GoDaddy's layered verification protections defeated by a phone call and four hours in Photoshop

GoDaddy's layered verification protections defeated by a phone call and four hours in Photoshop. I have some domain names, over hundreds of them in my GoDaddy account. Reading this article from csoonline.com by Steve Ragan is amusing, lack of a better word and not a harmful message.

"On Tuesday, my personal account at GoDaddy was compromised. I knew it was coming, but considering the layered account protections used by the world's largest domain registrar, I didn't think my attacker would be successful.

I was wrong. He was able to gain control over my account within days, and all he needed to do was speak to customer support and submit a Photoshopped ID.

GoDaddy serves more than 13 million customers, who in turn place 59 million domains under the registrar's management. They have thousands of employees working across the globe who help staff the support and operations teams twenty-four hours a day."

I can summarize the article for you but it is really nice read, so head out to csoonline.com to read the three web page article.

Google Leaks Whois Data

If you are using Google Apps, registered your domain name through Google and using WHOIS Privacy, continue reading. You're information might be open.

"Private information belonging to 282,867 domains registered through the Google Apps system became publicly available, exposing it to risks ranging from spam to identity theft.

Google Apps offers business organizations the possibility to purchase domain names from one of Google’s partners, benefits consisting in easy setup and management of the associated services.

Only records of renewed domains have been leaked. The domains have been registered through registrar eNom and security researchers said on Thursday that the number of records leaked represented about 94% from a total of 305,925."

Continue reading: http://news.softpedia.com/news/Google-Leaks-Whois-Data-for-Over-282-000-Protected-Domains-475710.shtml

According to NeedName.com, ID Protect is a tool to shield your information against phishing attack, domain identity theft, spammers and scammers. QUE.COM.20150316.Google-Leaks-Whois-Data-for-Over-282-000-Protected-Domains-2

Having your own Killer Domain Name.

When starting a business you need a matching domain name for your online presence. You want it unique and special, you want it short and memorable. Here a few tips from Entrepreneur website. Choosing a domain name is one of the most important decisions you will make for your business. Your domain name characterizes your business, labels your business, and will stick with your business for a long time. In most cases, you should choose a domain name at the same time you choose your business name. When your domain name matches your business name, you have a far better chance of being remembered while at the same time keeping your branding cohesive and unified.

Make it memorable.

The brain has remarkable powers of memory, but the domain you choose should cater to these powers.
  • Unique. The best domain names are not an ordinary combination of words or phrases. They stand out in the memory because they are unusual.
  • Visual. The more areas of the brain affected, the more memorable something is. If your domain name suggests something that can be seen or touched, this enhances its memorability.
  • Catchy. The easier it is to say, read, and repeat, the easier it is to remember.
  • Ordered. The brain likes things to be organized. Memorization is basically the process of organization. The better a domain name is organized, the more memorable it will be. For example, “SellYourPhone.com” has order. But “PhoneYourSell.com” doesn’t make any sense.
continue reading here. The Domains.Guru website provides a video explaining what is a domain names and available extensions that you can use for personal or business. Visit NeedName.com to register your domain name.

View original content at QUE.COM Interactive.


Ground Survival 3D Game by QUE.COM Game Studio

The Ground Survival 3D Game is a First Person Shooter 3D Game. Your mission is to eliminate all threats and to stay alive. The soldiers will patrol and wander within the security perimeter. They will engage once they found you. Have fun!

A new update for FPS Ground Survival 3D Game, it is now available in Apple Store.

Here's how to play the game.
Go to http://que.com/survival/ web page, download the plugin to load the game.
Use WASD keys to move and your mouse to aim/shoot your enemy. Enjoy and stay alive.

Official Website: http://que.com/survival/
For iPhone/iPad. Download it here: https://itunes.apple.com/us/app/id963624583
For Android. Download it here: still in development ...

Play Online click here –> Ground Survival 3D Game


Hit the "Pause" Button... Before You Share Online

Very interesting post from USA.Gov. Please read and share this post to your family and friends.

Many of us share information on the Internet almost daily, so it's good to remember to share with care. The next time you are about to share information, photos or videos online, consider the possible consequences, especially if your content includes other people.

Before you click "send" and post online, remember:
What you post could have a bigger audience than you think.
Once you post information online, you can't take it back even if you delete it.
Get someone's approval before you share photos or videos they're in.

