Why Hotspot Shield's co-founder puts privacy over profits

One tech chief said it's by design that only a fraction of his customers pay for his service.

NEW YORK -- Every time a site goes dark or a connection is lost amid protest, scandal, or revolution, David Gorodyansky usually finds out hours or even days before the media does.

In the wake of the Arab Spring in 2010, his company helped more than a million users in Egypt get access to social media again literally overnight. That same year, his company set up an email autoresponder with its privacy app attached for users in China after the government blocked the company's website. The number of users in China quadrupled in just a few days. And, last year when the Turkish government blocked access to Twitter, his company saw two million users in three days use his service to circumvent the blocks.

His company AnchorFree developed Hotspot Shield, a networking app, which allows users across the world to bypass state censorship and internet provider filters from their computers or phones. The app helps its users to bypass state censorship by encrypting and tunnelling a user's internet traffic through servers located outside of their country.

"We've been an enabler for getting to information pretty much every time an internet provider or governments has tried to block access to information," said Gorodyansky, as part of an hour-long interview in mid-December.

A Moscow native and now a US citizen, Gorodyansky, 33, co-founded AnchorFree a decade ago, putting him in the somewhat quieter ranks of chief executives who started major Silicon Valley tech companies in their early adult lives.

But where other companies -- Facebook, Twitter, Google, and Microsoft and Apple -- focused on drawing in as many users for the greatest annual profit, Gorodyansky said he is driven by an entirely different mission.

"We believe security and privacy are basic human rights for really every person on the planet," said Gorodyansky. He said that the 400 million people who use Hotspot Shield, which is growing by hundreds of thousands of installs each day, come from every country in the world. He argued that the next five years will have billions of people joining the internet, mostly from developing nations, where online privacy is a commodity.

Thanks to combined funding of $63 million, including $52 million from Goldman Sachs in 2012, AnchorFree has expanded rapidly in the past three years. The company's network spans a dozen countries, and has an internet capacity larger than eBay's.

Though the company is for-profit, Gorodynasky argued that where people can't pay for privacy, they shouldn't. The 3 percent of users who subscribe to its premium "elite" service, which removes ads and expands the service's virtual reach to a number of other countries, makes up the bulk of the company's revenue.

Gorodynasky admits that while he wants his company to deliver privacy, security, and freedoms to the next five billion people, living in the present day is more like internet Whack-a-Mole by reacting to events as they unfold. For example, the company can tell that so-many-million people visited Facebook, or Twitter, or another site based on data collected on domains visited in aggregate. "That's all we know," said Gorodynasky. "We don't have names, or know data per user." The aggregate metric helps the company to ensure that access to a particular site in high demand is as good as it can be.By offering his service for free to 97 percent of his customers, as he explained it, he aims to "open up the world's borders and allow information to flow freely."

"We're very reactive," he said, as he reeled off examples of internet blockades in Turkey, as well as preemptive events, such as helping users watch events like the World Cup from countries where broadcast streams aren't available.

One example stood out among the rest. When hundreds of thousands took to the streets in Venezuela two years ago in protests over government policies and censorship, Gorodynasky made the call to give away its privacy software for free to his users in the country, likely to the short-term financial detriment to the company that could have easily capitalized on the situation.

Privacy is the "same" for everyone, he said, whether it's an on-the-ground activist fighting government oppression using his free service, or an airport-dwelling executive using the paid service.

"I might have 'nothing to hide'," he said, "but I've got a lot to protect."

more »

The Best Antivirus for 2015

In a perfect world, your neighbors would maintain their homes and lawns, drivers would model politeness on the road, and you wouldn't have to worry about malware attacks on your computer. Yeah. But in our world, the guy next door parks rusting autos on his dead lawn, road rage is everywhere, and the Internet just isn't a safe place. Unless you keep your computer in a Faraday cage with no connection to the outside world, you can't reasonably go without antivirus software.

Despite being called "antivirus," these utilities aren't limited to protecting against computer viruses. They actually handle Trojans, rootkits, adware, spyware, ransomware, and all kinds of malicious software, and some of them do a very good job. PCMag has reviewed over 30 different commercial antivirus utilities, and that's not even counting the many free antivirus tools. Out of that extensive field we've named four Editors' Choice products. Six more of the premium editions proved effective enough to earn an excellent four-star rating. More than a dozen others earned at least three stars.

