Day: August 2, 2022

  • Hackers Pick Up Clues From Google’s Internet Indexing

    In 2013, the Westmore News, a small newspaper serving the suburban community of Rye Brook, New York, ran a feature on the opening of a sluice gate at the Bowman Avenue Dam. Costing some $2 million, the new gate, then nearing completion, was designed to lessen flooding downstream.

    The event caught the eye of a number of local politicians, who gathered to shake hands at the official unveiling. “I’ve been to lots of ribbon-cuttings,” county executive Rob Astorino was quoted as saying. “This is my first sluice gate.”

    But locals apparently weren’t the only ones with their eyes on the dam’s new sluice. According to an indictment handed down late last week by the U.S. Department of Justice, Hamid Firoozi, a well-known hacker based in Iran, gained access several times in 2013 to the dam’s control systems. Had the sluice been fully operational and connected to those systems, Firoozi could have created serious damage. Fortunately for Rye Brook, it wasn’t.

    Hack attacks probing critical U.S. infrastructure are nothing new. What alarmed cybersecurity analysts in this case, however, was Firoozi’s apparent use of an old trick that computer nerds have quietly known about for years.

    It’s called “dorking” a search engine — as in “Google dorking” or “Bing dorking” — a tactic long used by cybersecurity professionals who work to close security vulnerabilities.

    Now, it appears, the hackers know about it as well.

    Hiding in open view

    “What some call dorking we really call open-source network intelligence,” said Srinivas Mukkamala, co-founder and CEO of the cyber-risk assessment firm RiskSense. “It all depends on what you ask Google to do.”

    FILE - U.S. Attorney General Loretta Lynch and FBI Director James Comey hold a news conference to announce indictments on Iranian hackers for a coordinated campaign of cyber attacks on several U.S. banks and a New York dam, at the Justice Department in Washington, March 24, 2016.

    FILE – U.S. Attorney General Loretta Lynch and FBI Director James Comey hold a news conference to announce indictments on Iranian hackers for a coordinated campaign of cyber attacks on several U.S. banks and a New York dam, at the Justice Department in Washington, March 24, 2016.

    Mukkamala says that search engines are constantly trolling the Internet, looking to record and index every device, port and unique IP address connected to the Web. Some of those things are designed to be public — a restaurant’s homepage, for example — but many others are meant to be private — say, the security camera in the restaurant’s kitchen. The problem, says Mukkamala, is that too many people don’t understand the difference before going online.

    “There’s the Internet, which is anything that’s publicly addressable, and then there are intranets, which are meant to be only for internal networking,” he told VOA. “The search engines don’t care which is which; they just index. So if your intranet isn’t configured properly, that’s when you start seeing information leakage.”

    While a restaurant’s closed-circuit camera may not pose any real security threat, many other things getting connected to the Web do. These include pressure and temperature sensors at power plants, SCADA systems that control refineries, and operational networks — or OTs — that keep major manufacturing plants working.

    Whether engineers know it or not, many of these things are being indexed by search engines, leaving them quietly hiding in open view. The trick of dorking, then, is to figure out just how to find all those assets indexed online.

    As it turns out, it’s really not that hard.

    An asymmetric threat

    “The thing with dorking is you can write custom searches just to look for that information [you want],” he said. “You can have multiple nested search conditions, so you can go granular, allowing you to find not just every single asset, but every other asset that’s connected to it. You can really dig deep if you want,” said RiskSense’s Mukkamala.

    Most major search engines like Google offer advanced search functions: commands like “filetype” to hunt for specific types of files, “numrange” to find specific digits, and “intitle,” which looks for exact page text. Moreover, different search parameters can be nested one in another, creating a very fine digital net to scoop up information.

    FILE - The sluice gate of the Boman Avenue Dam is pictured in Rye, New York, December 23, 2015. Iranian hackers breached the control system of a dam near New York City in 2013.

    FILE – The sluice gate of the Boman Avenue Dam is pictured in Rye, New York, December 23, 2015. Iranian hackers breached the control system of a dam near New York City in 2013.

    For example, instead of just entering “Brook Avenue Dam” into a search engine, a dorker might use the “inurl” function to hunt for webcams online, or “filetype” to look for command and control documents and functions. Like a scavenger hunt, dorking involves a certain amount of luck and patience. But skillfully used, it can greatly increase the chance of finding something that should not be public.

    Like most things online, dorking can have positive uses as well as negative. Cybersecurity professionals increasingly use such open-source indexing to discover vulnerabilities and patch them before hackers stumble upon them.

    Dorking is also nothing new. In 2002, Mukkamala says, he worked on a project exploring its potential risks. More recently, the FBI issued a public warning in 2014 about dorking, with advice about how network administrators could protect their systems.

    The problem, says Mukkamala, is that almost anything that can be connected is being hooked up to the Internet, often without regard for its security, or the security of the other objects it, in turn, is connected to.

    “All you need is one vulnerability to compromise the system,” he told VOA. “This is an asymmetric, widespread threat. They [hackers] don’t need anything else than a laptop and connectivity, and they can use the tools that are there to start launching attacks.

    “I don’t think we have the knowledge or resources to defend against this threat, and we’re not prepared.”

    That, Mukkamala warns, means it’s more likely than not that we’ll see more cases like the hacker’s exploit of the Bowman Avenue Dam in the years to come. Unfortunately, we might not be as lucky the next time.

