Profile cover photo
Profile photo
StarForce
45 followers -
StarForce Technologies has extensive expertise in protecting digital information from copying, hacking and unauthorized use. Since 2000 we have been successfully developing and implementing our state-of-the-art software solutions to provide copyright and intellectual property protection worldwide.
StarForce Technologies has extensive expertise in protecting digital information from copying, hacking and unauthorized use. Since 2000 we have been successfully developing and implementing our state-of-the-art software solutions to provide copyright and intellectual property protection worldwide.

45 followers
About
Posts

Post has attachment
Pangea Inc. has selected the StarForce ProActive solution to protect the ModERn software suite intended for complex analysis and processing of drilling data, from piracy and illegal distribution.

http://www.star-force.com/press/news/index.php?news=2801
Photo
Add a comment...

Post has attachment
After launching a JavaScript and Ruby security alert program a year ago, the now Microsoft-owned GitHub code hosting site is expanding the alerts to projects using the popular Python language.

The project’s aim was to help developers identify vulnerabilities in dependencies written and shared in JavaScript and Ruby. GitHub’s dependency graph helped spot bugs in certain dependencies and pointed developers to known fixes.

Public repositories automatically get the security alerts while private repositories need to opt into the security device.

Un-noticed vulnerabilities in open source libraries written in Ruby, JavaScript, Python and other languages is a widespread problem according to open-source vulnerability tracker Snyk, which scanned 1,000 projects on GitHub and found 64 percent were vulnerable to at least one flaw. One of the main problems was that shared code spread the same vulnerabilities to multiple projects.

The expansion of the service to Python could have a big impact. One of the most popular projects written in Python is Google’s open source deep leaning framework Tensorflow.

The security alert initiative has turned up a huge number of vulnerabilities — four million to be precise — in over half a million repositories with project dependencies written in Ruby and JavaScript.

Within a month of launching, the service found 450,000 vulnerabilities that repository owners removed or updated.

Python is probably a good target for this program given its rapid ascent among data scientists and, according to coding community site Stackoverflow, Python is the fastest growing language used by developers.

The alert service is starting small with a “few recent vulnerabilities” however over the coming weeks older Python bugs will join the program, allowing an ever greater feed of vulnerability alerts that developers with Python dependencies can fix.

#github #ruby #javascript #python

Source: cso.com.au
Photo
Add a comment...

Post has attachment
Protection Technology, Ltd. has obtained FSTEC license

Protection Technology, Ltd. that is known for its StarForce, AsPack, ActControl, and SoftControl trademarks on the market, has obtained a FSTEC license for the development and production of the tools for protection of confidential information.

http://www.star-force.com/press/news/index.php?news=2800
Photo
Add a comment...

Post has attachment
Timehop, a mobile app that surfaces old social media posts from the same day but from previous years, has announced a security breach affecting its entire userbase of over 21 million users.

Not all users were affected to the same extent. The company said a hacker gained access to its infrastructure and stole details on its users that included usernames, emails, telephone numbers, and access keys.

Intruder mainly stole Timehop account access keys
Timehop says that not all users had an email address or phone number attached to their account. Only 22% of its 21 million userbase —roughly 4.7 million users— had a phone number attached to their account. Further, not all usernames contained users’ real names.­

Nonetheless, the hacker stole the access keys for all 21 million users. These access keys link the Timehop account to various social media accounts from where Timehop pulls older social media posts and images.

Timehop says it de-authenticated all accounts so the hacker won’t be able to use any of these access keys to retrieve data from its users' third-party social media account, such as Facebook, Facebook Messenger, Twitter, or Instagram.

"To reiterate: none of your 'memories' - the social media posts & photos that Timehop stores - were accessed," Timehop said in a statement. "We have no evidence that any accounts were accessed without authorization."

The company said it is now working with law enforcement and cyber-security firms to track down the intruders and secure its infrastructure.

Intrusion took place back in December 2017
According to preliminary evidence from the investigation, the intrusion took place on December 19, 2017, when a hacker gained access to an admin account for Timehop’s cloud infrastructure. Timehop says it failed to secure that account with multi-factor authentication, making the attack possible.

The hacker logged into this account on four separate days in December 2017 and March and June 2018, during which it carried out reconnaissance operations.

The intrusion went undetected until July 4, when the intruder started exfiltrating the company’s database. Timehop says it detected the operation and cut off the hacker’s access two hours and nineteen minutes later.

The company said it now secured all accounts with multi-factor authentication to prevent further intrusions., and is putting other security measures in place.

Source: www.bleepingcomputer.com

#timehop #security
Photo
Add a comment...

Post has attachment
If you used the SFContent.com service to protect video and audio files, you might have noticed the ‘Creating a playlist’ step in the protection process. Such playlist is provided as an SFM3U file and can open from StarForce Player, the multimedia player. This is highly convenient if you protect several files that should play back in a certain order.
Add a comment...

Post has attachment
Add a comment...

Post has attachment
It’s been an unexpectedly slack day for digital comms services. It’s not just workplace IM tool Slack suffering outages but end-to-end encrypted email service ProtonMail too.

In the latter case, the company has blamed several hours’ worth of sporadic outages on a major DDoS attack.