Almost all of these products are traditional, full-scale, antivirus tools, with the ability to scan files for malware on access, on demand, or on schedule. A couple are outliers, tools meant to enhance the protection of traditional antivirus. As for just relying on the antivirus built into Windows 8.x or Windows 10, that may not be the best idea. In the past, Windows Defender has performed poorly both in our tests and independent lab tests, though it did score a recent win.

Most of these products are also suitable for use by small businesses. However, your business might be better off with the full protection of a security suite. If your business has more than a handful of employees and computers, the managed security offered by a SaaS endpoint protection system is probably more appropriate.

more »

The Best Password Managers for 2015

The Best Password Managers for 2015

Year after year studies reveal that the most-popular passwords are just awful. Obvious passwords like "123456" and "password" top the lists. Worse, many people use the same lame password everywhere. It doesn't take a hacker to break into an account that uses one of these terrible passwords, just a good guesser. The problem is, avoiding same passwords and lame passwords is really hard—too hard for most people to manage without help. Fortunately, help is available in the form of password management software.

For your own sanity and security, install a password manager and change all of your passwords so every single one is different, and every single one is long and hard to crack. Until our Internet culture evolves into some post-password Nirvana, everybody needs a password manager, even our own John Dvorak. There are plenty of good choices. All the commercial password managers listed here earned 3.5 stars or better. Strapped for cash? We've rounded up free password managers separately.

The Basics

The typical password manager installs as a browser plug-in to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. And, if you've saved multiple logins for the same site, the password manager offers you multiple account login options. Most also offer a browser-toolbar menu of saved logins, so you can go straight to a saved site and log in automatically.

Some products detect password-change events and offer to update the existing record. Some even record your credentials during the process of signing up for a new secure website. On the flip side, a password manager that doesn't include password capture and replay automation needs to offset that lack with significant other assets.

Getting all of your existing passwords into the password manager is a good first step. Next, you need to identify the weak and duplicate passwords and replace them with tough ones. Many password managers flag weak and duplicate passwords, and some offer help with the update process. The very best ones can automate the password-change process for you.

When you create a new secure account or update a weak password, you don't want to strain your brain trying to come up with something strong and unique. Why bother? You don't have to remember it. All but one of our top-rated products include a built-in password generator. Make sure your generated passwords are at least 12 characters long; some products default to a shorter length.

Entering a password like ^@\V3B.u|j@Z}c?sAE on your smartphone's tiny keyboard can be tough. Fortunately, almost all of our top password managers can sync across all of your Windows, Mac, Android, and iOS devices. A few even let you authenticate on iOS or Android with your fingerprint rather than typing the master password. Most include some form of two-factor authentication, be it biometric, SMS-based, Google Authenticator, or something else entirely.

Fill Those Forms

Since most password managers can auto-fill stored credentials, it's just a small step for them to automatically fill in personal data on Web forms—first and last name, email address, phone number, and so on. Most of the top-rated products include Web form-filling. The breadth and flexibility of their personal data collections vary, as does their accuracy when matching Web-form fields with their stored items. Even if they miss a field or two, the ones they do fill are ones you don't have to type. Think about how many sites you go to that want all the same information; this feature is a huge time-saver.

Different products handle form-filling in their own ways. Some immediately fill all recognized fields, some wait for you to click in a field, some pop up and ask what you'd prefer. You'll even find products that offer your choice of credit cards using realistic images with the correct color and bank logo!

Advanced Features

Given that all these products take care of basic password management tasks, how can one product stand out from the pack? One handy advanced feature is managing passwords for applications, not just websites. Another is provision of a secure browser, designed to protect sensitive transactions and invoked automatically when you visit a financial site. And of course automating the password change process is a big plus.

As noted, these top products let you sync your passwords across all of your devices. Some of them also include a built-in mechanism for securely sharing passwords with other users. Some let you share a login without making the password visible, some let you revoke sharing, and with some the sharing goes both ways—that is, if the recipient makes a change it will change the original.

On a grimmer note, what happens to your secure accounts after you've died? A few products include some provision for a digital legacy, a method to transfer your logins to a trusted individual in the event of your death or incapacity.