  • 10 Great Tools for Node.Js Software Development

    [ad_1]

    Each individual working day builders are making new frameworks with up-to-date technological know-how that is more scalable, effective, protected, and user-friendly. Node.js is a person of them. It is effortless to work for developers and gives impeccable outcomes for the people. Its uncomplicated architecture is the primary hero of the clearly show here.  

    We know that building fantastic program with all the expected functions and features is not a cakewalk, but it can be! How? With the use of the ideal equipment. These applications make improvement duties much easier and more rapidly for you. 

    Ahead of leaping to the specifics about some amazing equipment one particular can use when producing applications as a result of Node.js, let us walk as a result of a several paragraphs about what Node.js is and why you must use it.

    What is Node.js?

    It is a JavaScript runtime ecosystem launched by Ryan Dahl back in 2009. It is effective on the Google Chrome V8 motor. It is a well known option for building apps on the Chrome JavaScript motor promptly. With an function-pushed, non-blocking I/O architecture, you can make the applications lightweight and effective. If you want to construct information-intensive true-time purposes for a dispersed network of devices, then Node.js is an suitable decision.

    It is in essence a programming language. It will allow you to build as quite a few applications you want to operate on as several unique forms of servers as you want. This consists of macOS, Unix, Microsoft Windows, and Linux. 

    Node.js progress has constantly been the first selection among the startups and enterprises. They pick out Node.js builders for use who can acquire the application of their selection with the features that can offer highest benefits to them.

    Why Should really You Pick Node.js Software for Your World wide web Application Enhancement?

    Right here, we have highlighted the big gains of applying Node.js for acquiring your up coming small business software:

    Scalability

    This is the gain that policies all others! With Node.js progress, you will constantly have a scope for up-scaling your software. This parameter is a need to-examine in advance of opting for any improvement system. With scalability, Node.js also presents the overall flexibility to increase various options and systems in your software program.

    High General performance

    A reward to hardly ever compromise on! Only with significant functionality can you make your application’s customers joyful. Simply because people are way too occupied looking at the loading sign and ready for your app to reply to their actions. Preserve the aggravation of buyers with Node.js. Its non-blocking, I/O procedure with large efficiency presents a sleek functionality and rapid responses, which normally takes us to the next gain.

    More quickly Response

    Gradual response is the most popular situation that provides poor buyer opinions to your applications. To include speed to your application, Node.js has a light-weight composition. This would make your software more quickly and far more entertaining to use. Yayy to content client critiques!

    Node.js advancement is finest acceptable for acquiring:

    • Genuine-time net apps
    • API development
    • Streaming purposes
    • Microservices architecture
    • Details-intense apps

    Incredible Equipment for Node.js Software Development

    Out of several, we have handpicked the greatest Node.js equipment for your organization:

    1) Specific.js

    Its minimalistic, adaptable, and robust features make it the most popular alternative of most Node.js builders. Its non-synchronous programming function enables you to determine out several enhancement functions at the same time. This is an ideal framework for any one-web site world-wide-web software and APIs. With Convey.js, you can also incorporate plugins and extensions.

    2) Koa.js

    If you are looking for an best device to create internet or cell application with the likelihood of customizations, then Koa.js is for you. It has a speedy responsive capacity. Plus, it is also ready to deal with problems on its personal. Last of all, it does not have a middleware hooked up which enhances the application functionality.

    3) Socket.io

    This resource for Node.js software development gives impeccable speed in true-time activity. Its easy audio and movie streaming insert up to its aspect list, which would make it a fantastic option for developing a chatbot or for including an audio-visual streaming function to your application or web page. It arrives with a bi-directional communication capacity that makes the communication involving the customer and server sleek.

    4) Keystone

    If you want to make database-driven net programs and APIs, this open up-supply framework is perfect for you. It is developed on Specific and MongoDB. You can generate UI automatically by means of Keystone, which will make handling the web application a lot more uncomplicated for you. 

    You can handle routes, sights, templates, and a ton a lot more by way of this tool with simplicity. Also, it provides a sturdy admin interface for the CMS (Content material Management Method). This streamlines the sort-processing course of action for the admin.

    5) Meteor.js

    Meteor.js has a lightweight structure with cross-purposeful software characteristics. Its fast responsiveness helps make it preferred between Node.js developers. It is the only JavaScript operative framework that helps make it uncomplicated to use. It even supports all the OS like Android, iOS, internet, and desktop.

    6) Chai

    This is centered on TD (Check Driven Progress) or BDD (Conduct Driven Advancement) assertion library for the architecture and browser of Node.js computer software. With its wonderful interfaces and chain-able BDD design. It ensures fantastic readability and expressive language. To develop your plugins, you can mix it with any JavaScript testing framework.

    7) PM2

    This is one of the simplest instruments to use for Node.js progress. It functions as a generation method supervisor for your Node.js software. 

    With its extraordinary characteristics and inbuilt load balancer, this resource is a fantastic decision for any creation atmosphere. It can examine and reload your world-wide-web application with no any downtime. Wave goodbye to all the problems you have about crashes that may take place when restarting it. 

    8) Electrode

    This tool is designed by Walmart Lab. It delivers a standardised structure, large general performance, and accessibility to all the docs, module trees, parts, and so on. This resource allows the builders to deploy the applications to the cloud seamlessly.

    9) Babel

    It is a JavaScript compiler viewed as and utilised as an in depth toolchain. With this instrument, builders do not need to produce long codes for developing a site or an application. With its help map, you can debug the codes very easily. On top of that, Babel mutates the ECMAScript 2015. This is a standard for all scripting languages for a backward-compatible JavaScript version. 

