Hit the "Pause" Button... Before You Share Online

Very interesting post from USA.Gov. Please read and share this post to your family and friends.

Many of us share information on the Internet almost daily, so it's good to remember to share with care. The next time you are about to share information, photos or videos online, consider the possible consequences, especially if your content includes other people.

Before you click "send" and post online, remember:
What you post could have a bigger audience than you think.
Once you post information online, you can't take it back even if you delete it.
Get someone's approval before you share photos or videos they're in.

Source: Hardworking.com

First Person Sniper 3D Game

First Person Sniper 3D Game is now available to play online.

Here’s how to play the online game.
Go to the website visit https://que.com/sniper/ download the plugin to load the game.
Use your mouse to aim/shoot your enemy. Enjoy and stay alive.

For mobile version (iOS/Android) is coming soon.

Ground Survival 3D Game

A new update for FPS Ground Survival 3D Game to add some improvements.
Here's how to play the game.
Go to the website http://que.com/survival/ download the plugin to load the game.
Use WASD keys to move and your mouse to look/shoot your enemy.
Enjoy and stay alive.
Mobile phone support for iOS/Android still in development. Subscribe to keep you posted. 

CSRF Flaw Allowed Attackers to Hijack GoDaddy Domains

Internet domain registrar GoDaddy has rushed to fix a cross-site request forgery (CSRF) vulnerability that could have been leveraged by malicious actors to take over domains.

The flaw was identified on January 17 by New York-based security engineer Dylan Saccomanni while managing a domain. The expert realized that the company had not implemented any CSRF protections for many DNS management actions.

According to the researcher, an attacker could have exploited the vulnerability to edit nameservers, edit the zone file, and modify automatic renewal settings. 

Saccomanni has published proof-of-concept code for editing nameservers, disabling the auto-renew feature, and editing DNS records.

Continue reading at http://www.securityweek.com/csrf-flaw-allowed-attackers-hijack-godaddy-domains

More at KING.NET

First Person Shooting (FPS) game - Survival by QUE.COM Game Studio

I'm developing a First Person Shooting (FPS) game - Survival. It's free to play online. I need some feedback, post your suggestions for improvement.
http://que.com/first-person-shooter-survival-beta/

Gmail access is blocked in China

If you are waiting for someone in China to respond to your emails using Gmail, you have to activate your backup email because all Gmail is blocked in China as of last friday according to the news posted by NYTimes.

This including access to Google Drive and other related service using Google Apps.
Illustration by Sam Manchester

Drone for Christmas

I've ordered my Christmas Gift, 3D Robotics IRIS drone. Will update soon once I receive my toy.

Check my personal project at Robots.Guru site.


Encryption/Decryption Tools

The top 24 free tools for data encryption

Disk Encryption

  1. BitLocker
  2. Discryptor
File Encryption
  1. AES Crypt
  2. Challenger
Steganography
  1. Steg
  2. Our Secret
  3. OpenPuff
Email Encryption
  1. iSafeGuard
  2. HushMail
  3. Sbwave
Portable Drive Encryption
  1. Rohos Mini Drive
  2. BitLocker Pro
  3. SecurStick
Data in transit encryption.
  1. OpenSSL
  2. Stunel
Remote Management Encryption
  1. OpenSSH
  2. PuTTY -- my favorite tool, easy to use.
  3. PowerShell
  4. Remote Desktop Connection Manager
Multitaskers
  1. 7-Zip
  2. GPG
  3. Sophos Free Encryption
  4. Cloudfogger
  5. AxCrypt
Source: http://www.gfi.com/blog/the-top-24-free-tools-for-data-encryption/

Regin Malware

On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States.

Description

Regin is a multi-staged, modular threat—meaning it has a number of components, each dependent on others to perform an attack. Each of the five stages is hidden and encrypted, with the exception of the first stage. The modular design poses difficulties to analysis, as all components must be available in order to fully understand the Trojan.

Impact

Regin is a remote access Trojan (RAT), able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization. The complex design provides flexibility to actors, as they can load custom features tailored to individual targets. [1]

Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks:
  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information). [2]
  • Keep your operating system and application software up-to-date – Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
References:
https://www.king.net/blog/regin-malware/
https://www.us-cert.gov/ncas/alerts/TA14-329A

Office 365 - Remote Wipe your smart phone email.

If you're an Office 365 Email Administrator and creating a policy to support security and manage risks introduced by using mobile devices (smart phones).

Here''s how you can remotely wipe your user Office 365 email through their smart phones e.g iPhone or Android devices.