The Very Best

Veteran password manager LastPass 3.0 Premium offers an impressively comprehensive set of features. Slick and polished Dashlane 3 also boasts a ton of features, even some that LastPass lacks. Sticky Password Premium handles essential tasks better than most, and a portion of every purchase goes to help an endangered species. But even the products not named as Editors' Choice have their merits; you may prefer one of them. Read our reviews to decide which will serve you best.

more »

Saudi Arabia came close to buying Hacking Team

The Saudi Arabian government came close to buying control of Italian surveillance software company Hacking Team, notorious for selling its product to undemocratic regimes, according to hacked emails posted by WikiLeaks.

The negotiations were handled by Wafic Said, a Syrian-born businessman based in the U.K. who is a close friend of the Saudi royal family, and also involved Ronald Spogli, a former U.S. ambassador to Italy, who had an indirect investment in Hacking Team.

The deal collapsed in early 2014 after the removal of Prince Bandar bin Sultan as head of the Saudi intelligence service. The former Saudi ambassador to Washington had backed the purchase but it was not supported by his successor.

Saudi Arabia has long had a reputation as a human rights violator and this week it emerged that a Saudi court had confirmed a death sentence on a young man convicted of participating in antigovernment protests inspired by the Arab Spring. Ali al-Nimr has been sentenced to be beheaded and then crucified for crimes he allegedly committed at the age of 17.

Eric Rabe, a spokesman for Hacking Team, said the talks had never been close to completion. Countries such as Saudi Arabia were allies of the West and it was important that they should receive instruments that enabled them to combat crime and terrorism, he said in a telephone interview.

"If our technology is sold to a repressive regime it does not automatically mean it will be used to terrorize dissidents and repress democracy," Rabe said.

In late 2013 the negotiations to sell control of Hacking Team to Said's investment company Safinvest appeared to be progressing. On December 4 the billionaire philanthropist, who donated the prestigious Said Business School to Oxford University, wrote to Hacking Team CEO David Vincenzetti to assure him he was 100 percent committed to the project.

"You must have faith and trust me. We are serious and do not want to waste time or money," Said wrote in one of more than a million company emails posted online followinga disastrous security breach at Hacking Team in early July.

On Feb. 10, 2014, a senior manager at Safinvest, Charles Stauffer, wrote to Vincenzetti to spell out some of the details of the transaction. Ironically, the Saudi-owned company was to be called Halo -- the circular symbol used to denote a saint in Christian art -- and the price was set at 37 million euros (US $42 million).

"Joint Venture company would be formed in the country and this will contract with The Client to execute the new project," Stauffer wrote. The email discussed the training of local staff and office space requirements.

Another email, sent by Vincenzetti to a business adviser on January 14, indicated that Hacking Team did not intend to allow its activities to be cramped by international agreements restricting the export of dual-use technologies to repressive or belligerent regimes.

"The newco should be away from countries adhering to the new, forthcoming export regulations on ‘offensive technologies’ which will [be] dictated by the recent Wassenaar Arrangement," Vincenzetti wrote. "We would like the newco to be in a country which will not impair the export of our technology."

Vincenzetti helpfully included a link to a list of countries participating in the Wassenaar Arrangement, which aims to encourage responsibility in the transfer of conventional arms and dual-use technologies, so that those countries could be avoided.

On April 14 Vincenzetti sent colleagues a newspaper article on Prince Bandar’s ouster as head of Saudi intelligence, saying it provided "further clarification as to why things didn’t move forward with W. [Wafic]."

"Hacking Team had a long legal battle to get permission to export its products to problematic countries. It's paradoxical that it couldn’t sell its software to Saudi Arabia but it could sell them the entire company," said Marco Lillo, the Italian journalist who first reported on the existence of the Saudi-related emails for the newspaper Il Fatto Quotidiano last month.

Despite Vincenzetti's close links to the Italian secret services -- he sold his company's Remote Control System to the foreign intelligence service AISE -- and the fact that a company owned by the Lombardy regional government had a 26 percent stake in Hacking Team, there is no evidence that the national government took any steps to prevent the sale. A spokesman for the Prime Minister's office said by SMS that he had no information on the subject.

