Encryption/Decryption Tools

The top 24 free tools for data encryption

Disk Encryption

  1. BitLocker
  2. Discryptor
File Encryption
  1. AES Crypt
  2. Challenger
Steganography
  1. Steg
  2. Our Secret
  3. OpenPuff
Email Encryption
  1. iSafeGuard
  2. HushMail
  3. Sbwave
Portable Drive Encryption
  1. Rohos Mini Drive
  2. BitLocker Pro
  3. SecurStick
Data in transit encryption.
  1. OpenSSL
  2. Stunel
Remote Management Encryption
  1. OpenSSH
  2. PuTTY -- my favorite tool, easy to use.
  3. PowerShell
  4. Remote Desktop Connection Manager
Multitaskers
  1. 7-Zip
  2. GPG
  3. Sophos Free Encryption
  4. Cloudfogger
  5. AxCrypt
Source: http://www.gfi.com/blog/the-top-24-free-tools-for-data-encryption/

Regin Malware

On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States.

Description

Regin is a multi-staged, modular threat—meaning it has a number of components, each dependent on others to perform an attack. Each of the five stages is hidden and encrypted, with the exception of the first stage. The modular design poses difficulties to analysis, as all components must be available in order to fully understand the Trojan.

Impact

Regin is a remote access Trojan (RAT), able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization. The complex design provides flexibility to actors, as they can load custom features tailored to individual targets. [1]

Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks:
  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information). [2]
  • Keep your operating system and application software up-to-date – Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
References:
https://www.king.net/blog/regin-malware/
https://www.us-cert.gov/ncas/alerts/TA14-329A

Office 365 - Remote Wipe your smart phone email.

If you're an Office 365 Email Administrator and creating a policy to support security and manage risks introduced by using mobile devices (smart phones).

Here''s how you can remotely wipe your user Office 365 email through their smart phones e.g iPhone or Android devices.

  • Login to Office 365 website
  • Click on Outlook, this will open your Outlook Web App.
  • In your Outlook Web App, Settings, click Mobile Devices.
  • You will see your mobile device, select your mobile device and click the Wipe Remote.
Wait to complete the process.




That's all.

Security Awareness - Holiday Greetings with Phishing, Malware and Viruses coming to your email.

Security Awareness for the Holidays. 

Every holiday seasons there are thousands of phishing, malware, and viruses related scripts releases by a malicious users. If you are using Google Apps for Work or Microsoft Office 365 (Cloud), the incoming and outgoing are continuously scan for these scripts to keep us safe. The security is not 100%, I'm sure your security or network administrator applied additional layers of security measures to minimize risks.

Question is what do we have using our home computers, iPad (Tablets) and smart phones? Here are some preventive measures to protect your computer network from phishing campaigns.

  • Do not follow unsolicited web links in email. Delete it right away.
  • Use caution when opening email attachment.
  • Follow safe practices when browsing the web. You need to keep your internet browser up to date.
  • Maintain up to date anti-virus software. Microsoft provides Security Essentials tool for free. Go to www.microsoft.com/security for more details.
  • Keep your operating system and software up to date with latest security patches.
  • Separate your user and admin accounts. New computer/laptop setup with admin rights. Create a new account with Standard rights only. Use Standard account for daily use. 
Let’s have a Happy Holidays and avoid becoming a victims of phishing scams.

I hope this help.

Source: Whaddya.com

Detailed WordPress installation to Google App Engine

I am moving my website(s) from VPS Server to Google App Engine (Google Cloud). It's too early to list the benefits of using Google Cloud while still building my infrastructure and making it work the way it suppose to.

A little background of the existing hosting environment.
I'm using a dedicated VPS Server with Solid State and 6.5GB Memory to host a multisites using WordPress for Content Management Systems (CMS).

The VPS Server is only hosting the WordPress files e.g. CMS core files, themes, plugins, etc.
I am using Amazon RDS for database so I don't have to worry about managing database server.
And I'm using Amazon CloudFront for images storage.

