Social Items



UC Browser for Android has been saddled with a flaw in the "hidden" feature used to side-load new libraries and modules from the company's servers unto users' devices, which could be exploited by hackers to remotely download and execute malicious code on Android phone.

According to Dr. Web, the browser downloads new plugins from the UCWeb server over an insecure HTTP protocol, thus opening the browser up to hackers who can remotely perform a man-in-the-middle (MiTM) attacks to push malicious modules to targeted users' devices.

And given that UC Browser works with even unsigned plug-ins, it could launch the malicious modules without any form of verification, with the hackers having only to hook up to the server response from http://puds.ucweb.com/upgrade/index.xhtml?dataver=pb, replacing the link to the plug-in and the values of attributes.

The researchers at Dr. Web demonstrated just how easy it is to replace a plugin to view PDF documents over a malicious code using an MiTM attack, by forcing UC Browser into compiling a new message, instead of to open the file.

These sort of attacks can be leveraged by cybercriminals to spread malicious plug-ins, which can be used to display phishing messages aimed at stealing the username and password of users, including banking details, and other personal information.

Also, the Trojan modules could be used to access protected browser files to steal passwords that are stored in the program directory.

This flaw is present in both UC Browser and UC Browser Mini, even the latest version of the browsers released to date. And surprisingly, UC Browser is among the most popular mobile browsers, especially in India, and the home country China, with massive user base of over 500 million users worldwide.

UC Browser flaw could allow Hackers to remotely hijack your Android Phone



The “dynamic email” feature brings enhancement to Gmail by eliminating the need to open separate tabs in order to accomplish a task, just like the dynamic replies that pops up in response to received messages.

While the dynamic email feels somewhat like an extension of dynamic replies, or rather the autocomplete functions available in Google Search, it works by directly embedding a small portion of the web into Gmail pane, in order to automate some tasks.

The feature works as follows, if for instance a collaborator comments on a line in a sales pitch, you'll be notified via Gmail to take action, but instead of been forced to open a link to the document, you can simply add a comment directly in the email, and the comment will be automatically added to the document.

Google commenced the roll out on Tuesday, and for those using the email app to access Gmail, the dynamic email functions won’t be available, instead they’ll see a static page, though the company has promised extending the feature to the mobile app soon.

Albeit, there are many partners to the dynamic email service and also advertisers, which include: Booking.com, Despegar, Doodle, Ecwid, OYO Rooms, Pinterest, Freshworks, Nexxt and redBus.

The partners bring such features as for example, Pinterest will send a list of trending pins, which you can add directly to your boards on the platform via Gmail. And OYO Rooms bring listing of suggested rooms including the ability to hover over photos in the email to see characteristics of the particular room, or even launch new pages right within Gmail.

Google, however claims that every partner in the dynamic email service undergoes a review, and Gmail users can opt out of the dynamic email if they're not comfortable with it, and revert back to the static page.

Google rolls out Dynamic Email to the web-based Gmail bringing more enhancements



Microsoft has launched an open source static-type-checking system for Python, called Pyright, that assures faster type checking for Python than other similar projects, without requiring existing Python runtime.

Pyright is designed to be used as a Visual Studio Code plugin, written in TypeScript and runs on Node.js, though it can also run as a standalone command-line tool.

According to Microsoft, Pyright is “typically 5X faster” than other Python type checkers which are mostly written in Python itself, such as Pyre, Mypy, and Pytype. And the performance of these other tools aren’t quite efficient as it depends on the systems behind it and the individual code bases. While the actual writing of these tools in Python may be convenient, but they can't run any faster than Python itself, and Python’s runtime by default doesn’t emphasize speed performance.

Albeit, Pyright relies on Python’s own type stub information to perform its analyses, so as to be able to be kept in sync with Python even though it isn’t written in the programming language, as type-checking systems for Python are for the sake of ensuring a program’s runtime correctness, not for speeding up Python applications.

It supports all the major type-related syntax currently available in Python—type hints, even variable notation syntax, and structural subtyping; also in many circumstances, supports type inference.

Pyright offers slightly above what Microsoft’s Python Language Server brings to the table, though the main focus is type checking.

The project, however is still a work in progress, with some features as yet unfinished, including: type inference for generators or validation for async/await declarations. But whether the program will be able to compile type-annotated Python to a more performant language, for example, compiling type-annotated Python to C, remains to be seen.

Microsoft launches Pyright, an open source static-type-checking system for Python



Pwn2Own is a hacking contest held annually at the CanSecWest security conference in Vancouver Canada, where hackers as contestants try to exploit popular software and mobile operating systems with previously unknown vulnerabilities, and this years event was sponsored by VMware, Microsoft and Tesla.