It is probable that the U.S. government would have been made aware of the pending sale by Spogli. A venture capitalist and member of the board of trustees of Stanford University, the former ambassador owned a 10 percent stake in an investment company, Innogest, which controlled 26 percent of Hacking Team.

Spogli had only a minimal involvement in the Saudi negotiations, an Innogest official said by phone. He declined to comment further. Neither Said nor Spogli responded to requests for comment.

As well as being used to track Sunni fundamentalist terrorists, Hacking Team's technology was very likely deployed against Saudi Arabaia's internal Shia opposition to the regime, said Liisa Liimatainen, a Finnish journalist and author of a book on the battle for female emancipation in the Gulf kingdom.

"There are a lot of bloggers and very lively debates on Twitter, but it's a medieval state," Liimatainen said in a telephone interview. "They monitor Internet and use terrorism laws against civil society. Facebook activity and corresponding with a foreigner can be considered crimes in themselves," she said.

Hacking Team’s Rabe said he had no information on who was responsible for the disastrous hack that spilled 400GB of the company's internal data onto the Web. "It was a sophisticated attack and we don't believe its success was down to poor passwords," he said. Rabe said he didn't think the hack was the work of corporate rivals, as competitors were unlikely to post the results online.

"It was people who were trying to destroy our company. Our clients have been extraordinarily loyal and patient," he said. Around 40 software engineers spent the summer working around potential countermeasures resulting from the hack, Rabe said. "In fairly short order we’ll have people back using the system."

more »

How to set up PayPal authentication to beat phishing attacks

As a major a payment system, PayPal is heavily targeted by criminals using phishing attacks (bogus sites that look like the real thing but aren’t), usually using 'password reset' emails. Protecting accounts using two-factor authentication (2FA) is therefore essential despite the fact that few users seem to be aware the service offers this form of security.

Unfortunately, although PayPal implements 2FA it can be confusing and, in our view, potentially insecure. It is still worth using against relying solely on the traditional email address and password login.

2FA is enabled on PayPal by clicking on the gear wheel icon in the top right of the account overview and clicking on the security tab. This offers five options – the one needed is confusingly labelled ‘Security Key’. Users then register their mobile phone number after which they are sent a 6-digit one-time PIN (OTP) number via SMS every time they either log into PayPal or debit money from their account to pay for something. This means that even if a criminal has the user's user name and password they can’t access the account without also receiving the one-time PIN sent to the registered mobile phone number.

What happens if users mislay their mobile phone to receive the OTP PIN? Even with the phone, moble services aren't reliable from every location. Remember without the phone it shouldn’t be possible to log into the account until the account SIM/number has been reinstated on a new phone or SMS access returns. But in turns out there is a way around this by answering two old-fashioned security questions such as the name of a childhood best friend or a pet as long as these were set up in the security settings during a previous visit.

An alternative and more sopisticated for of 2FA is to buy and enable a what PayPal calls a Security Key Card, which we understand to be the proprietary VeriSign Identity Protection (VIP) card which generates OTPs at the user’s end. It can also be embedded on the excellent Yubikey token we covered earlier in 2015. We’d tell you more about this card but unhelpfully the link on the PayPal returns a ‘page no longer exists’ message and clear information about setting it up in the UK is scant. We will amend this feature if we get a response from PayPal but it’s possible it’s not been rolled out to all countries yet. 

PayPal’s basic authentication should be better than this. Security questions are a major weakness because they can often either be guessed or winkled out of the user using social engineering. It's true that authentication is always going to be a trade-off between hassle and security but in our view Google’s 2-Step Verification system uses a better backup procedure in which the user sets a secondary phone number, either mobile or mainline number. Google also allows users to print out a set of unique one-off backup codes that can be used in an emergency and offers the Authenticator app for mobile use.

As for hardware tokens such as the U2F-compliant Yubikey token, the search giant makes it much easier to set up this kind of service than PayPal.

more »

Exploit kit activity up 75 percent in third quarter 2015

Infoblox, the network control company, has announced that creation of DNS infrastructure by cybercriminals to unleash exploit kits increased 75 percent in third quarter of 2015 from the same period in 2014, as reported in the newest edition of the Infoblox DNS Threat Index, powered by cyberthreat intelligence firm IID.

