Privacy Policy

Ajouter une légende

Effective date: June 29, 2018
new-teech ("us", "we", or "our") operates the https://new-teecch.blogspot.com website (the "Service").
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. This Privacy Policy for new-teech is powered by TermsFeed.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://new-teecch.blogspot.com

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:

• Cookies and Usage Data

Usage Data

We may also collect information how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.
• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
• Security Cookies. We use Security Cookies for security purposes.

Use of Data

new-teech uses the collected data for various purposes:

• To provide and maintain the Service
• To notify you about changes to our Service
• To allow you to participate in interactive features of our Service when you choose to do so
• To provide customer care and support
• To provide analysis or valuable information so that we can improve the Service
• To monitor the usage of the Service
• To detect, prevent and address technical issues

Transfer Of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside Tunisia and choose to provide information to us, please note that we transfer the data, including Personal Data, to Tunisia and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
new-teech will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure Of Data

Legal Requirements

new-teech may disclose your Personal Data in the good faith belief that such action is necessary to:

• To comply with a legal obligation
• To protect and defend the rights or property of new-teech
• To prevent or investigate possible wrongdoing in connection with the Service
• To protect the personal safety of users of the Service or the public
• To protect against legal liability

Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

• Clicky
  Clicky is a web analytics service. Read the Privacy Policy for Clicky here: https://clicky.com/terms
  

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

• By mail: koukihamza33.technology@blogger.com

Fileless Malware: Why You Should Care

It's a truism that just like organizations adapt, so too do criminals. For example, anyone who has ever seen a Wells Fargo commercial knows that there was a time when stagecoaches were a normative method for transporting cash and valuables. But what modern criminals in their right mind would attempt robbing a Brink's truck on horseback? While that strategy might have worked well in the days of the Pony Express, attempting it in now would be out of touch and inefficient.

This is an intentionally extreme example to make a point: Criminals adapt to keep pace in the same way that organizations adapt. With a veritable renaissance in technology use under way, criminals have been advancing their methods of attack just like organizations have been advancing their methods for conducting business.

One of the more recent developments in attacker tradecraft is so-called "fileless malware." This trend -- which emerged a few years ago but gained significant prominence in late 2016 and throughout 2017 -- refers to malware that is designed specifically and architected to not require -- or in fact interact with at all -- the filesystem of the host on which it runs.

It is important for technology pros to be alert to this, because it impacts them in several different ways.

First, it alters what they should watch for when analyzing attacker activity. Because fileless malware has different characteristics from traditional malware, it requires looking for different indicators.

Second, it impacts how practitioners plan and execute their response to a malware situation. One of the reasons attackers employ this method is that it circumvents many of the techniques that typically are employed to mitigate attacks.

However, there are some things practitioners can and should do to keep their organizations protected.

What Is It?

Also sometimes referred to as "non-malware," fileless malware leverages on-system tools such as PowerShell, macros (e.g. in Word), Windows Management Instrumentation (i.e., the apparatus in Windows designed for telemetry gathering and operations management), or other on-system scripting functionality to propagate, execute and perform whatever tasks it was developed to perform.

Because these tools are so powerful and flexible on a modern operating system, malware that employs them can do most of what traditional malware can do -- from snooping on user behavior to data collection and exfiltration, to cryptocurrency mining, or pretty much anything else that an attacker might want to do to forward an infiltration campaign.

By design, an attacker employing this technique will refrain from writing information to the filesystem. Why? Because the primary defense strategy for detecting malicious code is file scanning.

Think about how a typical malware detection tool works: It will look through all files on the host -- or a subset of important files -- searching out malware signatures against a known list. By keeping clear of the filesystem, fileless malware leaves nothing to detect. That gives an attacker a potentially much longer "dwell time" in an environment before detection. It's an effective strategy.

Now, fileless malware is by no means entirely new. Folks might remember specific malware (e.g., the Melissa virus in 1999) that caused plenty of disruption while interacting only minimally, if at all, with the filesystem.

What is different now is that attackers specifically and deliberately employ these techniques as an evasion strategy. As one might expect, given its efficacy, use of fileless malware is on the rise.

Fileless attacks are more likely to be successful than file-based attacks by an order of magnitude (literally 10 times more likely), according to the 2017 "State of Endpoint Security Risk" report from Ponemon. The ratio of fileless to file-based attacks grew in 2017 and is forecasted to continue to do grow this year.

Prevention Strategies

There are a few direct impacts that organizations should account for as a result of this trend.

First, there is the impact on the methods used to detect malware. There is also, by extension, an impact on how organizations might collect and preserve evidence in an investigation context. Specifically, since there are no files to collect and preserve, it complicates the usual technique of capturing the contents of the filesystem and preserving them in "digital amber" for courtroom or law enforcement purposes.

Despite these complexities, organizations can take steps to insulate themselves from many fileless attacks.

First is patching and maintaining a hardened endpoint. Yes, this is frequently offered advice, but it is valuable not only to combat fileless malware attacks, but also for a host of other reasons -- my point being, it's important.

Another piece of commonly offered advice is to get the most from the malware detection and prevention software that already is in place. For example, many endpoint protection products have a behavior-based detection capability that can be enabled optionally. Turning it on is a useful starting point if you have not already done so.

Thinking more strategically, another useful item to put in the hopper is to take a systematic approach to locking down the mechanisms used by this malware and increasing visibility into its operation. For example, PowerShell 5 includes expanded and enhanced logging capabilities that can give the security team greater visibility into how it's being used.

In fact, "script block logging" keeps a record of what code is executed (i.e., executed commands), which can be used both to support detective capability and to maintain a record for use in subsequent analysis and investigation.