Current issues.
  1. When it gets busy, the website(s) response time spike from an average of 1.5msecs to 8-10msecs.
  2. My current hosting provider can't see what's going on.
I will use the Quick Start WordPress for Google App Engine simple tutorial. Here's the link if you're interested or continue to read my adventure.
http://googlecloudplatform.github.io/appengine-php-wordpress-starter-project/

My own step by step procedure to complete my installation. 
I downloaded the following programs to prepare my installation.
  • Google App Engine SDK for PHP
  • MySQL Community Server
  • Python 2.7 (check the latest release at python.org website)
Steps to install.
  1. Install python and use the default installation.
  2. Install the Google App Engine SDK
  3. Install MySQL Community Server. Use the windows installer to simplify the installation of MySQL. Select the "Developer Default" to continue the install. If the supporting requirements are not installed, select "put check on it", then click Execute. Repeat the process till you complete all requirements for MySQL.
  4. Sign up for Google Cloud Platform, and setup Cloud SQL instance named it as "wordpress" to match the config file. Assign IP Address, and add your home/work IP Address to the list of Authorized IP Address so you can connect to you Cloud SQL instance.
  5. Edit app.yaml and wp-config.php replacing any instance of your project-id to match the Project ID you entered in the Cloud Console when you signed up for a Google Cloud Platform project.
  6. In MySQL Workbench, create database wordpress_db, add this information e.g. root and db password to our wp-config.php file.
  7. To launch WordPress locally on Windows, you can use the Google App Engine launcher by going to File > Add Existing Application. In Application Path, browse to the location of your wp-appengine folder. For my setup, I have my wp-appengine folder in d:\wp-appengine. Click on Add to continue.
  8. Click Run. Now, with App Engine running locally visit http://localhost:8080/wp-admin/install in your browser and run the setup process. If you're having issue, check the troubleshooting issues below.
  9. Continue the wordpress setup, e.g. Site Title, Username, Password, Email Address, etc. Click Install WordPress. Wait to complete the setup, you will see SUCCESS.
  10. Browse to your WordPress (http://localhost:8080/) and check all if everything are working OK
  11. Update your WordPress, Plugins and Themes. If all looks good, you can upload your application, select the project and click Deploy (or by using this command $ appcfg.py update APPLICATION_DIRECTORY).
  12. If all looks good, upload your application using Google App Engine launcher. Click Deploy, it will prompt you to enter your Google email address and password, check the Project name just to make sure. Click OK to continue.
  13. Just like you had to do with the local database, you will need to setup the Cloud SQL instance. Start MySQL client to connect to Cloud SQL using assigned static IP, root, and password. If you haven't update the password, go to Control Access to update the root password.
  14. You need to run the install script again for the live site, replace the <PROJECT_ID> with your project ID. visit http://<PROJECT_ID>.appspot.com/wp-admin/install.php to complete the setup.
  15. Activate the plugins e.g. Google App Engine for WordPress and Batcache Manager.
  16. In Google App Engine for WordPress, go to Settings to check the default bucket name using your project id .e.g <PROJECT_ID.appspots.com. Click Save to finish.
  17. You should be able to see your website dashboard. Visit your website, and finish up using your own theme and plugins.
  18. Done. I hope this help you install your WordPress using Google App Engine.
Let me know if using Google App Engine improves the response time of your website, secure and economical to use Google for hosting. Share your thoughts.

Troubleshooting:
Issue#1
When I first click Run, it does not work. I checked the logs and got this information.
Traceback (most recent call last):
  File "C:\Program Files (x86)\Google\google_appengine\dev_appserver.py", line 83, in <module>
    _run_file(__file__, globals())
  File "C:\Program Files (x86)\Google\google_appengine\dev_appserver.py", line 79, in _run_file
    execfile(_PATHS.script_file(script_name), globals_)
NameError: name 'execfile' is not defined
2014-11-05 10:55:59 (Process exited with code 1)
Answer:
I download python 2.7.8, installed.
In Google App Engine launcher, click Edit, Preferences. In Python Path, I have it as D:\Python27\pythonw.exe, where I installed python in my local D drive.

Issue#2
Use an application-specific password instead of your regular account password.
Answer:
Create application-specific password in your Google account security setting where you activated two-factor authentication.

Source: Whaddya.com


Wanted Logo Designers at Retune.com

Calling all Logo Designers for submission.

We are looking for LOGO designers to provide a professional logo to all the domain names that we sell in our market place. An excellent opportunity to earn extra income and exposure of your portfolio. You can see all available domain names that requires a logo in our market place.
Guidelines to submit a logo:
  • Check if a domain name in our market place need a logo. We encourage multiple submission from different logo designers.
  • Original creation of logo.
  • 1024×1024 png and photoshop format for review.
  • When your logo is selected, it will be added to the domain name sale page.
  • If you think your logo is better than the existing logo in our market place, send us an email for review.
  • Your logo design is not exclusive to a domain name. We can add multiple logos in one domain name from different designers. When a buyer selected your logo, you will get a sale commission. If two or more logos are selected, the commission will be divided.

Monitoring Office 365 Emails.

Applicable to Office 365 with Administrator privileges to manage corporate emails.

Here's an example on how to use Office 365 Mail Flow rules:
The business owner (normally your company CEO or President) requested to monitor one or more of your employees mailboxes. Basically, he/she would like to know the incoming and outgoing messages without the employees knowing about it.