Exploit kits are a particularly alarming category of malware because they represent the automation of cybercrime. A small number of highly skilled hackers can create exploit kits, which are packages for delivering a malware payload, and then sell or rent these toolkits to ordinary criminals with little technical experience—vastly increasing the ranks of malicious attackers capable of going after individuals, businesses, schools, and government agencies.

The Infoblox DNS Threat Index measures the creation of malicious DNS infrastructure, including exploit kits. Four exploit kits—Angler, Magnitude, Neutrino, and Nuclear—accounted for 96 percent of total activity in the category for the third quarter.

Most exploit kit attacks are distributed through spam emails or compromised web sites, or are embedded in online ads. When users click a link in the emails or ads, the exploit kit takes advantage of vulnerabilities in popular software to deliver a malware payload that can perform actions such as planting ransomware, capturing passwords for bank accounts, or stealing an organization’s data.

Cybercriminals need the Domain Name System (DNS) to register domains for building the “drive-by” locations where exploit kits lie in wait for users, and for communicating with command-and-control servers that send instructions to infected devices and extract information.

“Exploit kits are behind some of the highest-profile attacks in recent months,” said Craig Sanderson, senior director of security products at Infoblox. “For example, a recent Angler attack on a major British newspaper implanted malicious ads on the site for five days, potentially exposing millions of online visitors to infection.”

“Cybercriminals don’t stand still, and exploit kits are constantly evolving to take advantage of newly discovered vulnerabilities and to avoid traditional security systems,” said Rod Rasmussen, chief technology officer at IID. “Organisations need to protect themselves by plugging into reliable sources of threat intelligence, then use that intelligence to disrupt malware communications through protocols such as DNS.”

The Infoblox DNS Threat Index, which is the first security report to analyse the creation of malicious domains, has a baseline of 100—the average of quarterly results for the years 2013 and 2014. In Q3 2015, the index stood at 122, up 19 percent from Q3 2014 and down 8 percent from a record high of 133 in Q2 2015.

DNS is the address book of the Internet, translating domain names such as www.google.com into machine-readable Internet Protocol (IP) addresses such as 74.125.20.106. Because DNS is required for almost all Internet connections, cybercriminals are constantly creating new domains to unleash a variety of threats including exploit kits, phishing, and distributed denial of service (DDoS) attacks.

more »

Boot up: unfair big data, 10 security laws, Siri as a friend, Whisper investigated

Boot up: unfair big data, 10 security laws, Siri as a friend, Whisper investigated

Plus top ten (and more) requests for Windows 10, Android Silver melts away, the Spotify payments reality, 5K Macs and more

 

 

 

more »

AVG AntiVirus Free 2016 v16.0.7227

AVG AntiVirus Free 2016 v16.0.7227 

FreewareFiles Editor's Review  Editor´s Rating If you want free antivirus software that can give you peace of mind, then AVG AntiVirus Free is your ideal solution. The program will protect your computer against viruses and other malicious applications by doing more than scanning your system.Features: Provides real-time protection to ensure computer is always safe via AVG Resident Shield AVG On-Demand Scanner allows users to schedule tests AVG E-mail Scanner checks for any malicious content hidden in e-mail messages AVG Virus Vault handles infected files safely Unlimited updates of the free virus database Blocks infected links Checks files before downloading Using AVG AntiVirus FreeThe installation package include many components that are automatically installed by default. However, custom support allows users to select the components they would like to install. These components include identity, Web browsing and e-mail protection. Since AVG AntiVirus Free is ad-supported, it offers third-party tools and makes changes to Web browsers. However, we paid closer attention during installation and avoided clicking “Next” unnecessarily, which was enough to skip the things we did not want. The new AVG AntiVirus Free has adopted the appearance of Windows 8, featuring flat buttons on a neatly organized user interface. The program has several enhanced features, which are useful for protecting personal data both locally and online. The latest release includes an innovative cloud-based detection method that gives users the most up-to-date protection based on the latest virus definitions and other algorithms. With Outbreak Detection feature, the program enables users to take fast steps to nip emerging threats in the bud. The program let us scan custom folders and files, removable drives or a whole computer. We could also set it to scan for rootkits alone. Indeed, the free antivirus software has customization options that enable advanced users to configure its complete scanning behavior. Some of the things we could configure included scan speed, exceptions, automatic virus removal, tracking cookies, heuristics, archives, PUP and spyware reports, file extensions and automatic PC shutdown. In addition to verifying both outgoing and incoming e-mails, we also used the program to filter spam. It is compatible with POP3, IMAP and SMTP. The program also scans suspicious activities and applications to prevent identity theft. ConclusionAVG AntiVirus Free is a powerful program for giving PCs an all-rounded protection. Its default configurations allow novice users to have comprehensive protection, and advanced users can adjust it to suit their preferences.