While the most impressive exploit was wrought by Fluoroacetate team - they opened Edge browser via a VMWare workstation leveraging an exploit to take down the underlying Windows host, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape, for which was awarded a prize money of $130,000.

The Fluoroacetate team comprising the duo of Richard Zhu and Amat Cama was also able to successfully exploit Apple’s Safari by bypassing the sandbox feature using integer overflow and heap overflow in a brute force technique, which earned them a $55,000 reward.

And lastly for the team, they targeted the Firefox web browser by exploiting the JIT bug, which was closely followed by an out-of-bounds rewrite in the Windows kernel and ended up winning additional $50,000.

In the course of the event, the Phoenhex & Qwerty team were able to take down Safari browser through kernel elevation privileges, by triggering a JIT bug on their website and then exploited a Time-of-Check-Time-of-Use (TOCTOU) bug. Apple, however is aware of the bugs, but still considered it a partial win, for which the team earned a $45,000 price money.

The three days event, saw numerous software and operating systems put to test by a dedicated team of hackers and security researchers, with the team from Fluoroacetate haven earned a whopping $375,000 and the deserving title of Master of Pwn for 2019.

Pwn2Own 2019: How the major browsers, Firefox, Edge and Safari fared at the hackathon



Those fans of PewDiePie who have been hit by the ransomware attack, which sort to ensure that people subscribe to PewDiePie's YouTube channel to reach 100 million subscribers, locking away their files indefinitely until the goal is met, can now rejoice as workarounds have been released.

While the PewDiePie-themed ransomware strain first appeared last year, known as PewCrypt, a Java-based ransomware that encrypt users’ files that can only be recovered at a given time in the future when the target goal has been achieved, and in this case, getting PewDiePie's YouTube channel to reach 100 million subscribers.

The PewDiePie ransomware is poorly written and a modified version of the ShellLocker ransomware, albeit the later never saves or uploads the encryption keys, which results in permanent locking out of files.

PewCrypt victims are supposed to wait until PewDiePie gains 100 million followers before they are allowed to decrypt the affected files, they can't buy the decryption key from anywhere. And to worsen the case, PewCrypt threatens to delete the entire files of users forever, if T-series reaches the 100 million subscribers mark first.

But the author of PewCrypt has released the ransomware’s code on GitHub and the command-line-based tool for decryption to help those who have been affected by the ransomware.



Additionally, there is a decrypter app for PewCrypt launched by Emsisoft to help all those affected by the ransomware to retrieve their files, even before the supposed goal of PewDiePie reaching 100 million subscribers.

PewDiePie Ransomware: How to Decrypt Files affected by the ransomware



Microsoft had bundled its next generation antivirus software in the Windows 10 Fall Creators’ update, bringing more enhancement to the Windows Defender Advanced Threat Protection by moving it up from isolated defenses to a smart, interconnected, and coordinated defense grid that is intelligent, simple to manage, and ever evolving.

Now, Microsoft has extended the Windows Defender anti-malware system to Apple macOS, which expansion reflects its growing cross-platform nature; while the application suite has been renamed as Microsoft Defender ATP, with the designated labels "Defender for Mac" or "Defender for Windows" for individual clients.

The Defender for Mac will focus more on signature-based malware detection as a start, albeit the Defender ATP for Windows track various system behaviors and report to the ATP cloud service, which helps to detect threats even without any piece of malware detected.

While the macOS malware issue has become commonplace, with ransomware running rampage on the platform in 2016, and other malicious attacks for which Apple was forced to integrated some malware protection into macOS, but that has not guaranteed maximum protection for Mac users.

And this unfortunate situation has seriously impacted the corporate usage of the product; while Microsoft Windows has a good range of security tools that ensure the systems are secure and kept up-to-date, even alert administrators if there is any cause for alarm, but no such security system for the Apple ecosystem.

The new software suite is currently available as a preview for limited Mac devices running macOS High Sierra and above, with users needing to apply to the program to use it, whereby Microsoft will contact those users via email once their applications are approved.

Microsoft also promised to bring the unified security solutions to other “platforms” which perhaps, may suggest that the Defender Advanced Threat Protection (ATP) will soon be available for Linux devices as well.

Microsoft extends Defender Advanced Threat Protection (ATP) to Apple Mac



Tekton, is Google's new open-source project that offers a Kubernetes-native framework for building CI/CD systems that's fully capable of running anywhere Kubernetes can, and also work with any existing CI/CD servers.