Disclaimer: Before you apply this mail flow rule within your organization. You need to have an official permission request from the Authorized Users e.g. Business Owner, President or any Authorized Personnel.

You need to create two new mail flow rules, for sender and recipients.

In Exchange Admin Center, click the Mail Flow, then click on (+) to create a new rule.
Create a New Rule.
Fill up the following entry fields.
Name: for example "Monitor - Sender" to monitor email sender.
Apply this rule if, select "The Sender is ..." this will pop-up your organization email list. Select the name of the mailbox you want to monitor.
Do the following, select "Bcc the message to ..." this will pop-up your organization email list. Select the name of the mailbox to receive blind copy of emails. For example, KING Monitor Mailbox.

See depicted image below.

Choose a mode for this rule, select "Enforce". Click on Save.

And the second part of this instruction.

Create another New Rule.
Fill up the following entry fields.
Name: for example "Monitor - Recipient" to monitor email sender.
Apply this rule if, select "The recipient is ..." this will pop-up your organization email list. Select the name of the mailbox you want to monitor.
Do the following, select "Bcc the message to ..." this will pop-up your organization email list. Select the name of the mailbox to receive blind copy of emails. For example, KING Monitor Mailbox.

See the depicted images below:

To test your mail flow rules, login using your KING Monitor Mailbox to see if the sending/receiving mail flow  rules blind copied Monitor Mailbox.

Hope this help you perform your job.

Sponsored by NeedName.com Domain Name Registration Services for Entrepreneurs and Small-Mid Businesses.


Nightmares 3D Game

I'm so excited to complete this tutorial over the weekend. It's so easy to create using the beta release of Unity 4.6. Here's the result, play it online. I hope you like it. nightmares02 Play Online: http://www.que.com/blogs/1/39/nightmares-3d-game

Office 365 Setting Printer to Scan-to-Email

Post Sponsored by KING.NET and QUE.COM

I wrote an article two years ago on how to setup a printer to scan to email using Microsoft Office 365 SMTP Settings. If you missed that article, here's the link (http://www.whaddya.com/2012/10/using-office365-for-your-printer-scan.html).

To save you some time, here's how I do it using Microsoft Office 365 for my SMTP in our office.

First you need the following information:
IP Address of your Printer, Subnet Mask, Gateway and DNS servers. You need it for networking purpose, ask your Administrator for this information. If you're reading this article, you might be the Administrator :).

For example, here's my printer TCP/IP configuration.
IP Address: 192.168.2.100
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.2
DNS1: 192.168.2.3
DNS2: 192.168.2.3

2nd your SMTP Server information:
For SMTP Settings using Microsoft Office 365.
SMTP Server Address: mail.global.frontbridge.com. I used their public (external) IP Address in the past for easy configuration but when it's down you can't print-to-scan too. So I highly recommend to use the fully qualified domain name (FQDN) e.g. mail.global.frontbridge.com to benefits the use of it's redundancy.
Port Number: 25

Testing Print-to-Scan.
I assume that you added your email address to the Printer Address Book. Now scan a test page, select your email address in the Address Book, then press Scan.
Check your email mailbox of the scanned documents.

Here's the captured Email SMTP Setting:


You don't need the POP Setting for this purpose, because you are only using SMTP setting to send.






MultiPlayer BootCamp 3D Game


We are proud to announce our new MultiPlayer BootCamp 3D Game. It's FREE to play online, simply create your own Gaming Tag, create a room for your friends to play or join existing room battle with other players, then click "Go" to have fun.
king.net.bootcamp.mu3


Player Movement: Use WASD keys or Arrow Keys to move forward, left, right, and backward. Weapon Firing: Hold down left mouse key to fire continuously.
Change Weapon: From Rifle to Grenade Launcher, press 1 or 2 to make the change. That's all, stay alive and enjoy the game.
Don't forget to play with friends or comrades to beat other players.

Please visit www.king.net for more games to play.

Keep up to date your Internet Explorer

ie-browserIf you are using Microsoft Office 365 online services, you need to keep your Internet Explorer up to date. I highly recommend doing it to minimize risk of exposure. The cyber space is an open network, where everybody is using it for almost everything from email, shopping, chat, etc., and some malicious users lurking to find their next victim.

 I received an notice from Microsoft 365 message center.
Beginning January 12, 2016, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates. We will work to update and clarify our Office 365 system requirements soon, and communicate this to you via Message Center.
I hope this help minimize risk of vulnerabilities by keeping your system up to date. Share your thoughts.