    10) Mocha.js

    This tool offers quicker tests for integration and unit testing. It allows developers to examination the codes in browsers and console both of those. It operates TD (Exam Driven Enhancement) and BDD (Conduct Driven Improvement) proficiently. Its module allows builders to use other libraries, like Chai, Sinon, and many others., seamlessly with it.

    Final Terms

    Node.js permits builders to produce more quickly, scalable, and extra responsive programs. With its awesome features and resources, you can make the most exceptional and superior purposes of all time. Its compatibility allows the end users use it from numerous OS. 

    As a enterprise operator, you can retain the services of a Node.js developer to produce an application in Node.js for you. With all the knowledge about its diverse resources and their probable, developers will be ready to assist you to deliver the ideal out of your application.

    [ad_2]

    Supply url

  • Edinburgh 2022: David Carpenter Guest Blog

    [ad_1]

    Edinburgh 2022: David Carpenter Guest Blog

    Guest Site: Session Zero and One thing For The Weekend provide remarkable new D&D influenced comedy opt for-your-have-journey to the Fringe

    Co-creator David Carpenter discusses how the team’s private experiences beautifully blended to generate an unbelievable interactive present

    Broadway producer David Carpenter blogs for BroadwayWorld about bringing The Twenty-Sided Tavern to the British isles, the joys of combining engineering and theatre and why the dynamic among the a few innovative associates performs so nicely for the display

    We had been driving back from the 1st live, in-human being take a look at operate of The 20-Sided Tavern when David Andrew Greener Rules (aka DAGL) turned to me and claimed, “Oh, I was absolutely ready to ditch the technological innovation following this weekend.” He managed to stun me into silence for a couple of times in advance of I responded with, “Wait, critically? It truly is literally a person of the pillars we built this on.” He stated “Yeah, but I did not know it would do the job. Happy it did!”

    It was late September 2021. DAGL, Sarah Davis-Reynolds, and I experienced just concluded a mere two performances of The Twenty-Sided Tavern at Philly Fringe. This transpired, like a good deal of points now, as a consequence of the pandemic. Pre-Covid, DAGL experienced been conceptualising a reside-motion phase display based mostly on the Dungeons and Dragons-style gameplay. I had been a producer on and off-Broadway (Puffs, Slava’s Snowshow) and operating on a technologies business called Gamiotics. Sarah was functioning in theatrical management, unknowingly exploring to generate what we would eventually build.

    When stay enjoyment shut down, we discovered ourselves functioning alongside one another at my on-line generation firm, Seize the Display, producing interactive Zoom displays as we waited for the earth to re-open up. All of us are massive players, but Sarah and DAGL are skilled D&D gamers. At some stage in early 2021, we made a decision to do a edition of DAGL’s principle employing Sarah’s game structure and my technological innovation just to see how audiences responded. I had the technological know-how system and some potent concepts about dynamic storytelling and audience agency in ordeals DAGL had a entire tale entire world and comedic vision to be explored onstage and Sarah was the glue that sure us collectively with her practical experience in the technology and her good match style and design.

    Which is why I was shocked when my lover in this enterprise reported he did not know if my contribution was going to operate. We experienced taken the on-line strategy and moved it to the phase to exam out what a are living audience would believe. That pretty early iteration of the notion experienced five persons on phase, two folding tables and a box of props. We would perform the video game stay onstage with some homebrew additions, but the twist was the viewers would use the technologies on their phones to “play the story” and make conclusions that influence what is occurring on phase. The 3 of us really experienced no notion what would happen. The one thing we did know is that there was not, even now isn’t really, something else like it in the planet.

    Audiences liked it. People today confirmed up with their friends and D&D groups to invest an night with us, to celebrate this matter they experienced always cherished at household and on the web. Now they ended up receiving to encounter it in-man or woman with a group, with those people who collectively shared in the stakes of the story’s end result. For a present already so full of magic, this was really magical to witness.

    As we continued speaking on the push house, likely above our notes and setting up to plot the long term of this detail we designed, I realised that I was the luckiest man in the entire world. I experienced two resourceful companions in this journey who were being daring and willing to try out anything at all to put on a clearly show about anything they loved and cared about as deeply as I did. To the position that practically nothing was important, even my thoughts. All the things was up for discussion and only the very best bits had been likely to adhere. This inventive, ego-totally free atmosphere was something I experienced been looking for a lengthy time, and I experienced just stumbled into it. I understood right then that this was heading to perform.

    The 20-Sided Tavern, Pleasance Dome (King Dome), 4.30pm, 3-28 August (not 15)

    Sponsored written content

    [ad_2]

    Supply hyperlink

  • New Celero 5G smartphone and full year of wireless service for just $199

    ENGLEWOOD, Colo., March 10, 2022 /PRNewswire/ — Boost Mobile, the wireless carrier focused on empowering customers by delivering unprecedented value, is continuing its popular Carrier Crusher program with the biggest deal yet.

    For only $199, new customers can get a full year of wireless service and a Celero 5G smartphone — Boost Mobile’s bestselling smartphone optimized for speed and affordability. Sporting a sleek, premium form factor, the Celero 5G boasts a 6.5-inch screen, 16 MP triple rear cameras, and 36 hours of battery life. The $199 annual plan gives customers 12 months of unlimited talk and text, plus 1 GB of high-speed data per month. 

    Big cellular typically charges $60+ per month. The latest Carrier Crusher plan will save Americans hundreds of dollars on service, and it slashes the cost of a high-end 5G smartphone — another significant savings. 

