google account permission page and look for Pokémon GO.
Select Pokémon GO Release and click "REMOVE" button to revoke full account access.
Launch Pokémon GO on your device and confirm it still works.

This will immediately revoke the Pokémon GO app's access to your Google account, but the downside is that users may lose their game data.

Another simplest approach is to use a burner Google account. For this, create an all new Google account, with nothing in it, and use this account to sign into Pokémon GO as well as other apps that you may find doubtful.