Source: Hardworking.com

First Person Sniper 3D Game

First Person Sniper 3D Game is now available to play online.

Here’s how to play the online game.
Go to the website visit https://que.com/sniper/ download the plugin to load the game.
Use your mouse to aim/shoot your enemy. Enjoy and stay alive.

For mobile version (iOS/Android) is coming soon.

Ground Survival 3D Game

A new update for FPS Ground Survival 3D Game to add some improvements.
Here's how to play the game.
Go to the website http://que.com/survival/ download the plugin to load the game.
Use WASD keys to move and your mouse to look/shoot your enemy.
Enjoy and stay alive.
Mobile phone support for iOS/Android still in development. Subscribe to keep you posted. 

CSRF Flaw Allowed Attackers to Hijack GoDaddy Domains

Internet domain registrar GoDaddy has rushed to fix a cross-site request forgery (CSRF) vulnerability that could have been leveraged by malicious actors to take over domains.

The flaw was identified on January 17 by New York-based security engineer Dylan Saccomanni while managing a domain. The expert realized that the company had not implemented any CSRF protections for many DNS management actions.

According to the researcher, an attacker could have exploited the vulnerability to edit nameservers, edit the zone file, and modify automatic renewal settings. 

Saccomanni has published proof-of-concept code for editing nameservers, disabling the auto-renew feature, and editing DNS records.

Continue reading at http://www.securityweek.com/csrf-flaw-allowed-attackers-hijack-godaddy-domains

More at KING.NET

First Person Shooting (FPS) game - Survival by QUE.COM Game Studio

I'm developing a First Person Shooting (FPS) game - Survival. It's free to play online. I need some feedback, post your suggestions for improvement.
http://que.com/first-person-shooter-survival-beta/

Gmail access is blocked in China

If you are waiting for someone in China to respond to your emails using Gmail, you have to activate your backup email because all Gmail is blocked in China as of last friday according to the news posted by NYTimes.

This including access to Google Drive and other related service using Google Apps.
Illustration by Sam Manchester

Drone for Christmas

I've ordered my Christmas Gift, 3D Robotics IRIS drone. Will update soon once I receive my toy.

Check my personal project at Robots.Guru site.


Encryption/Decryption Tools

The top 24 free tools for data encryption

Disk Encryption

  1. BitLocker
  2. Discryptor
File Encryption
  1. AES Crypt
  2. Challenger
Steganography
  1. Steg
  2. Our Secret
  3. OpenPuff
Email Encryption
  1. iSafeGuard
  2. HushMail
  3. Sbwave
Portable Drive Encryption
  1. Rohos Mini Drive
  2. BitLocker Pro
  3. SecurStick
Data in transit encryption.
  1. OpenSSL
  2. Stunel
Remote Management Encryption
  1. OpenSSH
  2. PuTTY -- my favorite tool, easy to use.
  3. PowerShell
  4. Remote Desktop Connection Manager
Multitaskers
  1. 7-Zip
  2. GPG
  3. Sophos Free Encryption
  4. Cloudfogger
  5. AxCrypt
Source: http://www.gfi.com/blog/the-top-24-free-tools-for-data-encryption/

Regin Malware

On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States.

Description

Regin is a multi-staged, modular threat—meaning it has a number of components, each dependent on others to perform an attack. Each of the five stages is hidden and encrypted, with the exception of the first stage. The modular design poses difficulties to analysis, as all components must be available in order to fully understand the Trojan.

Impact

Regin is a remote access Trojan (RAT), able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization. The complex design provides flexibility to actors, as they can load custom features tailored to individual targets. [1]

Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks:
  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information). [2]
  • Keep your operating system and application software up-to-date – Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
References:
https://www.king.net/blog/regin-malware/
https://www.us-cert.gov/ncas/alerts/TA14-329A

Office 365 - Remote Wipe your smart phone email.

If you're an Office 365 Email Administrator and creating a policy to support security and manage risks introduced by using mobile devices (smart phones).

Here''s how you can remotely wipe your user Office 365 email through their smart phones e.g iPhone or Android devices.

  • Login to Office 365 website
  • Click on Outlook, this will open your Outlook Web App.
  • In your Outlook Web App, Settings, click Mobile Devices.
  • You will see your mobile device, select your mobile device and click the Wipe Remote.
Wait to complete the process.




That's all.