  • Login to Office 365 website
  • Click on Outlook, this will open your Outlook Web App.
  • In your Outlook Web App, Settings, click Mobile Devices.
  • You will see your mobile device, select your mobile device and click the Wipe Remote.
Wait to complete the process.




That's all.

Security Awareness - Holiday Greetings with Phishing, Malware and Viruses coming to your email.

Security Awareness for the Holidays. 

Every holiday seasons there are thousands of phishing, malware, and viruses related scripts releases by a malicious users. If you are using Google Apps for Work or Microsoft Office 365 (Cloud), the incoming and outgoing are continuously scan for these scripts to keep us safe. The security is not 100%, I'm sure your security or network administrator applied additional layers of security measures to minimize risks.

Question is what do we have using our home computers, iPad (Tablets) and smart phones? Here are some preventive measures to protect your computer network from phishing campaigns.

  • Do not follow unsolicited web links in email. Delete it right away.
  • Use caution when opening email attachment.
  • Follow safe practices when browsing the web. You need to keep your internet browser up to date.
  • Maintain up to date anti-virus software. Microsoft provides Security Essentials tool for free. Go to www.microsoft.com/security for more details.
  • Keep your operating system and software up to date with latest security patches.
  • Separate your user and admin accounts. New computer/laptop setup with admin rights. Create a new account with Standard rights only. Use Standard account for daily use. 
Let’s have a Happy Holidays and avoid becoming a victims of phishing scams.

I hope this help.

Source: Whaddya.com

Detailed WordPress installation to Google App Engine

I am moving my website(s) from VPS Server to Google App Engine (Google Cloud). It's too early to list the benefits of using Google Cloud while still building my infrastructure and making it work the way it suppose to.

A little background of the existing hosting environment.
I'm using a dedicated VPS Server with Solid State and 6.5GB Memory to host a multisites using WordPress for Content Management Systems (CMS).

The VPS Server is only hosting the WordPress files e.g. CMS core files, themes, plugins, etc.
I am using Amazon RDS for database so I don't have to worry about managing database server.
And I'm using Amazon CloudFront for images storage.

Current issues.
  1. When it gets busy, the website(s) response time spike from an average of 1.5msecs to 8-10msecs.
  2. My current hosting provider can't see what's going on.
I will use the Quick Start WordPress for Google App Engine simple tutorial. Here's the link if you're interested or continue to read my adventure.
http://googlecloudplatform.github.io/appengine-php-wordpress-starter-project/

My own step by step procedure to complete my installation. 
I downloaded the following programs to prepare my installation.
  • Google App Engine SDK for PHP
  • MySQL Community Server
  • Python 2.7 (check the latest release at python.org website)
Steps to install.
  1. Install python and use the default installation.
  2. Install the Google App Engine SDK
  3. Install MySQL Community Server. Use the windows installer to simplify the installation of MySQL. Select the "Developer Default" to continue the install. If the supporting requirements are not installed, select "put check on it", then click Execute. Repeat the process till you complete all requirements for MySQL.
  4. Sign up for Google Cloud Platform, and setup Cloud SQL instance named it as "wordpress" to match the config file. Assign IP Address, and add your home/work IP Address to the list of Authorized IP Address so you can connect to you Cloud SQL instance.
  5. Edit app.yaml and wp-config.php replacing any instance of your project-id to match the Project ID you entered in the Cloud Console when you signed up for a Google Cloud Platform project.
  6. In MySQL Workbench, create database wordpress_db, add this information e.g. root and db password to our wp-config.php file.
  7. To launch WordPress locally on Windows, you can use the Google App Engine launcher by going to File > Add Existing Application. In Application Path, browse to the location of your wp-appengine folder. For my setup, I have my wp-appengine folder in d:\wp-appengine. Click on Add to continue.
  8. Click Run. Now, with App Engine running locally visit http://localhost:8080/wp-admin/install in your browser and run the setup process. If you're having issue, check the troubleshooting issues below.
  9. Continue the wordpress setup, e.g. Site Title, Username, Password, Email Address, etc. Click Install WordPress. Wait to complete the setup, you will see SUCCESS.
  10. Browse to your WordPress (http://localhost:8080/) and check all if everything are working OK
  11. Update your WordPress, Plugins and Themes. If all looks good, you can upload your application, select the project and click Deploy (or by using this command $ appcfg.py update APPLICATION_DIRECTORY).
  12. If all looks good, upload your application using Google App Engine launcher. Click Deploy, it will prompt you to enter your Google email address and password, check the Project name just to make sure. Click OK to continue.
  13. Just like you had to do with the local database, you will need to setup the Cloud SQL instance. Start MySQL client to connect to Cloud SQL using assigned static IP, root, and password. If you haven't update the password, go to Control Access to update the root password.
  14. You need to run the install script again for the live site, replace the <PROJECT_ID> with your project ID. visit http://<PROJECT_ID>.appspot.com/wp-admin/install.php to complete the setup.
  15. Activate the plugins e.g. Google App Engine for WordPress and Batcache Manager.
  16. In Google App Engine for WordPress, go to Settings to check the default bucket name using your project id .e.g <PROJECT_ID.appspots.com. Click Save to finish.
  17. You should be able to see your website dashboard. Visit your website, and finish up using your own theme and plugins.
  18. Done. I hope this help you install your WordPress using Google App Engine.
Let me know if using Google App Engine improves the response time of your website, secure and economical to use Google for hosting. Share your thoughts.