    “The big carriers have convinced us that to be connected means we must pay a premium price and that simply isn’t true,” said Stephen Stokols, head of Boost Mobile. “With 5G as the new standard, our Carrier Crusher plan represents what Boost Mobile is all about. Designed with customers in mind, Carrier Crusher empowers individuals with better choices and the services they need most without the outrageous price tag.”

    For customers looking for more data, Boost Mobile offers Career Crusher plans in additional tiers:

    • 5GB of high-speed data per month and unlimited talk and text for 12 months, and a Celero 5G for only $279.2 
    • 15GB of high-speed data per month and unlimited talk and text for 12 months, and a Celero 5G for only $340.3

    These new Carrier Crusher plans are available today at my.boostmobile.com.

    About Boost Mobile

    Boost Mobile provides award-winning, best-in-class value and connectivity to U.S. wireless consumers on America’s largest 5G networks and competitive consumer plans with no annual service contracts. Boost Mobile operates on DISH Wireless L.L.C., a subsidiary of DISH Network Corporation (NASDAQ: DISH), and serves as its largest retail wireless brand. DISH, a nationwide U.S. wireless carrier, continues to innovate in wireless, building America’s First Smart Network™. Learn more about Boost Mobile online on FacebookInstagramTwitter and YouTube.

    SOURCE Boost Mobile

  • Elements of an ID Badge Reel

    [ad_1]

    An ID badge reel is a fantastic way to display not just ID playing cards but also badges together with proximity playing cards. They’re a well known selection for people today that are on the go as they can be easily hooked up to an individual’s clothing.

    In addition, ID badge reels also arrive in a wide range of colours and scenario types. You can also have either a plastic or metallic reel and they are usually hooked up to the belt, pants pocket or neck of the shirt.

    What are the features of an ID badge reel?

    There are a couple distinctive elements of an ID badge reel and we’ll go by means of them in greater element underneath: 

    1. The outer part of the ID badge reel is produced with Abs product for the two longevity and vibrancy of color.
    2. The spring within the ID badge reel is built with stainless metal and is both of those superior-high quality and extended-long lasting.
    3. The internal reel is the center portion of the ID badge reel and is crafted with non-abrasive product to assure easy operation.
    4. Once all over again, the ID badge reel is secured with Abdominal muscles substance before it’s concluded with a higher-top quality non-direct plating on the exterior.
       
    5. Other than the primary area of the ID badge reel, you have also got a nylon main with polyester woven wrap to make certain that the reel is protected and resilient at all periods.
    6. You also have a smooth surface area plated grommet to cut down friction and abrasion together with a versatile bullet to deal with a variety of attachments.
    7. You have after bought an additional large-quality non-guide plating and at last, a vinyl strap you can depend on.

    What are the distinct sorts of ID badge reels?

    There are a good deal of ID badge reels out there relying on what you’re wanting for. They involve: 

    1. Spherical badge reels
      The most frequent badge reel that arrives in a wide variety of colours and variations. They are also functional and have plenty of attachment choices.
    2. Hefty-duty badge reels
      These are excellent if you want to make sure that they can offer years of reliable support. They appear with durable cords that will never snap.
    3. Square badge reels
      Square badge reels have a modern layout that sets them apart from their spherical badge reel counterparts.
    4. Carabiner badge reels
      These are an fantastic selection if you have to have your products to be inside arrive at. Like other badge reels they are safe and sound, durable, multipurpose and are fantastic for trying to keep your items handy. 

    With all of the ID badge reels earlier mentioned, you must be capable to personalise them with a logo or unique design and style – whatsoever it is that finest suits your needs. Other than for work, ID badge reels are also an excellent advertising giveaway possibility. 

    Obtaining began with an ID badge reel

    ID badge reels are excellent to have, in particular if you’re looking for straightforward place of work access. They are easy to carry all around and are fantastic for organisations that want to keep a large amount of stability. Considering the fact that there are quite a few distinct types of ID badge reels and you’re also able to customise the style, you are sure to obtain one particular that fits your requirements. 

    [ad_2]

    Supply backlink

  • Should I Invest in a Robo-Advisor? | Personal-finance

    [ad_1]

    Do you want to jump into the planet of investing, but not positive about finding your own stocks and running your have portfolio? A robo-advisor can do all that for you.

    A robo-advisor is a electronic system that utilizes laptop or computer algorithms to make and regulate a diversified portfolio based mostly on your possibility tolerance, monetary targets and other individual elements. It also instantly rebalances your portfolio primarily based on marketplace circumstances and your investment objectives. Even though that seems neat, a robo-advisor can pose some big hazards. Ahead of you commit, you have to have to weigh the professionals and downsides.

    The advantages of a robo-advisor

    Robo-advisors carry on to expand in popularity. According to a study by the global consulting agency Deloitte, assets managed with the help of robo-advisors might increase to a lot more than $16 trillion by 2025 — about 3 occasions that of BlackRock, the globe’s largest asset supervisor. Certainly, robo-advisors may perhaps provide quite a few features that would attractiveness to buyers searching for a fingers-off, no-stress solution.

    Individuals are also reading…

    Costs: A human monetary advisor may perhaps cost an belongings under management (AUM) cost of 1% or larger. Robo-advisor AUM fees can variety from % to .40%. To place that into point of view, an annual 1% AUM rate on a $10,000 investment decision crunches out to $100. A .25% AUM cost on a $10,000 expense is just $25 a 12 months.

    Diversification: Most robo-advisors deliver you with a questionnaire about your financial ambitions, chance tolerance, and extra. An algorithm works by using these responses to propose an financial investment combine.