While Kubernetes serves as a hedge against cloud lock-in, the new project features a shared building blocks for creating cloud-native CI/CD pipelines, whereby developers can easily build and deploy software across multi-clouds or for on-premise systems.

Tekton will enable developers to deploy immutable images, and have control on different infrastructure, with components provided to standardize CI/CD tools across different languages and environments. And the components are able to work with CI/CD tools like Knative, Skaffold, Jenkins and Jenkins X, while leveraging Kubernetes and the cloud for CI/CD, and providing automation pipeline.

It also work well with Google Cloud Platform with Kubernetes tools, which can be deployed to Google Kubernetes Engine and supporting artifact storage and Google Container Registry.

Additionally, Tekton can be deployed across different environments such as serverless platforms, VMs or Firebase. With key capabilities including: Pipelines running on the Kubernetes container orchestration platform, allowing developers to combine containers to form complex pipelines.

And also leveraging containers as building blocks, through Tekton Pipelines, with Kubernetes clusters as a first-class type with the Tekton Pipeline.

Tekton toolkit offers Kubernetes-native framework for building CI/CD systems



Google has announced the public availability of Sandboxed API, for easy sandboxing of C and C++ libraries and creating secure and reusable implementations of functionality residing within other popular libraries.

While it is pretty common for applications to be affected by different types of vulnerabilities that could be exploited for remote code execution, sandboxing is a technique that helps to mitigate those problems, by isolation the app processes employed by software developers.

Albeit, the tasks of sandboxing are often very demanding, therefore the open-sourcing of the Sandboxed API by Google will makes it relatively easier to create security policies for individual software libraries, and offer granular protection for reusable software infrastructure.

The API can also separate the library to be sandboxed from a high-level perspective, with callers into two separate processes: the sandboxee and the host binary. And actual library calls marshalled by an API object from the host side and forwarded via inter-process communication to the sandboxee whereby an RPC stub unmarshals and send calls to original library.

It is currently implemented for software libraries written in the C programming language (C bindings), though Google has promised adding support for more programming runtimes in the near future.

Additionally, Google is making publicly available the core sandboxing project, Sandbox2, which is now part of Sandboxed API as the underlying sandboxing primitives. But it can also be used as standalone to isolate arbitrary Linux processes, which is considered a lower-level API.

Google Open Sources Tool for Securing C and C++ Software Libraries, Sandboxed API



Slack, the popular collaboration software has made it possible for enterprise customers to have more control over their sensitive data, including: email messages, business files and team chats, with the release of enterprise key management (EKM).

The EKM feature is available for all customers of Enterprise Grid, which product is targeted at large organizations, to give those businesses more control over the keys used to encrypt/decrypt data in the collaboration application.

It will avail businesses the means to better secure their most sensitive data, and perhaps open up the door for new entrants like banking and financial services to embrace the team collaboration software.

Cisco is perhaps the only team collaboration software vendor to provide customers with encryption/decryption keys, but with Slack’s EKM, IT administrators now have the ability to revoke access to data within a Slack channel, instead of total disruption of access for all users on the platform.

While Slack do encrypt data in transit and at rest, the company does not yet have plans of bringing end-to-end encryption to its service, which rivals like Cisco Webex Teams and Symphony do provide.

Slack is hoping to appeal more to its Enterprise Grid customers, with about 150 businesses already using the service, including 21st Century Fox and Capital One.

Slack's Enterprise key Management to give businesses more control over sensitive data



The Windows Defender Application Guard was formerly released explicitly for the Microsoft Edge browser, and works by isolating the contents of a tab in the browser from the rest of the system.

Just like sandboxing, it blocks websites and downloaded files from accessing the system, thus prevents malware in the virtualized “container” access to the user’s confidential information, making it also impossible to access data or connect with other systems on a network.

And as the tab is closed on shutting down the browser, or on logging out of the PC, any malware that managed to get into the container is tossed away.

Microsoft extended the Windows Defender Application Guard functionality to Chrome and Firefox browsers via an extension, alongside the announcement of Windows 10 Insider Preview build 18358.

The extension works the same way as in Edge browser, by crosschecking entered URL against a list of trusted websites, which when found an untrusted site, will open in a sandboxed tab, from there then navigate to the website, so as to protect your system.

While the anti-malware technology had undergone some major testing under Windows Insiders running Windows 10 Enterprise, this is the first availability outside the Microsoft Edge browser.

Albeit, the extension is currently available to Windows Insiders, but will be publicly available to use on Windows 10 version 1803 or higher when it's official released, though it may require Windows 10 Pro or Enterprise edition.

