Miranda – Page 25 – DoGoodSoft's Official Blog

Microsoft Windows also vulnerable to ‘FREAK’ encryption flaw

Computers running all supported releases of Microsoft Windows are vulnerable to “FREAK,” a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov.

The flaw was previously thought to be limited to Apple’s Safari and Google’s Android browsers. But Microsoft warned that the encryption protocols used in Windows — Secure Sockets Layer and its successor Transport Layer Security — were also vulnerable to the flaw.

“Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system,” Microsoft said in its advisory. “The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industrywide issue that is not specific to Windows operating systems.”

Microsoft said it will likely address the flaw in its regularly scheduled Patch Tuesday update or with an out-of-cycle patch. In the meantime, Microsoft suggested disabling the RSA export ciphers.

The FREAK (Factoring RSA Export Keys) flaw surfaced a few weeks ago when a group of researchers discovered they could force websites to use intentionally weakened encryption, which they were able to break within a few hours. Once a site’s encryption was cracked, hackers could then steal data such as passwords, and hijack elements on the page.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.

“The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor,” Matthew Green, a Johns Hopkins cryptographer who helped investigate the encryption flaw, wrote in a blog post explaining the flaw’s origins and effects. “This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today.”

Building backdoors into encryption isn’t only bad for China, Mr President

Want to know why forcing tech companies to build backdoors into encryption is a terrible idea? Look no further than President Obama’s stark criticism of China’s plan to do exactly that on Tuesday. If only he would tell the FBI and NSA the same thing.

In a stunningly short-sighted move, the FBI – and more recently the NSA – have been pushing for a new US law that would force tech companies like Apple and Google to hand over the encryption keys or build backdoors into their products and tools so the government would always have access to our communications. It was only a matter of time before other governments jumped on the bandwagon, and China wasted no time in demanding the same from tech companies a few weeks ago.

As President Obama himself described to Reuters, China has proposed an expansive new “anti-terrorism” bill that “would essentially force all foreign companies, including US companies, to turn over to the Chinese government mechanisms where they can snoop and keep track of all the users of those services.”

Obama continued: “Those kinds of restrictive practices I think would ironically hurt the Chinese economy over the long term because I don’t think there is any US or European firm, any international firm, that could credibly get away with that wholesale turning over of data, personal data, over to a government.”

Bravo! Of course these are the exact arguments for why it would be a disaster for US government to force tech companies to do the same. (Somehow Obama left that part out.)

As Yahoo’s top security executive Alex Stamos told NSA director Mike Rogers in a public confrontation last week, building backdoors into encryption is like “drilling a hole into a windshield.” Even if it’s technically possible to produce the flaw – and we, for some reason, trust the US government never to abuse it – other countries will inevitably demand access for themselves. Companies will no longer be in a position to say no, and even if they did, intelligence services would find the backdoor unilaterally – or just steal the keys outright.

For an example on how this works, look no further than last week’s Snowden revelation that the UK’s intelligence service and the NSA stole the encryption keys for millions of Sim cards used by many of the world’s most popular cell phone providers. It’s happened many times before too. Ss security expert Bruce Schneier has documented with numerous examples, “Back-door access built for the good guys is routinely used by the bad guys.”

Stamos repeatedly (and commendably) pushed the NSA director for an answer on what happens when China or Russia also demand backdoors from tech companies, but Rogers didn’t have an answer prepared at all. He just kept repeating “I think we can work through this”. As Stamos insinuated, maybe Rogers should ask his own staff why we actually can’t work through this, because virtually every technologist agrees backdoors just cannot be secure in practice.

(If you want to further understand the details behind the encryption vs. backdoor debate and how what the NSA director is asking for is quite literally impossible, read this excellent piece by surveillance expert Julian Sanchez.)

It’s downright bizarre that the US government has been warning of the grave cybersecurity risks the country faces while, at the very same time, arguing that we should pass a law that would weaken cybersecurity and put every single citizen at more risk of having their private information stolen by criminals, foreign governments, and our own.