    Computerized rebalancing: Current market situations can shake up your financial commitment blend, and they may depart you too concentrated on a single asset class — leaving you open up to big threat should it facial area a downturn. When this occurs, robo-advisors rebalance your portfolio back to its original financial commitment mix, often by offering off investments that rose and making use of proceeds to acquire types that dipped.

    Image supply: Getty Photographs

    The draw back to robo-advisors

    Regardless of the buzz, robo-advisors have their possible downsides:

    Hidden fees: Even nevertheless robo-advisors usually charge considerably a lot less in management service fees than common advisors, your funds continue to will get eaten up by price ratios or expenses billed by cash in your portfolio. Some might argue that you can simply open up a discount brokerage account and make investments in these resources on your own, averting the AUM price completely. There are loads of on line asset allocation applications that can advise a personalized investment combine, in the same way to how a robo-advisor utilizes a questionnaire.

    Fluctuating costs: Some robo-advisors might increase their AUM fees as your stability raises. The additional you commit with them, the even larger the reduce they choose.

    Minimal-to-no human interaction: If you are on a quality approach or spend an more rate, some robo-advisors give you entry to monetary planners who can enable you satisfy other monetary objectives like spending off higher-fascination financial debt. But numerous options offer you no obtain to human advisors at all. For individuals who search for a hybrid company that allows you speak to a human advisor when you want to, your alternatives may be minimal.

    Is a robo-advisor correct for me?

    If you happen to be cozy with handing off investment decision administration to an innovative algorithm and experts, accepting limited investment decision choices in exchange for a most likely minimal fee, then a robo-advisor might be up your alley.

    But if you are knowledgeable or have a small little bit of time to make your financial investment acumen, creating and controlling your personal portfolio could be a greater wager.

    The $18,984 Social Safety reward most retirees entirely forget

    If you happen to be like most People in america, you are a couple years (or much more) driving on your retirement savings. But a handful of little-recognised “Social Safety tricks” could assistance make sure a increase in your retirement cash flow. For instance: 1 quick trick could pay you as much as $18,984 much more… just about every calendar year! At the time you study how to maximize your Social Protection advantages, we consider you could retire confidently with the peace of brain we are all immediately after. Simply simply click here to find how to study much more about these approaches.

    Fool contributor Javier Simon retains no economic place in any organizations outlined. The Motley Fool has a disclosure coverage.

    [ad_2]

    Resource website link

  • The Best VPNs for Torrenting in 2022

    PCMag Logo

    BitTorrent is an easy way to move big files across the internet by sharing the burden among peers. However, its reputation as piracy’s go-to tool has caused a few VPNs to kibosh torrenting on their platforms. We look at the best VPN services that explicitly allow BitTorrenting and let you know which is best.


    What Is Torrenting, Anyway?

    BitTorrent (the technology that allows one to “torrent”) has an unsavory reputation, one that is both unfair and well deserved. At its best, BitTorrent addresses the logjam created when too many people try to download large files from a single source at once—be they bootlegged tv shows, hot music tracks, DRM-free books, or terabytes of cat photos.

    BitTorrent turns a file’s popularity into a benefit, instead of a bottleneck, by having each of the downloaders distribute pieces of the file to every other downloader. The whole system is designed to be decentralized, with no main server to choke under the burden of traffic. It’s a brilliant idea but its decentralized nature also makes it perfect for illegally sharing copyrighted content online, too.

    Given its reputation, some ISPs and network managers block BitTorrent traffic altogether. To circumvent these barricades, and to protect your privacy when torrenting, using a VPN is a sensible choice. With a virtual private network, or VPN, all your internet traffic is encrypted to ensure that no one can see what you’re up to—even when you’re torrenting. The catch is, not every VPN service allows BitTorrent on its servers.

    Using a VPN can help improve your privacy by preventing your ISP from monitoring your traffic, making it harder for advertisers to track you online. But when it comes to security, we often say that it’s better to think of tools like VPNs as increasing the amount of work required to successfully attack you. If someone is willing to invest the time and money in targeting you specifically, such as a record label or law enforcement, they will eventually get what they’re after.

    The Best VPN Deals This Week*

    *Deals are selected by our commerce team

    A VPN needs to be part of a layered approach to security and can’t take the place of critical tools, such as good antivirus software, a password manager, and multi-factor authentication that’s enabled wherever possible.  


    Do I Really Need a VPN for Torrenting?

    We often receive emails asking about the interplay between VPNs and BitTorrent. Some of them have included admissions of piracy, and they even offer justifications for it. One reader bemoaned the difficulty in finding legal avenues for material that is not available for sale in a given locale. We sympathize. The state of the public domain has been woefully neglected, keeping countless works entangled in complicated (but lucrative) distribution deals.

    But no matter how just the reasoning, the law (however problematic) is the law. ISPs and other tech companies are sometimes compelled to answer when rights holders come with a list of offenses carried out on their infrastructure.

    If you are going to use BitTorrent for whatever reason, good luck to you. If you are going to use a VPN, more power to you. But be sure that you take the time to read the VPN’s terms of service before you start. Be aware of the local laws and possible penalties, too—whatever your willingness to obey them. “I didn’t know the law,” or “I don’t agree with the law,” won’t hold up as defenses in a court, so make sure you can live with any potential punishments, should you choose to do something legally dubious.


    Will a VPN Hide My Torrenting From My ISP or the Police?

    The short answer is that, yes, a VPN can shield your online activities from your ISP. It should also make it much, much harder for someone on the outside to identify particular traffic as belonging to you. That’s a good thing, not only if you have legally iffy torrenting habits, but also because it protects your privacy in general.