In a statement on Reddit the company says the attack is “unlike the more ‘generic’ DDoS attacks that we deal with on a daily basis” — which in turn meant its upstream DDoS protection service (Radware) needed more time than usual to mitigate the attack.

The longest outage has been “on the order of 10 minutes,” according to ProtonMail.

Back in 2015 the then fledgling startup suffered a major DDoS attack. And felt compelled to pay a ransom to fend off the hackers — a decision which earned it criticism from some segments of the security industry, and is perhaps coming back to haunt it now. Although the experience also led ProtonMail to spend on upgrading its defenses.

Since then it’s had a good record with uptime, despite dealing with DDoS attacks on a daily basis.

That said, while it’s claiming today’s attacks were orders of magnitude bigger than usual, its CTO Bart Butler also sounds less than pleased with how things went down today, tweeting in response to a user: “We will be evaluating this incident in the future, as it definitely should have been handled better.”

“Radware is making adjustments to their DDoS protection systems to better mitigate against this type of attack in the future,” the company also writes on Reddit. “While we don’t yet have our own measurement of the attack size, we have traced the attack back to a group that claims to have ties to Russia, and the attack is said to have been 500 Gbps, which would be among the largest DDoS’s on record.”

“It is multi-vector, and they are dynamically changing the type of attack traffic they are sending at us, so it’s a higher level of sophistication than the usual ones,” founder Andy Yen told us, in the midst of firefighting the attack earlier today.

He also pointed out that the attackers’ Twitter feed included them having “called in a lot of fake bomb threats recently,” adding: “They are clearly bad actors and we will pass on any intelligence we gather to the appropriate authorities after we make our own investigation and research.”

Source: techcrunch.com

#protonmail #ddos
Photo
Add a comment...

Post has attachment
New features in SoftControl 4.4 were developed in collaboration with our customers’ engineers. The basis of these features is the generated best practices in implementing multilevel protection methods for sensitive infrastructure.
Add a comment...

Post has attachment
ntel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications.

A team of researchers at the Systems and Network Security Group at Vrije Universiteit Amsterdam, in the Netherlands, say they were able to leverage the security weakness to extract crypto keys from another running program in 99.8 of tests on an Intel Skylake Core i7-6700K desktop CPU; 98.2 percent of tests on an Intel Broadwell Xeon E5-2620 v4 server CPU; and 99.8 per cent of tests on a Coffeelake part.

Their code was able to lift a secret 256-bit key, used to cryptographically sign data, from another program while it performed a signing operation with libgcrypt’s Curve 25519 EdDSA implementation. It took roughly 17 seconds to determine each of the keys using machine-learning software and some brute force, according to a paper detailing the attack, seen by The Register this week.

"The end-to-end attack time is composed of: 2ms of capture time; 17 seconds of signals analysis with the trained classifier; and a variable amount of brute-force guessing with a median work factor of 213, taking a fraction of a second," the team – Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida – stated in their paper.

The extraction technique is not reliant on speculative execution, and thus is unrelated to Spectre and Meltdown. Instead, it builds upon the exploitation of Intel's Hyper-Threading technology and the processor caches to leak data, which is a known security problem with its own mitigations.

The technique has thus been dubbed TLBleed as it targets a CPU's TLB: the translation lookaside buffer, which is a type of cache. The difference between TLBleed and previous cache-based attacks, according to the VU Amsterdam researchers, is that protections to thwart side-channel snooping on memory caches are not guaranteed to block TLB spying.

Before we get into the more technical stuff, we should stress that this is not the end of the world because, first, you need malware running on, or a malicious user logged into, your system to exploit it. Second, no one right now is leveraging the weaknesses in the wild. There are easier ways for hackers to extract data from a computer or other device, via security bugs in browsers, PDF readers, email clients, and so on.

And, third, exploiting this TLB side channel is non trivial.

However, if you are worried about cache-based attacks – such as, if you're running a virtual machine on a public cloud platform, and fear neighboring guests are trying to snoop on you – then you should be paying attention.

"Don't panic: while a cool attack, TLBleed is not the new Spectre," one of the researchers, Ben Gras, said on Friday.

Spurce: theregister.co.uk

#intel #tlbleed
Photo
Add a comment...

Post has attachment
Despite being long outdated, a surprising number of people still use Windows XP or Windows Vista today. For PC gamers, this will soon no longer be a viable option. We’ve already seen Blizzard drop support for Microsoft’s legacy operating systems, and soon, Steam will be doing the same thing.

Lots of people love Windows XP and see it as one of Microsoft’s best operating systems ever. Windows Vista… Not so much. Users of either legacy operating system will no longer be able to use Steam as Valve is dropping support at the start of next year.

Valve made this announcement in a Steam Support page update late last week. Valve says that the newest features in Steam use an embedded version of Google Chrome, which also no longer works on Windows XP or Vista. Valve doesn’t want to hold back Steam improvements in order to support legacy operating systems, so official Steam support for XP and Vista will be coming to an end.

Those still using Windows XP or Vista will continue to be able to use Steam for the rest of the year, but any new features (like the new Steam Chat beta) won’t be available. From the 1st of January 2019, Steam will become unusable on these operating systems.

Of course, the recommendation to get around this is to upgrade to Windows 10.

Source: www.kitguru.net

#valve #steam #windows #windowsXP #windowsVista
Photo
Add a comment...
Wait while more posts are being loaded