Microsoft extends Windows Defender Application Guard to Chrome and Firefox browsers



The general-purpose C++ development environment, CIDLib is now open to the public, with the lighter use of C++/STL libraries templates as its advantage over what's been commonplace, making it easy to debug, been based on a virtual kernel.

While CDLib is currently available only for Window, based on a virtual kernel that abstracts from the operating system and a Linux implementation developed years ago still requiring some more update to be fully functional today.

CIDLib employ some third-party code, which includes the Scintilla engine as the CML language source editor and also parts of the standard JPEG libraries that provide support for the JPEG file format.

It served as a foundation for the Charmed Quark Controller (CQC), a supposedly proprietary home automation platform for years, and the environment has got a pretty matured code base.

Additionally, CIDLib has about 1,100 classes and functionality which includes: serving as build tools for project definition system, resource compiler, and loadable text system. It also provides an embeddable, virtual machine-based language called CML and IDE for CML editing and debugging, coupled with virtual kernel platform portability layer.

Some other planned features under consideration include support for 3D graphics, more efficient internet telephony, and custom public cryptography system.

The general-purpose C++ Development Environment, CIDLib is now open source



DuckDuckGo (DDG) is a search engine, but unlike Google, it strongly emphasizes on protecting the privacy of its users by avoiding the filter bubble of personalized results, and subsequently, targeted advertising.

While Google is notorious for profiling and tracking users behavior online, DDG distinguishes itself by not profiling its users and sticking to the same search results for every given keyword search, and most probably returning the best accurate results, rather than results generated from individual preferences.

The source code is open sourced and hosted at GitHub under the Apache 2.0 License, though the core is proprietary. It sources its results from over 400 sources, including Yahoo! Search BOSS, Bing, and its own Web crawler (the DuckDuckBot); also uses data from crowd-sourced sites, including Wikipedia, to populate "Zero-click Info" boxes, usually above the results that display topic summaries and related topics.

DuckDuckGo has been growing steadily since launched in 2008, and has taken outside investment to scale its efforts to capitalize on growing international reach for its pro-privacy products, which Google has recently recognized the importance of offering consumers a private search option, by adding DuckDuckGo in the Chrome 73 available search engines for over 59 countries.

Google had quietly updated the lists of default search engines available per region on Chrome browser, while expanding the choice of search product users can select from the different markets around the world.

Again, the area of privacy is the big feature that DuckDuckGo sells itself on: As it doesn't log what you're searching for, and will only put up occasional advertising, which isn't personalized at all, and you can easily disable it.

What's more, even the sites you visited know nothing about the search terms you used to find them, and that's something other search engines do, while piecing together different clues from your browsing behavior and the data that your computer broadcasts publicly to sell their ads.

Additionally, DuckDuckGo runs the encrypted versions of a site by default. If you're among those of us who are tired of the big tech companies hoovering up data on us, DuckDuckGo will surely appeal to you.

DuckDuckGo: Get to know the fast rising Privacy-focused Search Engine



Google has released Chrome 73 for Windows, Mac, and Linux, with the most noticeable feature coming in the form of dark mode for macOS, which change appears in the Omnibar, Chrome’s tabs, the three dots overflow menu and the bookmarks row.

While users previously can download dark mode themes through the Chrome store to implement a DIY dark mode, but with this latest update it will now work without the help of any third-party theme, as the new feature automatically turn Chrome browser to dark mode if you enable it in the Mac settings.

The dark mode is akin to Chrome’s incognito mode, but the only difference is that no incognito icon appears on the top right corner, coupled with the fact that no protection from tracking in any sense and logs are kept as per Chrome normal workings.

How to Enable Chrome Dark Mode on Mac



If you wish to enable dark mode on your Mac, simply go to System Preferences, then select General, from there select Dark at the Appearance option, and Chrome will turn into dark mode.



You can also choose to browse the internet in dark mode on Chrome while keeping the macOS Mojave’s own dark mode, by simply using Chrome themes to switch over.

Google Chrome by default doesn’t offer any settings to show on the night mode in the browser itself, before now. And as a consequence, many users had resorted to Google Chrome extension for turning on the dark mode in the browser. The dark mode is most often suitable for night browsing, and you could as well use night time mode in Chrome with the help of Hacker imaginative and prescient extensions.

You can follow the steps given below to add the extension for turning on the night mode. Step 1: From the Chrome store, search for “Hacker vision” extension. Step 2: Click on “Add to Chrome”. Step3: Enter the info when asked with the aid of the extension and provide the necessary permissions. That's it.

Google had promised that “Windows support is on the way”, so you can use the above methods if you wish to use dark mode on Windows.