Forcing backdoors will also be disastrous for the US economy as it would be for China’s. US tech companies – which already have suffered billions of dollars of losses overseas because of consumer distrust over their relationships with the NSA – would lose all credibility with users around the world if the FBI and NSA succeed with their plan.

The White House is supposedly coming out with an official policy on encryption sometime this month, according to the New York Times – but the President can save himself a lot of time and just apply his comments about China to the US government. If he knows backdoors in encryption are bad for cybersecurity, privacy, and the economy, why is there even a debate?

How to Encrypt Folder in “Encryption Year”?

Recently, the president of United States Barack Obama called himself “a firm believer of strong encryption” when he visited Silicon Valley. Although some people criticized Obama for vague statement, the actual networking environment is really worrying, and the data security is more of concern, so data encryption appears to be more important. That is someone regards 2015 as an “Encryption Year”. When it comes to encryption year, we talk about how to better encrypt folders in the new year.

Want to encrypt folders on computer? First we think of is to choose a high quality of folder encryption software. As a professional folder encryption software, Best Folder Encryptor owns powerful features but with user-friendly design, any computer users can run it easily.

The characteristics of Best Folder Encryptor:

1. Perfect self-protection, it is copy-, remove- and delete-proof.

2. With advanced-encryption algorithms, the encryption on the files and folders is super strong.

3. Easy to use, anyone can grasp it in a short time.

4. Multiple features such as folder encryption, file encryption and disk protection. It works normally in all Windows systems.

5. As long as a file or folder is encrypted by Best Folder Encryptor, even it is transferred to other devices, the file or folder still remains encryption status.

How to encrypt folders:

1. Download Best Folder Encryptor from official website(www.dogoodsoft.com/best-folder-encryptor/free-download.html) and install it;

2. Run Best Folder Encryptor, click Encrypt Folder button, and then choose a folder to encrypt;

3. Set your encryption password, select an encryption type as you wish, and then click “OK”;

Notes: There are 5 encryption types set in Best Folder Encryptor – Flash encryption, Hiding encryption, Full encryption, Diamond encryption and Portable encryption.

Flash- and Hiding encryption are well known as fast encryption and decryption, and take up no extra disk space, which is very fit for oversize folders encryption.

Full-, Diamond- and Portable encryption use the advanced encryption algorithms to encrypt folder, so the encryption on your folder can be super strong. It is good to encrypt those important folders.

Encrypt your folder, protect your data, and have a good time!

Samsung is still lying about the encryption on its Smart TVs

When news broke that Samsung’s Smart TV’s listened to conversations and sent them to a third-party server company, the Korean manufacturer countered by claiming that all data transmissions to and from its televisions were encrypted. When testing demonstrated that the data in question wasn’t encrypted (despite being sent via Port 443, which is typically used for HTTPS traffic), Samsung modified its stance, claiming that new TVs were encrypted properly but older sets were not. This, too, has now been proven false.

After last week’s findings, we spoke to the security researchers at Pentest Partners to ascertain the make and model of the TV they’d tested. The initial model was a UE46ES8000, a top-end TV for its day, but now two years old. This time around, the team tested a UE55HU7500. This screen currently retails for £1,569.86 in the UK according to Amazon. Reviews date from June 2014 through Jan 2015 and the unit is widely available — it is, in other words, a “current” Samsung TV by any reasonable sense of the word.

The team tested the new television in the same manner as the old and found that data is still being transferred in plaintext.

Still, there was a chance that a firmware update to the television would solve the problem, since the new set has been shipping for some months. An update was available, and the team applied it — to absolutely no effect. The data remains unencrypted.

Bad security will destroy the Internet of Things

After the Lenovo Superfish disaster, it’d be easy to dismiss what’s going on with Samsung’s encrypted televisions. While the Lenovo situation is orders of magnitude worse, I’d argue that both issues actually stem from the same root problem — a failure to verify that security procedures have been followed and implemented at every level.