    That said, there are always exceptions. Time and time again, user error and efforts by law enforcement have undermined the protection offered by services like Tor or VPNs. Timing attacks, for example, can correlate packet traffic at a VPN server with activity on your own network, thus linking you to online activities.

    In some cases, the problem may be the VPN itself. If the VPN company keeps copious logs about user activity (specifically, the identity of the user, which server they connected to, and when) that information could potentially be obtained by law enforcement. In our reviews, we always ask VPN services what information they collect and how they interact with law enforcement requests for information.


    Can I Use BitTorrent on My VPN?

    Most VPN services are completely fine with you using BitTorrent or P2P services while using their products. None of our top-rated VPN services prohibit file sharing.

    Even the services that allow torrenting often have restrictions, however. Some, for example, may require that you only use BitTorrent when connected to specific VPN servers. NordVPN labels the servers on which torrenting is acceptable. Note that pretty much every VPN service that allows torrenting also explicitly forbids breaking copyright law or otherwise abusing the service.

    Some VPNs have tools that are particularly useful for torrenting. Several companies offer static IP addresses for purchase, which can be desirable in some circumstances. New technologies, like WireGuard, may provide better speeds than older VPN protocols. Our VPN reviews cover the available features in depth, so you’ll find something that works for you.


    How Will a VPN Affect My Torrenting Speeds?

    When you use a VPN, your web traffic is usually traveling through more fiber and more machines. You should expect slower upload and download speeds and higher latency regardless of the VPN you choose. For large torrents, this can mean a longer wait before you get the completed file.

    In our latest round of testing, we record the median from 10 tests with and without a VPN running, and then find a percent change between the two. For measuring speeds, we use the Ookla speed test tool. In the past, we tested all the VPNs we reviewed at the same time. Unfortunately, COVID-19 restrictions have limited our access to the PCMag Labs, so we’re opting for a rolling testing model where we test new products throughout the year. The latest results are presented in the chart below.

    (Editor’s Note: Ookla is owned by PCMag’s publisher Ziff Davis.)

    Networks are finicky things, and we don’t claim our work to be the be-all and end-all of VPN speed testing. Instead, this is a snapshot of how a particular service performed on a specific day. We also don’t think that speeds should be the only metric used to evaluate a VPN, but it’s clearly one that’s of concern to BitTorrent users.

    To make this list, we looked at the best download scores across the services we’ve tested thus far. The VPN services in the chart at the top of this story are the ten services that had the least impact on download speed test results. We’ve arranged them in descending order, meaning the VPN on the far left had the least impact on download speeds. Note, however, that not all of them beat the median results for upload and latency testing.

    Previously, TorGuard VPN was this list of noble torrenting VPNs. While the company allows torrenting outside the US, a legal settlement now requires the company to block torrents on US servers. We may return TorGuard VPN to the list in the future, if this changes.


    VPN Reliability and Accessibility Issues

    The extra stops and processes for your data and the distance introduced by VPNs can make a normal browsing experience somewhat hiccup-y. Suddenly losing connectivity while the VPN resets is mildly annoying in day-to-day life, but we could see how such interruptions could slow down or even halt a large BitTorrent download.

    If you plan on using a VPN while torrenting, consider the ramifications of the Kill Switch. This feature, found in most VPN services, prevents apps from sending data via the internet when the VPN is disconnected. The idea is that it prevents any information from being transmitted in the clear. The avid BitTorrent downloader needs to decide if they want total and complete protection or would rather not have their download interrupted.


    Location, Location, Location

    While VPN services have servers all over the world, each company’s headquarters do have to be based somewhere on the planet. And that somewhere might have data retention laws that require the VPN company to collect and maintain user data for a set time.

    Understanding what kind of information a VPN service collects, and how long it is maintained, can be hard to figure out. To get the answer, you may have to wade through unending FAQ pages and opaque terms of service written in arcane legalese. If the VPN company you’re considering can’t clearly explain what information it gathers and how long it will be kept, it’s probably not a great service.

    When we review VPNs, we make a point to ask service representatives about what efforts they take to secure customers’ privacy. We also read those hefty tomes of service (you’re welcome). You can read through our full reviews to see their answers.

    Note that national and international law as it relates to data storage and whether that data can be turned over to law enforcement is complicated and constantly changing. A good service today might choose or be compelled to alter its policies tomorrow, so pay attention to any updates to the terms of service.


    Use a VPN to Encrypt Your Torrent Traffic

    Perhaps you’ll decide that all this effort isn’t worth it just to secure your BitTorrent downloads. But even so, you should keep in mind that a VPN is still an easy way to improve your privacy. Whether you decide to spring for a premium account, you’re looking for a cheap VPN, or you want to dip your toe in with a free VPN, it’s about time you started living the encrypted lifestyle.

    Looking for more information about Torrenting and how to get started? You can read our story on how to use bitTorrent.

    (Editors’ Note: While they may not both appear in this story IPVanish, and StrongVPN are owned by Ziff Davis, PCMag’s parent company.)

  • Cyber Security Today, August 1, 2022 – Alberta gets new a privacy commissioner, Apple traffic briefly runs through Russia and more

    [ad_1]

    Alberta gets new a privacy commissioner, Apple traffic briefly runs through Russia and more.

    Welcome to Cyber Security Today. It’s Monday, August 1st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

     

    Today is a civic holiday in many Canadian provinces — and it’s Colorado Day in that state — so thanks for tuning in.