How to Enable Dark Mode on Chrome browser For Apple Mac Computer



Quarkus is an open source framework developed by Red Hat that uses a unification of reactive and imperative model programming to solve the issue of distributed application architectures such as serverless and microservices. It is aimed at a container-first, cloud-native world, as Java development can be a challenge in such serverless environment.

The framework as Kubernetes Native is tailored for GraalVM and HotSpot, developed from the best-of-Java libraries and standards, with the goal of making Java a leading platform in Kubernetes and serverless environments and to offer developers a unified programming model for distributed application architectures.

While most Java developers are used to the imperative programming model, but developers are increasingly adopting to cloud native, event-driven, asynchronous, and reactive model to address business requirements in building highly concurrent and responsive applications.

Quarkus is built to seamlessly bring the two programming models together in a platform, resulting in strong leverage within an organization for significant runtime efficiencies.

It compiles to a native binary running on Oracle’s GraalVM virtual machine, with applications able to run with significantly less RAM and startup time quicker than traditional apps running on the JVM, which better fits serverless deployment. Albeit, Quarkus requires a Java IDE, JDK 8 or later, Apache Maven 3.5.3 or later, and GraalVM for native applications.

Red Hat, however claims that the code is streamlined for 80 percent common usages, with flexibility for the other 20 percent of cases; it employ libraries such as Eclipse MicroProfile and Vert.x, JAX_RS/RestEasy, JPA/Hibernate and Netty, with an extension for third-party frameworks.

Quarkus will serve as an effective solution for running Java in the world of Kubernetes, serverless, microservices, containers, FaaS, and the cloud, haven been designed for these environments from the ground up!

Red Hat’s Quarkus framework aims at Java optimization for distributed Application architectures



Alphabet, the parent company of Google through its cybersecurity outfit, Chronicle, has debuted a new threat analysis tool called Backstory with the aim of salvaging business threats in replication of Google’s own threat detection infrastructure.

Backstory is a cloud-based enterprise-grade threat analytics tool designed to help businesses to investigate cyber incidents quickly, and pinpoint the vulnerabilities for potential fixes.

According to Chronicle co-founder Mike Wiacek, Backstory will thwart the ability of attackers to hide behind the statute of technical limitations, as it offers the solution to store, index, and search unlimited security telemetry.

It tend to solve the telemetry problem by allowing organizations to upload and store their internal security telemetry on Google Cloud and also leverage its machine learning and analytics technologies to monitor and analyze any potential threat.

Due to the high cost of storing traffic data, most of Backstory’s competitors tend to retain but a few weeks of traffic, and most often, critical in detection and stopping of breaches.

Backstory, on the other hand is able to store and surface even years-old data, and akin to SIEM solutions, it converts logs such as: NetFlow, DNS traffic, endpoint logs, proxy logs, into searchable and actionable information to help businesses gain more insights into cyber threats and attacks on their networks.

Additionally, Backstory compares data against "threat intelligence" signals culled from a variety of other sources, including the Alphabet-owned VirusTotal, Proofpoint, Avast and Carbon Black.

Chronicle is currently working with clientele which includes Quanta Services, Siemens, Paccar, and Oscar Insurance, among others.

Alphabet debuts Backstory, a new Threat analysis tool for Businesses



The Firefox Maker, Mozilla has been a staunch advocate of the browser-side protection that block websites from following users online activities, which tracking is especially beneficial for advertisers who are targeting specific users, despite the fact that it invades their privacy.

While the issue of privacy has overtaken the Web service providers lately, and has often been a great bane for most internet users; Mozilla is harping on its new approach taking a leaf off Tor browser’s Anti-Fingerprinting Technique, with the introduction of Letterboxing in Firefox 67 which is scheduled for release in May.

The Letterboxing feature protects against the so-called window-size related fingerprinting, which is often employed in the profiling and tracking of Web users, whereby their personal information are collected from computing devices for identification.

Fingerprints is used by ad networks to identify individual users on the various devices been tracked, and it works even when browser cookies are turned off by the user; but with Letterboxing, Mozilla looks to add gray spaces to the browserside for the web page whenever the browser window is resized and removes all logs after exiting the resize operation.

What this means is that the browser window’s dimensions are masked by the adding of spaces to width and height in the multiple of 200px and 100px on resizing, with the gray spaces added at the top, bottom, left or right of the web page, and as advertising codes follow the window resize events to gather information.

Firefox 67 provides a generic dimension for such tracking to bring back the window to its actual size in milliseconds, thus delays the loading of the page content on the resized window long enough to trick the tracking codes to read the incorrect window dimensions.

This technique has since been in use by Tor Browser, from which Mozilla obviously borrowed the Letterboxing feature and it is currently available in Firefox Nightly.