Software Product Description With this free distribution version of the popular AVG Anti-Virus system, you will get a reliable tool for your computer protection against computer viruses.

more »

​CoreOS introduces Clair, a container security monitoring tool

CoreOS's new open-source project Clair, monitors containers security. Since it's so easy for security holes to hide in containers this is no small matter.

CoreOS, los creadores de Linux para implementaciones masivas de servidores y una potencia de contenedores en su propio derecho, está trabajando en una respuesta:  Clair.

This is an open-source project that will provide a tool for monitoring your containers' security. Quentin Machu, a CoreOS software engineer, explained, "Clair is an API-driven analysis service that provides insight into the current vulnerabilities in your containers. It allows you to easily build services that do on-going detection of the vulnerabilities. Clair is open source because CoreOS believes tools that help improve the security of the world's infrastructure should be available to all users and vendors."

In addition, Quay, CoreOS's container registry, will incorporate this new security program in Security Scanning. This new Quay Security Scanning feature, CoreOS claims, will automatically detect and report vulnerabilities in containers.

In internal testing, Quay Security Scanning has already scanned millions of containers. The bad news is that it found that nearly 80 percent of these containers have major vulnerabilities, such as Heartbleed.

Fortunately, CoreOS Linux contains an auto-update tool which patched Heartbleed at the operating system level. Unfortunately, that still leaves a lot of containers with serious security problems hiding inside them. And now you know why serious system administrators lose sleep over containers.

Here's how Quay Security Scanning will work at high level. Every time an image is pushed into Quay, the analysis system will check for vulnerabilities, flag it in the interface, and send a notification. This message will include the level -- high, medium or low -- of the vulnerability. It will include a description of the packages' problem. In the portal, a link is included to the vulnerability's source information. This will include, when available, the steps required to patch the vulnerability.

Clair, in turn, according to Machu, "scans each container layer and provides a notification of vulnerabilities that may be a threat, based on the vulnerability databases Common Vulnerabilities and Exposures (CVE)maintained by Red Hat, Ubuntu, and Debian. Since layers can be shared between many containers, introspection is vital to build an inventory of packages and match that against known CVEs."

You will be able to try Quay Security Scanning with Docker and rkt (formerly Rocket) containers.

Matthew Garrett, CoreOS's principal security software engineer, added in an e-mail,

Vulnerabilities in software are an unfortunate fact of life, and it's vital that admins know about them as soon as possible and be able to apply fixes. Containers add additional security by strengthening the boundaries between applications, but existing ops tooling is frequently unaware of containers and unable to notify admins of potential issues. The Quay Security Scanner, powered by Clair, will increase the visibility of vulnerabilities at the container layer and make it easier for admins to ensure that their networks remain secure. In order to help achieve the CoreOS goal of improving the security of the Internet, we are open sourcing Clair today so the entire industry can benefit.

Let's hope it works as well as CoreOS thinks it will. Containers need a much higher level of security to fulfill their promise.

more »

How to securely wipe an Android smartphone or tablet

How to securely wipe an Android smartphone or tablet

Getting rid of your current Android smartphone or tablet, but want to make sure that all your data has been securely deleted? Here's what you need to know.

Getting rid of your Android smartphone or tablet, but want to make sure that all your data has been securely deleted? Here's how you go about the task.