Security is difficult, time consuming, and expensive. By its very nature, it does not respond well to corner-cutting. Companies like Samsung, with huge, cost-optimized product divisions and an emphasis on shipping a huge number of SKUs are ill-suited to the kind of lengthy test cycles that are required to properly lock down products and equipment, and unlikely to want to invest in the sort of device evaluation that’s necessary to guarantee that data is handled properly.

It’s easy to dismiss such rigor as unnecessary and to pretend that the entire burden rests on Microsoft or Google, but that attitude will kill most IoT devices in the long term. If Smart TVs acquire a reputation for risking user security due to high profile hacking incidents, consumers will learn to avoid them. Translate that across the IoT ecosystem, and the long-term market will be fundamentally compromised.

It’s time for Samsung and other manufacturers to directly name the devices they’ve locked down, the devices that remain unencrypted, and a timeline for fixing this problem.

QR codes with advanced imaging and photon encryption protect computer chips

QR, or Quick Response, codes — those commonly black and white boxes that people scan with a smartphone to learn more about something — have been used to convey information about everything from cereals to cars and new homes.

But, University of Connecticut (UConn) researchers think the codes have a greater potential: protecting national security.

Using advanced 3-D optical imaging and extremely low light photon counting encryption, Board of Trustees Distinguished Professor Bahram Javidi and his research team have taken the ordinary QR code and transformed it into a high-end cybersecurity application that can be used to protect the integrity of computer microchips. The findings were published in IEEE Photonics Journal.

“An optical code or QR code can be manufactured in such a way that it is very difficult to duplicate,” said Javidi, whose team is part of UConn’s Center for Hardware Assurance, Security, and Engineering (CHASE) in the School of Engineering. “But if you have the right keys, not only can you authenticate the chip, but you can also learn detailed information about the chip and what its specifications are.

“And, that is important to the person using it.”

Corrupted and recycled integrated circuits or microchips posed a significant threat to the international electronics supply chain. Bogus or used computer chips may not matter much when they cause poor cell phone reception or an occasional laptop computer crash in personal use. But the problem becomes exponentially more serious when counterfeit or hacked chips turn up in the U.S. military.

The problem has been exacerbated in recent years by the fact that much of the national production of microcircuits has moved offshore, where prices are lower but ensuring quality control is more difficult.

In 2012, a Senate Armed Services Committee report found that more than 100 cases of suspected counterfeit electronics parts from China had made their way into the Department of Defense supply chain. In one notable example, officials said counterfeit circuits were used in a high-altitude missile meant to destroy incoming missiles. Fixing the problem cost the government $2.675 million, the report said.

Unlike commercial QR codes, Javidi’s little black and white boxes can be scaled as small as microns or a few millimeters and would replace the electronic part number that is currently stamped on most microchips.

Javidi says he can compress vital information about a chip — its functionality, capacity, and part number — directly into the QR code so it can be obtained by the reader without accessing the Internet. This is important in cybersecurity circles, because linking to the Internet greatly increases vulnerability to hacking or corruption.

To further protect the information in the QR code, Javidi applies an optical imaging “mask” that scrambles the QR code design into a random mass of black-and-white pixels that look similar to the snowy images one might see on a broken TV. He then adds yet another layer of security through a random phase photon-based encryption that turns the snowy image into a darkened nighttime sky with just a few random stars or dots of pixilated light.

The end result is a self-contained, highly secure, information-laden microscopic design that is nearly impossible to duplicate. Only individuals who have the special corresponding codes could decrypt the QR image.

And that is important to all of us.

Chinese Version of PC Monitor Expert Updated to Version 1.62

PC Monitor Expert is a trusted computer monitoring product. It can capture every keystroke, Chat, Instant Message, visited website, screenshot, running program, application and etc of the monitored computer. It can also block the use of any program, app, chatting software, downloading software or game software as you want. Once found opening a prohibited program, the program will be closed forcibly and this act will be recorded. Meanwhile, PC Monitor Expert can send monitoring record to your e-mail which makes it convenient for you to keep tabs on the object computer remotely.