    The province of Alberta gets a new information and privacy commissioner today. Diane McLeod, who worked in the commissioner’s office before becoming Yukon’s ombudsman and information and privacy commissioner, takes over from Jill Clayton. Clayton served two five-year terms. Just before leaving office Clayton released a report last week analyzing 11 years of commission decisions. In the year that ended May 1st, 2021 there were 377 reports of breaches of security controls in Alberta companies involving personal information that could cause a real risk of significant harm to individuals. By comparison there were only 50 reports in the year that ended May 1st. 2010.

    The leading cause of reported data breaches during those 11 years was compromised IT systems by things like installation of malware, exploitation of vulnerabilities and hacking. They accounted for 37 per cent of breaches. The second leading cause was theft of physical documents, laptops or portable storage devices. The third leading cause was transmission errors, which are things like misdirected emails or faxes. The fourth leading causes were social engineering and phishing. One more interesting number: It’s taking longer for Alberta-based organizations to discover data breaches. Last year it took an average139 days. The year before it took 119. Part of the reason, says the report, is that compromised systems aren’t immediately detected. Another is that it can be hard to determine the exact date an account was compromised.

    Internet traffic of some Apple users ran through Russia for 12 hours last week. That’s the finding by an internet routing agency called MANRS for short. The traffic was redirected to the Rostelecom network. Was this a conspiracy? Was it a tactic in the Russia-Ukraine cyber war? Commentators at the SANS Institute, an IT training provider, say we shouldn’t ascribe malice to something that could be explained by a simple typo. They also say the incident is another reason why end-to-end encryption should be used for all communications. MANRS also says it shows why Apple, and other network providers, should use Route Origin Authorizations to make sure internet traffic goes to where it’s supposed to go.

    Some computer users in the United States continue to be upset that they’re getting targeted ads relating to their medical conditions. And they’re blaming Facebook parent Meta. Last month an individual filed a class action lawsuit against Meta and two California medical institutions, alleging their health information had been captured from hospital websites in violation of federal and state laws by Meta’s pixel tracking tool. The lawsuit comes after the news site The Markup did a big report on the Meta Pixel found on a number of U.S. hospital websites. In California, as in many jurisdictions, class action lawsuits have to first be certified by a judge before proceeding. The news site HealthcareDive.com notes that in 2017 a class action lawsuit against Facebook for allegedly collecting and using health data for targeted ads without people’s permission was dismissed. That decision is being appealed.

    A U.S.-based marketing platform called OneTouchPoint used by a wide number of health insurers and medical providers has acknowledged suffering a cyber attack in April that encrypted some files. Some news media are calling it a ransomware attack. OneTouchPoint can’t say exactly what personal data was accessed by the hacker but it could include a patient’s name and health assessment information. Thirty-five organizations including Blue Cross insurance providers in several states, the Humana health insurance company and the Kaiser Permanente healthcare provider have been notified.

    Finally, GitHub is strengthening the security on its open source NPM JavaScript repository. It began last week with an improved two-factor authentication process. Now developers can publish from the same IP address without having to enter a second factor confirmation every five minutes. In addition, developers can link their GitHub and Twitter accounts to their NPM accounts to help verify an account holder is who they say they are. Finally, a new process is available for more digital secure signing of NPM packages to prevent code from being tampered with. Coming soon, as previously announced, will be the enforcement of two-factor authentication for developers whose accounts have more than 1 million weekly downloads.

    That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

    Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.



    [ad_2]

    Source link

  • The computer you can feel good about abusing

    [ad_1]

    Ever see 1 of those people YouTube video clips of people heading beserk at hung-up PCs or recalcitrant printers and proceeding to smash them up in anger?

    If you’re going to get mad at a laptop or computer — and I never advise ever letting a machine get less than your pores and skin like that — at the very least get mad at a machine that can get it. Though in this case, there’s not considerably to get mad about.

    Panasonic just lately arrived…

    Go through Extra

    At any time see one particular of those YouTube films of people going beserk at hung-up PCs or recalcitrant printers and proceeding to smash them up in anger?

    If you are going to get mad at a pc — and I do not suggest at any time permitting a machine get under your pores and skin like that — at least get mad at a equipment that can consider it. Despite the fact that in this circumstance, there’s not considerably to get mad about.

    Panasonic a short while ago came out with an current version of its Toughbook, dubbed the Toughbook 40. Relative to the Toughbook 33, which I reviewed a few of many years back again, the new variation sporting activities Intel’s 11th technology V-Pro chipset, common 4G modem with 5G coming this drop, faster I/O and a wide variety of accessories for its hugely modular chassis. These include an optical push, next battery, 2nd reliable state push, smart card reader, fingerprint reader and quite a few I/O port mixture modules. All ports and openings lie at the rear of rubber sealed doorways to assistance retain rain and spilled coffee out. For a instant, I had to hunt to uncover a slide-shut doorway shielding the charging port. If, like me, you like your units cleanse, there is even a brush tucked into the Toughbook’s case for cleansing the grille in excess of the admirer.

    Federal product sales director James Poole explained all the components allow more than 6,000 attainable configurations.

    At nearly 8 pounds and two inches assume, The Toughbook is no svelte MacBook to slip in your backpack. It has an integrated handle to transportation it like a briefcase. No will need for a protective slipcase. In point it could double as a defensive weapon on a New York subway. Its reliable handle is grippable by the seriously significant-handed or if you’re wearing gloves.