Troubleshooting:
Issue#1
When I first click Run, it does not work. I checked the logs and got this information.
Traceback (most recent call last):
  File "C:\Program Files (x86)\Google\google_appengine\dev_appserver.py", line 83, in <module>
    _run_file(__file__, globals())
  File "C:\Program Files (x86)\Google\google_appengine\dev_appserver.py", line 79, in _run_file
    execfile(_PATHS.script_file(script_name), globals_)
NameError: name 'execfile' is not defined
2014-11-05 10:55:59 (Process exited with code 1)
Answer:
I download python 2.7.8, installed.
In Google App Engine launcher, click Edit, Preferences. In Python Path, I have it as D:\Python27\pythonw.exe, where I installed python in my local D drive.

Issue#2
Use an application-specific password instead of your regular account password.
Answer:
Create application-specific password in your Google account security setting where you activated two-factor authentication.

Source: Whaddya.com


Wanted Logo Designers at Retune.com

Calling all Logo Designers for submission.

We are looking for LOGO designers to provide a professional logo to all the domain names that we sell in our market place. An excellent opportunity to earn extra income and exposure of your portfolio. You can see all available domain names that requires a logo in our market place.
Guidelines to submit a logo:
  • Check if a domain name in our market place need a logo. We encourage multiple submission from different logo designers.
  • Original creation of logo.
  • 1024×1024 png and photoshop format for review.
  • When your logo is selected, it will be added to the domain name sale page.
  • If you think your logo is better than the existing logo in our market place, send us an email for review.
  • Your logo design is not exclusive to a domain name. We can add multiple logos in one domain name from different designers. When a buyer selected your logo, you will get a sale commission. If two or more logos are selected, the commission will be divided.

Monitoring Office 365 Emails.

Applicable to Office 365 with Administrator privileges to manage corporate emails.

Here's an example on how to use Office 365 Mail Flow rules:
The business owner (normally your company CEO or President) requested to monitor one or more of your employees mailboxes. Basically, he/she would like to know the incoming and outgoing messages without the employees knowing about it.

Disclaimer: Before you apply this mail flow rule within your organization. You need to have an official permission request from the Authorized Users e.g. Business Owner, President or any Authorized Personnel.

You need to create two new mail flow rules, for sender and recipients.

In Exchange Admin Center, click the Mail Flow, then click on (+) to create a new rule.
Create a New Rule.
Fill up the following entry fields.
Name: for example "Monitor - Sender" to monitor email sender.
Apply this rule if, select "The Sender is ..." this will pop-up your organization email list. Select the name of the mailbox you want to monitor.
Do the following, select "Bcc the message to ..." this will pop-up your organization email list. Select the name of the mailbox to receive blind copy of emails. For example, KING Monitor Mailbox.

See depicted image below.

Choose a mode for this rule, select "Enforce". Click on Save.

And the second part of this instruction.

Create another New Rule.
Fill up the following entry fields.
Name: for example "Monitor - Recipient" to monitor email sender.
Apply this rule if, select "The recipient is ..." this will pop-up your organization email list. Select the name of the mailbox you want to monitor.
Do the following, select "Bcc the message to ..." this will pop-up your organization email list. Select the name of the mailbox to receive blind copy of emails. For example, KING Monitor Mailbox.

See the depicted images below:

To test your mail flow rules, login using your KING Monitor Mailbox to see if the sending/receiving mail flow  rules blind copied Monitor Mailbox.

Hope this help you perform your job.

Sponsored by NeedName.com Domain Name Registration Services for Entrepreneurs and Small-Mid Businesses.