1. Back up all your data; because once it's gone, it's gone. There's no undo button you can press.
2. Next, plug the charger into the device so it's getting power for the deletion process. This is important because the process can take hours.
3. Go to Settings > Security > Encrypt phone (or Encrypt tablet) to begin the process on Android 4.4 or lower, or go Settings > Security >Screen lock to begin the process on Android 5.0 and higher (this is unnecessary on new devices running Android 6.0 Marshmallow).
4. You will be guided through the process. Set a strong password. Don't bother encrypting the SD card because you can pop this out and keep it rather than wipe it. This process can take over an hour, so be patient and make sure you have the time.
5. Go to Settings > Backup & reset > Factory data reset and then tapReset phone (or Reset tablet).
6. Once this process is complete your data is gone. Technically, it's still written there on the flash memory in what is now reported as free space, and will eventually be overwritten. Because it's encrypted recovering it would be difficult. However, if you want to completely eradicate it, jump to the next step.
7. The best way to get rid of the encrypted data is to overwrite it with new data. There are two ways you can do this. You can load some big files onto the device (big video files are ideal for this) until the storage is full up and then delete these files, or you can use a custom app such as iShredder to digitally "shred" the data.

That's it! Your data is now gone, and you're safe to pass the smartphone or tablet on.

more »

​How to easily defeat Linux Encoder ransomware

First things first. Linux.Encoder.1, the "Linux" crypto-ransomware, is not a Linux security hole. This malware relies on a security hole in the Magentoweb e-commerce platform, not Linux.

If you use Magento and haven't patched it since February 9, 2015 -- yes it's been that long -- then, and only then, are you vulnerable. Otherwise, your site can't possibly get Linux.Encoder.1.

The Magento attack resembles ransomware programs such as Windows'CryptoWall and TorLocker. They encrypt your files and then demand payment for the key to unlock your documents.

Let's say you do use Magento and you were foolish enough to leave an e-commerce platform unpatched for over half a year. Patch it. Patch it now.

The ransomware guide: protection and eradication

If you're staring at your server in horror and far too many of your files are encrypted by an attacker and your directories all have a file entitled "README_FOR_DECRYPT.txt," congratulations, you've got it. It appears that about 2,700 red-faced website administrators have Linux.Encoder on their servers.

The good news is it's easy to get rid of.

You could, of course, pay the ransom fee of one Bitcon, $325 at the moment. I do not recommend you do this. Besides just encouraging ransomware programmers, the crook's fix doesn't work well. Security expert Brian Krebs reports that one system administrator who paid up, got his files back but, the "decryption script that puts the data back ... somehow ... ate some characters in a few files, adding like a comma or an extra space ... to the file."

So, I don't care how desperate you are, paying the ransom is a dumb move.

You can also have Dr. Web, the Russian security company, that discovered Linux.Encoder, try to recover your files for you. This service is only available to Dr. Web commercial programs subscribers. These programs are Dr. Web Security Space or Dr. Web Enterprise Security Suite.

You see the would-be cyber-criminals made a fundamental mistake. Their encryption method uses a faulty implementation of Advanced Encryption Standard (AES) to generate the encryption key. Specifically, as the anti-virus companyBitdefender reported, the "AES key is generated locally on the victim's computer. ... rather than generating secure random keys and IVs [initialization vector], the sample would derive these two pieces of information from the libc rand() function seeded with the current system time-stamp at the moment of encryption. This information can be easily retrieved by looking at the file's time-stamp."Or, you can what I recommend, and just crack open your files yourself.

Armed with this, it's trivial -- well, for encryption experts -- to find the key you need to restore your files. Since most of you don't know your AES from your Playfair, Bitdefender is offering a free Python 2.7 script to obtain the Linux.Encoder key and IV for your containinated server.

Here's how to use it.

If you can boot your compromised server, download the script, and run it as root . If you can't boot, download and decompress the file to a Linux live USB stick. For this job, I recommend the SystemRescueCD Linux distribution.

Then, mount the encrypted partition using the shell command :

mount /dev/[encrypted_partition]

Generate a list of encrypted files with the following command:

/mnt# sort_files.sh encrypted_partition > sorted_list

Issue a head command to get the first file:

/mnt# head -1 sorted_list

Run the decryption utility to get the encryption seed:

/mnt# python decrypter.py -f [first_file]

Decrypt all the other infected files using the displayed seed:

/mnt# python /tmp/new/decrypter.py -s [time-stamp.] -l sorted_list

Not comfortable with the Linux shell? Get someone who is a Linux expert to help you.

Bitdefender is also, very generously, offering to help users with free support from their web site. Go to the bottom of the page to find the form.

Finally, and always: Update your software always. If everyone had simply done this that alone would have stopped Linux.Encoder in its tracks.

more »