    I did not have the nerve to fall the machine 6 ft, but I did let it tumble from 3 or 4 feet significant, lid open up and applications working, onto business office carpet, indicating slim carpet glued to concrete. I also:

    • Put the Toughbook 40 a person of the freezers in the site visitors café off our newsroom for 90 minutes, though it was on and streaming The Federal Travel with Tom Temin. When I went to retrieve I could listen to my very own interview around the speakers before I even opened the freezer. The device was crusted in frost but didn’t cease doing work.
    • Baked it in complete sun throughout the the latest D.C.-region heatwave, though streaming movies. It bought incredibly hot to the touch, but didn’t give up.
    • Soaked it — all over again open, on and streaming films — underneath my back garden hose for several minutes, then still left it open with the pooled h2o sitting down all above the leading deck. It never ever batted an eyelash. Panasonic suggests the Toughbook is able of sustaining rain and 70 mph winds.
    • Still left it running with both batteries billed. Panasonic statements 36 possible hrs of twin battery daily life, and that declare is not far off.

    As a pc, I found the Toughbook pretty livable. It’s 14-inch diagonal monitor is tremendous shiny and crisp. I watched a complete monitor YouTube online video, on Microsoft Edge, of an NBC telecast of Sydney McLaughlin breaking the environment record in the 400-meter women’s hurdles. The photograph was sharp and the colors abundant, with only the slightest little bit of smearing in closeups of Ms. McLaughlin’s lateral actions in the aftermath of the race. But practically nothing that would detract from applying the device for video analysis.

    Furthermore, the Toughbook’s show is a contact display screen. I would advocate turning off the fussy touchpad altogther. Although substantial and built of nicely machined aluminum, it shares the exact same semi-usability of virtually all Laptop touchpads. The monitor labored fantastic when I pinched and dragged although wearing a portion of what has come to be the modern day uniform: disposable latex gloves.

    Still illustrations or photos and significantly text pages are equally sharp. If nearly anything, the monitor can be much too vivid. In my studio I experienced to reduced the display brightness significantly so I would not will need sunglasses. On the other hand, in open up-air, daylight scenarios the Toughbook’s display is really readable.

    I also liked the company, stable backlit keyboard. As a pounder who figured out to type again in the handbook typewriter days, I felt the Toughbook keyboard would have no difficulty standing up to energetic use.

    Pair of quibbles in addition to the trackpad. A handy pointer that functions on the touch-sensitive display is tucked into the retracting take care of. Moving it in and out of its slot, it felt like the pointer could be anchored extra positively, lest it get missing. The seem from the Toughbook’s speakers, even though satisfactory, was down below par for what is offered from the most effective sounding notebooks.

    I did not take a look at what Panasonic describes as a history-sound-minimizing array of microphones create into the machine, but if that attribute is effective it would be helpful when joining online video calls from exterior.

    As a result for all it is rugged and modular featuers, the Toughbook is competitive with any notebook personal computer, as a pc. Just a ton bulkier and heavier.

    If you are sometimes in the business, in some cases teleworking fed, this kind of a rugged device may well look best, primarily with the module to plug in an exterior check. Just retain in intellect all that ruggedness arrives at a price tag. The MSRP for the Toughbook 40 is $4,899, as well as no matter what snap-in accessories you may possibly insert. That tag may possibly be slightly lessen on any of several DoD and civilian many-award contracts that have Panasonic. But the top quality pricing, though justified, retains the Toughbook 40 as a niche item for armed forces, law enforcement and tough environmental apps.

    Continue to, if you really have to have a personal computer that just take a licking and continue to keep on ticking, this device will give you the two ruggedness and snappy general performance.



    [ad_2]

    Source website link

  • iOS 16 might bring Apple Pay support to more browsers like Firefox and Chrome

    [ad_1]

    The calendar has flipped to August, which implies we’re just a thirty day period out from the reveal of Apple’s future Apple iphone. Apple will also start iOS 16 alongside the Apple iphone 14 in September, but you can try out out the new program in beta correct now. Each and every beta release has included a bunch of new options, and some of those functions are not instantly obvious. For instance, iOS 16 could make much more cell browsers suitable with Apple Spend.

    iOS 16 expands Apple Pay out browser help

    Past Friday, MacRumors contributor Steve Moser pointed out on Twitter that Apple Pay out is effective in Edge and Chrome on iOS 16 beta 4. Presumably, this suggests that it could function on any third-bash browser. As he notes, Apple Spend only functions in Safari on iOS 15. This is an addition that Apple did not talk about throughout its WWDC 2022 keynote in June.

    It’s possible that this addition has been all around because an earlier beta as properly. The Verge notes that a user on Reddit was ready to make a obtain with Apple Pay in Firefox just after the launch of iOS 16 beta 2. It is unclear how long the additional assist has been around, but it sounds like the corporation commenced testing the addition prior to the release of iOS 16 beta 4.

    These modifications do not utilize to the most up-to-date macOS beta. Apple requires 3rd-celebration browsers to use the similar rendering motor as Safari on iOS, but that isn’t the scenario on macOS. Thus, rendering engines for people browsers would need to be up-to-date to support Apple Pay back. That is a little something the staff driving the browser would require to do.

    Other adjustments in iOS 16 beta 4

    Extending aid for Apple Pay back to third-get together browsers is only just one of the highlights of iOS 16 beta 4. Apple also resolved concerns about the new modifying and unsending characteristics in Messages. In the most up-to-date beta, you have two minutes to “Undo Send” instead of 15.

    On top of that, if you do edit a message, the app will display an edit history that will expose your first message and any improvements you manufactured together the way.


    Extra Iphone coverage: For additional Iphone news, take a look at our iPhone 14 guide.



    [ad_2]

    Resource hyperlink