Update information of PC Monitor Expert:

File Name: PC Monitor Expert

Version: V1.62

File Size: 3.78MB

Category: Computer monitoring software

Language: Chinese

License: Trial version

Running on: Win XP/ Vista/7/8

Released on: Feb. 10, 2015

Download from: http://www.jiamisoft.com/pcsc/download.html

What’s new in this version:

– fixed a bug;

* refined the error message when sending emails;

* added the support for Enterprise QQ.

Main features of PC Monitor Expert:

1)Stealth operation: PC Monitor Expert cannot be found on the monitored computer. The monitoring software becomes invisible without any trace after installation, and it can monitor the object monitored computer secretly without letting anyone know. You can launch it by pressing hot key “Ctrl + Alt + U”.

2)Keystrokes Input Records: PC Monitor Expert can monitor all typed keystrokes, including Chinese, English, figures and functional keys. MSN or QQ chats, IMs, e-mail sent, usernames and passwords logged on some websites or e-mail can also be recorded(Warning: please DO NOT use this monitoring software for illegal use. This software won’t record sensitive passwords like QQ or MSN password).

3)Computer Screenshots Capture: Take screenshot of QQ or MSN chats window, active window or the entire compter screen. The monitored screenshots can be played automatically when you view them.

4)Opened Windows Monitoring and Control: Record all titles of opened window and the time they were opened. Prohibit opening windows containing specific block keywords in the title. For example, if you want to keep your children away from some adults contents, you can add adult contents as keyword to the prohibited list. In this way, all windows containing adults contents will be filtered automatically and PC Monitor Expert will forcibly close such web pages. Besides, this software can also record the action you open a prohibited window and opening time.

5)Running Programs Monitoring and Control: Prohibit software you specified (PC Monitor Expert has pre-configured over 30 game software). If a prohibited program is detected, PC Monitor Expert will forcibly shut it down and record this breach;

Prohibit chat software like MSN, QQ or Skype;

Prohibit using web browsers to view web pages;

Prohibit using download software to download;

Prohibit modifying system time;

Prohibit Task Manager(to prevent from ceasing active programs illegally), Registry or Control Panel etc.

6)Enhanced Functions: PC Monitor Expert can sent all monitored record (keystrokes, screenshot captured, active windows, and breaching behaviors and etc.) to a specific E-mail. You can conduct network monitoring as you wish. You can also set a password for this software and thus no one can modify settings or delete this software without the valid password. This software offers timed shutdown function with which you can schedule to shut down your computer at a certain time.

In addition, PC Monitor Expert supports disk control, which can better protect your important content.

DoGoodSoft Releases Best Folder Encryptor 16.75 with Higher Security

DoGoodSoft, one of the leading security software developers in China, offers better-in-class software for both individual and enterprise users at home and abroad. Recently, it released the latest version of its encryption software Best Folder Encryptor. In this new version, DoGoodSoft fixed certain bugs by which users will feel more security to protect their important files and folders in the computer. Besides, the company also improved user experience.

Best Folder Encryptor is a professional file and folder encryption software, which features superfast encryption along with highest security. Based on the advanced encryption algorithms, the encrypted files and folders cannot be decrypted without original password, and are prevented from copy, deletion and removal. The software encrypts your folder in five methods–flash encryption, hiding encryption, full encryption, diamond encryption and portable encryption. It encrypts file by the way of diamond and portable encryption.

DoGoodSoft Releases Best Folder Encryptor 16.75 with Higher Security

In addition, Best Folder Encryptor supports disk protection, data shredding, folder disguise, System Garbage cleanup and other enhancements.

Depend on the high quality, user-friendly design and powerful function, DoGoodSoft has won wide approval and recognition from users.