Mozilla tightens leash on Web tracking in Firefox 67 with Letterboxing



In the fast-paced world of online marketing, it is important to reach out to your target leads. While the challenges of lead generation stem from inaccurate and massive databases leading to low-quality leads and fewer chances of converting them into actual sales.

In order to not spend time in vain, you need a specific tool for lead generation. One of such tools is Snov.io platform which offers two amazing tools, email finder and email verifier. With the email finder tool, you can generate massive leads with ease and find emails of prospects for your outreach program. Besides lead generation, Snov.io email verifier tool ensures that you can remove every invalid email addresses from the email list.

Snov.io Email Finder & Verifier features



  • Automated lead searching: The tool easily scrapes emails from social media channels (including LinkedIn and Twitter) and in general any website. They can be saved for the future in one of the prospects’ lists.
  • Ability to send out emails right from the extension: If you’ve found people you want to reach out to right away, click the Send email button, compose the message, and send it.
  • Domain search: If you need to contact people from one company, take advantage of the domain search. Search for the emails, save them to the prospects list, and later reach out to them.
  • Check emails for validity: Not to increase the bounce rate, check all the email addresses with Snov.io Email Verifier. Delete the invalid emails when the verification if finished.
  • Verify emails right on the webpage with the extension: If you do not love web apps and prefer working with Chrome extensions, that’s not a problem. Activate the extension on the page you need, check the emails, add them to the necessary prospects list.
  • Bulk verification: Upload the list of email addresses to the platform and verify the whole file within a few minutes.
  • Single email verification: If you want to add an email address to the list, verify it with single email verification.


Creating Snov.io account & installing the Chrome extensions



This is the easiest part. Simply go to the Snov.io main page and click the Sign Up button. You can either type in the email address with a password or Sign In with your Google account.

After that, go the Chrome Web Store and search for Snovio Email Finder and Snovio Email Verifier. Add the extensions, then customize the settings, and get ready for successful lead generation.

Steps to creating & managing email lists



The lead generation process won’t take you much time. Surely, everything depends upon the number of people you are going to find: the more leads you need, the more time it will take you to find and verify email IDs.

Step 1. Set up the search criteria on LinkedIn. Activate the Finder by clicking the extension icon. At the bottom, choose the prospects list (note: you can create a new email list right there).



Step 2. Click the Find Emails and Save button. Set the search filters in the extension: the number of pages and the delay time (this will let you not look like parser).



Step 3. Click the Find Emails and Save button. Once the emails are found, go to the app and verify the emails.

Step 4. Go the Prospects tab, choose the necessary email list, and click the Verify current list button. When the process is over, each email can be labeled with one of three colors: red (the invalid email, you’d better delete it from the list), green (real active email address, you can send emails to that recipient), and yellow (uncertain ID, it’s up to you whether to send emails or not).



As it was mentioned already, you can use the Verifier extension as well. Go to any page and click the extension icon. Choose the emails, select the email list, click the Verify button.

You can also use the Campaigns tab on the top menu, to start a triggered campaign and send easily crafted cold outreach automated emails.

Final Thoughts



Snov.io offers a simple, yet effective and robust tool for finding and validating email lists. The easy-to-follow user interface makes navigation easy while it is intuitive and efficient. And the most awesome things are the browser extensions which make the workflow quicker.

Snov.io Review: Unmatched Email Finder & Verifier for Effective Outreach Program



GHIDRA, the powerful reverse engineering tool developed and used in-house by the National Security Agency (NSA) to fish out bugs in software and applications has been released to the public.

While reverse engineering a program means disassembling it, the breaking of binary instructions into assembly code, employed by software engineers to understand the functionality, design and implementation of the software.

The NSA is reported to have developed several hacking tools to break into all versions of software and even control computers, including those running on Windows, MacOS and Linux, of which GHIDRA is one, and tied to the NSA's Tailored Access Operations, it is capable of identifying computers that are vulnerable to malicious third-party software.

GHIDRA is especially useful in the unraveling of weak spots in software and application in order to exploit them by multiple users reverse engineering the same binary at a time.

It includes all the new and expanded functionality of NSA reverse engineering capabilities uniquely developed, and works with a variety of processor sets; instruction and executable format, also able to run in both user-interactive and automated modes.

GHIDRA has been warmly received by the infosec community, who have already started contributing to the project on its Github issue tracker. And the good news remains that the NSA has open sourced the tool with Apache 2.0 license, which it claims is a contribution to the cyber-security community.