Of course, there are other avenues that an attacker might leverage beyond PowerShell -- but thinking it through ahead of time -- investing the time to know what you're up against and to plan accordingly -- is a good starting point.
Source : www.technewsworld.com

How to Back Up iPhone Data to an External Drive

A recent incident reminded me of the importance of backing up one's phone regularly. Soon after carrying my recycling out to the curbside, I realized I had misplaced my 6-month-old iPhone. Cue brief panic, followed by deep concern that I'd somehow tossed my device into that transparent bag I'd left outside for the world to see.

That led me to yelling "Hey, Siri" a few times around my apartment until the familiar chime sounded, revealing my trusty phone was hiding on a stepladder underneath a coat. Phew.

I have no idea how or why I managed to leave my phone there, but had I not found it, the situation could have been much worse: It had been months since I'd backed up my data. I was lucky to escape what could have been a potential disaster caused by my absent-minded tendencies.

Save Main Drive Space

I bought my current laptop a little over a year ago and actually had some trouble managing backups at first. My partner and I use the same computer for backing up our phones, but with ever-increasing device storage capacities and solid-state hard drives still somewhat expensive, despite featuring in more and more systems, space is at a premium.

Apple demands a lot of storage for its backups, especially since it often stores multiple versions. A 256-GB hard drive to run one's system and keep data safe is just not enough anymore.

The thing is, Apple does not make it easy to sync backups to an external drive automatically. Typically, iPhone owners will plug in their devices, and Apple will create a directory on the main hard drive and stuff the backup there. That's easy, and it's probably enough for most people. Forcing iTunes to store the backup elsewhere requires a redirect trick.

Using Windows 10

Here's how I solved the problem on my Windows 10 machine. First, since I had the capacity on my current drive (but only just), I created an iPhone backup using the regular iTunes sync method to the default location, just in case any mishaps should occur. I went to the folder Apple uses to store backups, typically this one:

C:\Users\[Username]\AppData\Roaming\Apple Computer\MobileSync\Backup

You should replace [Username] with your own actual username, naturally.

You'll want to copy that folder to your desired new backup location, and then either delete the original Backup folder or rename it as "BackupOld." Then hold the shift key and click the right mouse button to open a command window. There, enter the following:

mklink /J "%APPDATA%\Apple Computer\MobileSync\Backup" "[External Drive]:\iTunes Backup"

Of course, you'll replace [External Drive] with your actual drive letter.

You can add subfolders here too if you like to keep your storage as organized as possible. So, something like this would work just fine:

E:\MyBackups\iTunes Backup

Then you can close the command prompt window, and try an iPhone backup to see if it works.

Using macOS

The steps are similar for Mac systems. You should find the standard backup folder here:

~/Library/Application Support/MobileSync/

Copy, then remove or rename the Backup folder. Then open a terminal and type this:

ln -s /Volumes/[External Drive]/MobileSync/Backup ~/Library/Application\ Support/MobileSync/Backup

Close the terminal and then try an iPhone backup to see if it works.

Better Safe Than Sorry

Even if you have a main hard drive large enough to handle your backups without any concern, shuttling your data to an external drive has its advantages. It can act as an off-system failsafe in case your computer's drive collapses beyond repair. It also frees up the main drive, which hopefully will keep your computer working snappily for a little longer.

In either case, please remember to back up your phone regularly. And maybe don't put yourself in a situation where you wonder for 15 minutes if you tossed it out with the recycling.
Source : www.technewsworld.com

PGP: 'Serious' flaw found in secure email tech

A widely used method of encrypting emails has been found to suffer from a serious vulnerability, researchers say.

PGP (Pretty Good Privacy) is a data encryption method sometimes added to programs that send and receive email.

Details about the vulnerability were released by the Suddeutsche Zeitung newspaper prior to a scheduled embargo.

Previously, the Electronic Frontier Foundation (EFF) had advised immediately disabling email tools that automatically decrypted PGP.

The problem had been investigated by Sebastian Schinzel, at Munster University of Applied Sciences.

After the embargo on releasing details about the vulnerability was lifted, Mr Schinzel and colleagues published their research revealing how the attack on PGP emails worked.

A website explaining the issue has also now been made public.

Mr Schinzel has been contacted by the BBC for comment.

There was initially concern among cyber-security researchers that the issue affected the core protocol of PGP - meaning that all uses of the encryption method, including file encryption, could be made vulnerable.

However, one provider of software that can encrypt data using PGP explained the problem specifically concerned email programs that failed to check for decryption errors properly before following links in emails that included HTML code.

The issue had been "overblown" by the EFF, said Werner Koch, of GnuPG.
His colleague Robert Hansen said on Twitter that the issue had been known about for some time.

He argued it wasn't really a vulnerability in the OpenPGP system but rather in email programs that had been designed without appropriate safeguards.

'Real secrets' risked

Security expert Mikko Hypponen, at F-Secure, said his understanding was that the vulnerability could in theory be used to decrypt a cache of encrypted emails sent in the past, if an attacker had access to such data.

"This is bad because the people who use PGP use it for a reason," he told the BBC.

"People don't use it for fun - people who use it have real secrets, like business secrets or confidential things."

Alan Woodward, at the University of Surrey, agreed, adding: "It does have some big implications as it could lead to a channel for sneaking data off devices as well as for decrypting messages."

The researchers have said that users of PGP email can disable HTML in their mail programs to stay safe from attacks based on the vulnerability.

It is also possible to decrypt emails with PGP decryption tools separate from email programs.
Source : http://www.bbc.com/news/technology-44107570