More information about the product please visit:

http://dogoodsoft.com/best-folder-encryptor/

If you want to learn more products of DoGoodSoft, please visit its website: http://www.dogoodsoft.com/

Ace Secret Disk – Protect Data Security by Creating Secret Disk on Computer

When it comes to the issue of information security, most people should be afraid but cannot come up with any solution to get rid of it. Here a well-known utility called Ace Secret Disk may settle down the headache. It is designed to be a secure tool for users to protect their data or information from leakage.

Ace Secret Disk is a kind of safe and stable encryption software that allows users to create one or more additional virtual disks on computer, where all private files such as photos, videos, financial information and other documents can be stored. It is used just like a regular disk. In this way the possibility of data leakage should be completely eradicated.

Main features of Ace Secret Disk

High Safety

With new and advanced methods, Ace Secret Disk allows users to create one or more encrypted disks on computer along with a password. The disk cannot be opened by anyone else except you. Its encryption can be super strong.

Excellent Performance

Ace Secret Disk – Protect Data Security by Creating Secret Disk on Computer

The secret disk created on computer takes up no extra space, with data export and import as fast as lightning.

Easy-to-Use

Ace Secret Disk – Protect Data Security by Creating Secret Disk on Computer The secret disk can be used just like a normal disk, which is easy for people to save private files.

Pricing and Availability:

Ace Secret Disk is compatible now with 32-bit and 64-bit of Windows 7/8, Windows XP, Vista and others. And the price of this utility is $29.95.

To experience the advantages of the mentioned features of Ace Secret Disk, or more products of this developer, please go to visit its website: www. dogoodsoft.com/

Fabulous CHK File Recovering Software – CHK File Recovery from DoGoodSoft

DoGoodSoft, one of the famous security software developers whose software is with high awareness, high quality and high loyalty, recommends an advanced file recovering tool CHK File Recovery to users.

CHK File Recovery features recovering more than 100 common file types in a quick and easy way, the file type including mp3, mp4, jpg, bmp, gif, png, avi, mov, mpg, wma, wmv, doc, docx, xls, xlsx, ppt, pptx, zip, rar, exe, dll, sql, mdb, psd and so on.

By default, CHK File Recovery can determine the file type automatically. However, if some unknown file types that cannot be recognized automatically, there is a senior function named Judge File Type Manually, which can confirm the file extension through four methods and recover it afterwards.

Improved software interface meets user preferences in a better way—simple and clear. Besides, it is easy to use – just select a disk in the browse window and click Search, then the software starts to scan the whole disk automatically. After that the search results are shown in the list of software by type. In addition, CHK File Recovery supports searching and scanning a certain folder.

To experience the advantages of the mentioned features, try it from below link:

http://www.dogoodsoft.com/chk-file-recovery/free-download.html

To learn more products of DoGoodSoft visit: http://www.dogoodsoft.com/

DoGoodSoft Updated Magic Timed Shutdown to Version 9.96

Professional PC auto-shutdown software-Magic Timed Shutdown is updated to version 9.96. In this version optimize software performance and fix a Bug.

Latest Version Information of Magic Timed Shutdown:

Version: V9.96

File Size: 4324KB

Category: Timed Shutdown Software

Language: English

License Type: Trial Version

Operating System(s): Win XP/Vista/7

Last Updated On: March 8th, 2012

Download:http: www.dogoodsoft.com/magic-timed-shutdown/free-download.html

What’s New in This Version:

+ Optimized software performance;

– Fixed a Bug.

Introduction of Magic Timed Shutdown:

Magic Timed Shutdown is a professional PC auto- and timed-shutdown software. It works as a good helper for parents and computer manager, satisfied all the needs of users.

Magic Timed Shutdown executes five tasks of auto-shutdown computers at your setting time: PC shutdown time, PC shutdown in certain time, PC shutdown after startup for some time, shutdown when network speed is less than a limitation for certain time, shutdown as keyboard and mouse without activity in limited time.

Besides, it can disable chats online, prohibit program you preset (e.g. Games), manage online time and PC usage, hide disk drives and control the use of USB devices and so on.

In a word, Magic Timed Shutdown satisfies all the needs of users who should control the use of computer.