GHIDRA, the NSA’s in-house Reverse Engineering tool now Open Source



WebRTC (Web Real-Time Communication) brings Skype-like functionalities to the web browser, allowing users to do voice or video chats without the need to install browser plug-ins. And most of the popular browsers have integrated the WebRTC component, including Mozilla Firefox.

While many users have come to like the WebRTC’s functions and convenience, but the technology is plagued with IP address leak issue. That’s the more reason many people who prioritize privacy to any convenience have resorted to disabling WebRTC in their browsers.



How to disable WebRTC in Firefox browser

If you’re a Firefox user, you can disable WebRTC either through the browser settings or via add-ons.

To disable WebRTC via browser settings, just follow these steps:

On the address bar, type about.config. Press Enter. Next appears a warning screen. Click “I accept the risk!” In the search box below the address bar, type media.peerconnection.enabled to select this specific preference.

Once this preference is selected, double-click it to change Status from “default” to “modified” and the Value from “true” to “false.” With these steps, you have now disabled WebRTC in your Firefox browser.

Disabling WebRTC via add-ons

You can disable WebRTC in Firefox using add-on; which can be found in the Add-ons Manager. Below is a step-by-step process for installing a WebRTC-disabling add-on:

Open the menu at the top-right corner. Select “Add-ons.” The Add-ons Manager opens in a new tab. Find WebRTC-related add-ons by typing “WebRTC” in the search bar. Press Enter. Search results will appear in another tab.

For illustration, let’s select the WebRTC Control add-on. You will be directed to WebRTC Control’s page. Click “Add to Firefox.” At the pop-up window, click “Add” to begin installation.

Once you have installed the add-on with these simple steps, you’ll notice an icon that will appear on top of Firefox. If you wish to disable/enable WebRTC, simply click on the icon to toggle on/off.

However, the toggling mechanism may differ for some add-on. But in comparison to the manual process in the previous section, add-ons provide a quicker way to disable WebRTC.

Why it is necessary to disable WebRTC in Firefox

If you should leave WebRTC “on” at all times, you’re exposing yourself to hackers and trackers as WebRTC can expose your IP address through IP leaks. In some instances, not even a VPN or a proxy can protect you from it.

According to the security research firm, VoidSec, roughly 23% of tested VPNs are affected by the WebRTC leak. To make matters worse, WebRTC is “on” by default in most browsers.

Why a VPN can't protect you from WebRTC leaks?

Yes. For VPN users, it’s not the end of the world. Apparently, the flaw lies in the browsers, not on VPNs themselves. Those VPNs which were smart protected their users in advance, so only a few VPNs were part of the 23% that’s affected by WebRTC leaks.

If you don’t need WebRTC at the moment, why not disable it to preserve your online privacy? If you’re using Firefox now, then the two methods we described above should help you disable WebRTC in no time.

Lastly, go with a trusted VPN service that will constantly provide you with protection and security. If you’re looking for a reliable VPN—particularly one that’s unaffected by WebRTC leaks—then check out this Ultimate list of the best VPNs today.

How to Disable WebRTC in Firefox browser & Prevent IP Address Leaks



The Linux Foundation has launched new open source Project, called ELISA (Enabling Linux In Safety Applications), with the main aim of building Linux based applications for safety-critical systems.

While the term safety-critical system implies those setups in which any failure could lead to actual damage in property, environmental degradation or injury to the workforce; the ELISA project has the lofty idea of ensuring fail proof for such critical Linux-based systems.

It is founded on the fact that computers today are used in virtually every business establishments, with different kinds of applications, many of which have serious consequences in any case of failure.

For instance, imagine the consequences if there is a major system failure for medical devices in emergency situations, or failure in the systems on self-driving trains, autonomous vehicles, and factories where the most dangerous tasks are handled by machines.

Linux will be leveraging on its SIL2LinuxMP Project which is involved in the development of certification for the base components of embedded GNU/Linux RTOS running on a single-core or multi-core industrial COTS computer board.

Also, Linux Foundation will be able to build on the infrastructure and support of the broader Linux community to make this initiative successful, haven already garnered the support of well-established corporations like Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.

Project ELISA: Linux Foundation working on Safety-Critical Linux Systems



OperatorHub.io is a centralized public registry for sharing Kubernetes-native services, whereby the Kubernetes community can find and share Operators, spearheaded by Red Hat in collaboration with other public cloud leaders.

While Operators is a method of packaging, deploying and managing Kubernetes apps, which before now, is pretty difficult to find. It is originally developed in 2016 by Red Hat’s CoreOS unit, but with the OperatorHub.io platform the company aims to address the problem of unavailability and to make it easier to find curated Operators of high standard.