Source:

Converting Online Game for iOS iPhone and iPad

This is my personal experience converting a game app using Unity 3D to Apple Xcode. I am using Downed 2D Game for this experiment. You can try this game online, please click the Game section to see the list of games.

Step1. Application Preparation. Go to iTunes Connect, click Add New App. Watch the Youtube video link below for step by step instruction. Next is to build settings.

Step2. Open Unity 3D program in iMac, open the project and update build settings using iOS
platform. Actually, I clicked on the Build and Build Run with my test iPhone connected to my computer (iMac) so I can test the game app right away. (Altenative, you can Build and open the file with Xcode).  Sometimes, "Build and Build to Run" will not open Xcode. If that happen, I open the xcode preject manually.

Play the Downed 2D Game app using my iPhone, so far so good using touch screen and tilt feature.

Step2.b. Create Provsioning Profile. Go to https://developer.apple.com/membercenter/index.actio, go to "iOS Provisioning Portal" -> "Certificates" (Left sidebar) -> "Distribution" tab. Check field "Provisioning Profiles". If empty, next. Go to "Provisioning" (Left sidebar) -> "Distribution" tab. Press "New Profile" and complete it. Go back to check the field again. Download and "run" (double click) the new provisioning profile.
Step3. In Xcode, open the project code, click on Product, Clean to check any issue with your game app.
Click on ProductBuild For Run, wait for the program to complete the build.
Then click on ProductArchive ... wait to see Build Succeed. It will automatically open the Organizer - Archives for you, this contain the Game App you created in Step1.
Click on Distribute ... select Submit to the iOS App Store. Click on Next, it will prompt you to enter your iTunes Connect developer account. Click Next to continue.

If everything is ok. You will see a message "Uploading to App Store ...."

I've got this message:
===============================================
The submission succeeded. Some warnings were found during validations:
WARNING ITMS-9000: "Version Mismatch. Neither CFBundleVersion [1.0] nor CFBunderShortVersionString['1.0'] in the info.plist match the version of the app set in iTunes Connect ['1.0']."
===============================================
Answer. I think I how to fix it. First, I did not run the VALIDATION before I run to DISTRIBUTE in Step3. When I created the game app in Unity3D, the version is 1.0 while in Xcode it is v2.0 duh! This will not pass the Apple Review team.

To correct this issue, open the xcode project file, check the General, Capabilities, Info, and other settings.
Click Product, Clean.
Click Product, Build For Running.
Click Product Archive.

UPDATE: No need to Build and Archive. Login to iTunes Connect, click edit Version Information, correct the Version Number from v1.0 to 1.0
Because of this correction I have to re-submit the game app. In iTune Connect, I have to reject my Binary, and re-upload it again to change it back to status "Waiting For Upload". Then, in Organizer Archives, click on Distribution to try it again.

If you don't reject it, the Organizer Archives will prompt you of "No application records were found.".

After all these changes/actions. I finally received "Submission Succeeded"
No issues where found in "Downed v1.0".  "Downed v1.0" has passed validation and has been submitted to the App Store for further review.
Click Finish to complete.

Go to iTunes Connect, click on the Downed game app to see the updated status. Now it changed from  "Waiting For Upload" to "Waiting for Review".

Finally, I completed the submission of Downed 2D Game (1.0) to the App Store. Now is waiting time, it will take between 3-7 business days to receive a decision.

References:

WordPress 3.9.2 is available to fix Denial of Service in XML Processing

If you are using WordPress open source for your blog or company website. You need to install the latest released v.3.9.2 to patch the recent denial of service issue in PHP's XML processing.
We had some bandwidth issue for days due to XMLRPC traffic coming to our network of websites. I've asked our ISP to block it for the time being and even use a plugin to Disable it.
Here's the summary from WordPress.org website:
  • Fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. Fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team.
  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
  • Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
  • Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.
List of Files Revised:
readme.html
wp-admin/about.php
wp-includes/ID3/getid3.lib.php
wp-includes/class-IXR.php
wp-includes/class-wp-customize-widgets.php
wp-includes/compat.php
wp-includes/pluggable.php
wp-includes/version.php
wp-login.php

 Share your thoughts.

Insect Invasion 3D

We are proud to announce a new 3D Game - Insect Invasion 3D is available for you to play for free, using your computer, iPhone and Android smartphone. This is a First Person shooting game wherein the player fights against Insect Invasion using his .50 Machine Gun to stay alive as long as possible. Click here to play the online game.
What's Next?
For Android.
For iPhone.
Download it here: Still updating ...

For iPhone, Windows Phone,  FirePhone/Amazone Games. Still in development.

Please come back again for updates.
Thank you.
InsectInvasion.com Team