And as the Kubernetes ecosystem continues to grow with the formation of the operators’ hub, Red Hat hopes to lower the barrier for bringing applications to Kubernetes, with the Operator-backed services playing a critical role in lowering this barrier by enabling application owners to use services that can provide the flexibility of cloud services across Kubernetes environments.

The key benefits been that everything that is listed in the public registry is checked for certain standards, and haven been listed means that the Operator shows cluster lifecycle features, with packaging that is maintained through the Framework’s Operator Lifecycle Management.

Aside the listing of trusted Kubernetes Operators, the registry will also be expanded as new operators are vetted and certified for inclusion. The list is currently made up of the AWS Operator and CoreOS Operator along with database tools from Crouchbase, CrunchyData, MongoDB, Percona and Redis.

The concept of integrating applications natively in Kubernetes from a lifecycle perspective has gotten tremendous adoption throughout the open source and Kubernetes community, as such, the common repository is hugely welcomed by many, including public cloud leaders like Amazon Web Services, Google Cloud and Microsoft.

OperatorHub.io: A Centralized public registry for sharing Kubernetes-native services



Google's push to ensure that Android OS is up-to-date led to Project Treble, the remodeling of the Android architectural framework establishing a modular base in which lower-level code created by vendors is separate from the main operating system.

The new framework model means that device manufacturers can easily update the code without relying on silicon vendors to refresh the lower-level codebase, thus allowing faster, easier, and cheaper software update for phone manufacturers.

While the biggest issue with Android is fragmentation, with numerous OEMs saddled with the churning out of devices; for every new Android version, the phone makers have to wait for the chipset vendors to provide the update to processors to update the areas of the code related to the hardware.

But with Project Treble, the hardware-specific elements are now a crust, which remains in place for device's lifespan. And whenever new Android version is released, the phone maker focuses only on its part of the process, that is the filling, without having to wait for any other vendor to provide a refresh to the architectural code.

The process actually started with the release of Android 8.0 Oreo, whereby the boundary between the operating system and the lower-level code was separated, and eventually, the new Android 9 Pie software will mark the first time the setup will be complete and operational.

All the major chipset vendors are fully in support of it, with a significant number of Treble-ready devices already out, so smartphones running Android 8 should be able to receive version 9 much quicker.

And perhaps, Google’s Project Treble could ramp up the number of phones running Android Pie, as it gives manufacturers a clear way to update from Oreo to next version without any fuss.

How Google's Project Treble will impact the upgrade of Android Operating System

Library Genesis (LibGen) is a specialized search engine for free eBooks, with categories covering numerous topics, and allows access to otherwise paywalled or non digitized content that may be unavailable elsewhere.

LibGen had lifted PDFs of content from Elsevier's ScienceDirect web-portal, with database containing more than 2.7 million books and 58 million science magazine files, and the academic publisher Elsevier filed a major complaint against the site accusing it of pirating its academic publications and offering them up for free.

While the original portal, LibGen.io has been blocked by most of the ISPs in the United Kingdom, but such blocks as DNS-based can do little to deter adventurous users from gaining access to the site.

The domain name libgen.org, was equally shut down following the directives of the District Court for the Southern District of New York in late October 2015, but still the site is accessible through other alternate domains.

How to Access LibGen for Free eBooks safely



At the moment, there are many alternative working domains for the Libgen project, albeit most are hosted and run in the Russian domains, making it more difficult for such negative legislation to apply.

But we'd recommend http://ten.lib.rus.ec as it has been up and running for quite sometime, and assures of continuity into the future.

Steps to Downlaod Free eBooks from Library Genesis



Go to: http://gen.lib.rus.ec/

Enter the title of any book that you want to download, and click on search, the results could come in the two rows, which means that there are two different versions uploaded to the site. The difference can be obvious and relevant, but not always the case as all contents are uploaded by user, not driven by the operators of the site.

For instance, if you see the results with one as an EPUB and another in a PDF, it simply means that PDF is a paper look-a-like format, with its upsides and downsides. But, for electronic use (computer, tablet, phone), you will want to go for EPUB.

It offers a meta-search engine that searches also other sites where the books are hosted, while the direct download links are distinct from the outside hosted contents, and the outside ones are usually slow so you should not use it if the eBook is really large.

The direct downloads are faster, but it doesn’t always have all the books you are searching for as they sort to comply with DMCA requests.

Additional tip: If you find that http://gen.lib.rus.ec/ is blocked in your region, you can use one of the many open proxies, such as hide.me to access the site.

Library Genesis (LibGen): Steps to download Free eBooks from LibGen safely

Subscribe to: Posts (Atom)