- ctrlq.org/screenshots – for capturing screenshots of web pages on mobile and desktops.
- dictation.io – online voice recognition in the browser itself.
- zerodollarmovies.com – find full-length movies on YouTube.
- screenr.com – record movies of your desktop and send them straight to YouTube.
- goo.gl – shorten long URLs and convert URLs into QR codes.
- unfurlr.come – find the original URL that’s hiding behind a short URL.
- qClock – find the local time of a city using a Google Map.
- copypastecharacter.com – copy special characters that aren’t on your keyboard.
- postpost.com – a better search engine for twitter.
- lovelycharts.com – create flowcharts, network diagrams, sitemaps, etc.
- iconfinder.com – the best place to find icons of all sizes.
- office.com – download templates, clipart and images for your Office documents.
- followupthen.com – the easiest way to setup email reminders.
- jotti.org – scan any suspicious file or email attachment for viruses.
- wolframalpha.com – gets answers directly without searching – see more wolfram tips.
- printwhatyoulike.com – print web pages without the clutter.
- joliprint.com – reformats news articles and blog content as a newspaper.
- ctrql.org/rss – a search engine for RSS feeds.
- e.ggtimer.com – a simple online timer for your daily needs.
- coralcdn.org – if a site is down due to heavy traffic, try accessing it through coral CDN.
- random.org – pick random numbers, flip coins, and more.
- pdfescape.com – lets you can quickly edit PDFs in the browser itself.
- tubemogul.com – simultaneously upload videos to YouTube and other video sites.
- scr.im – share you email address online without worrying about spam.
- spypig.com – now get read receipts for your email.
- sizeasy.com – visualize and compare the size of any product.
- myfonts.com/WhatTheFont – quickly determine the font name from an image.
- google.com/webfonts – a good collection of open source fonts.
- regex.info – find data hidden in your photographs – see more EXIF tools.
- livestream.com – broadcast events live over the web, including your desktop screen.
- iwantmyname.com – helps you search domains across all TLDs.
- homestyler.com – design from scratch or re-model your home in 3d.
- join.me – share you screen with anyone over the web.
- onlineocr.net – recognize text from scanned PDFs – see other OCR tools.
- flightstats.com – Track flight status at airports worldwide.
- wetransfer.com – for sharing really big files online.
- hundredzeros.com – the site lets you download free Kindle books.
- polishmywriting.com – check your writing for spelling or grammatical errors.
- marker.to – easily highlight the important parts of a web page for sharing.
- typewith.me – work on the same document with multiple people.
- whichdateworks.com – planning an event? find a date that works for all.
- everytimezone.com – a less confusing view of the world time zones.
- gtmetrix.com – the perfect tool for measuring your site performance online.
- noteflight.com – print music sheets, write your own music online (review).
- imo.im – chat with your buddies on Skype, Facebook, Google Talk, etc. from one place.
- translate.google.com – translate web pages, PDFs and Office documents.
- kleki.com – create paintings and sketches with a wide variety of brushes.
- similarsites.com – discover new sites that are similar to what you like already.
- wordle.net – quick summarize long pieces of text with tag clouds.
- bubbl.us – create mind-maps, brainstorm ideas in the browser.
- kuler.adobe.com – get color ideas, also extract colors from photographs.
- liveshare.com – share your photos in an album instantly.
- lmgtfy.com – when your friends are too lazy to use Google on their own.
- midomi.com – when you need to find the name of a song.
- bing.com/images – automatically find perfectly-sized wallpapers for mobiles.
- faxzero.com – send an online fax for free – see more fax services.
- feedmyinbox.com – get RSS feeds as an email newsletter.
- ge.tt – qiuckly send a file to someone, they can even preview it before downloading.
- pipebytes.com – transfer files of any size without uploading to a third-party server.
- tinychat.com – setup a private chat room in micro-seconds.
- privnote.com – create text notes that will self-destruct after being read.
- boxoh.com – track the status of any shipment on Google Maps – alternative.
- chipin.com – when you need to raise funds online for an event or a cause.
- downforeveryoneorjustme.com – find if your favorite website is offline or not?
- ewhois.com – find the other websites of a person with reverse Analytics lookup.
- whoishostingthis.com – find the web host of any website.
- google.com/history – found something on Google but can’t remember it now?
- aviary.com/myna – an online audio editor that lets record, and remix audio clips online.
- disposablewebpage.com – create a temporary web page that self-destruct.
- urbandictionary.com – find definitions of slangs and informal words.
- seatguru.com – consult this site before choosing a seat for your next flight.
- sxc.hu – download stock images absolutely free.
- zoom.it – view very high-resolution images in your browser without scrolling.
- scribblemaps.com – create custom Google Maps easily.
- alertful.com – quickly setup email reminders for important events.
- picmonkey.com – Picnik is offline but PicMonkey is an even better image editor.
- formspring.me – you can ask or answer personal questions here.
- sumopaint.com – an excellent layer-based online image editor.
- snopes.com – find if that email offer you received is real or just another scam.
- typingweb.com – master touch-typing with these practice sessions.
- mailvu.com – send video emails to anyone using your web cam.
- timerime.com – create timelines with audio, video and images.
- stupeflix.com – make a movie out of your images, audio and video clips.
- safeweb.norton.com – check the trust level of any website.
- teuxdeux.com – a beautiful to-do app that looks like your paper dairy.
- deadurl.com – you’ll need this when your bookmarked web pages are deleted.
- minutes.io – quickly capture effective notes during meetings.
- youtube.com/leanback – Watch YouTube channels in TV mode.
- youtube.com/disco – quickly create a video playlist of your favorite artist.
- talltweets.com – Send tweets longer than 140 characters.
- pancake.io – create a free and simple website using your Dropbox account.
- builtwith.com – find the technology stack of any website.
- woorank.com – research a website from the SEO perspective.
- mixlr.com – broadcast live audio over the web.
- radbox.me – bookmark online videos and watch them later (review).
- tagmydoc.com – add QR codes to your documents and presentations (review).
- notes.io – the easiest way to write short text notes in the browser.
- ctrlq.org/html-mail – send rich-text mails to anyone, anonymously.
- fiverr.com – hire people to do little things for $5.
- otixo.com – easily manage your online files on Dropbox, Google Docs, etc.
Tags: cool, Free, Google, Google Maps, Google Talk, top 100, youtube
Tags: botnet, Mac OS, Mac.BackDoor.iWorm, OS X, worm
A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned.
According to a survey of traffic conducted in September by researchers at Dr. Web, over 17,000 Macs globally are part of the Mac.BackDoor.iWorm botnet, which creates a backdoor on machines running OS X. Researchers say almost a quarter of iWorm botnet are located in the US.
The most interesting thing to notice about this botnet is that it uses a special method of spreading via a search service of Reddit posts to a Minecraft server list subreddit to collect the IP addresses for its command and control (CnC) network. The user who had posted that subreddit data has now been shut down though the malware creators are likely to form another server list.
“It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and – as a search query – specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date,” the Russian company said in a statement on its website.
“The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.“
Though the researchers did not mention how Mac.BackDoor.iWorm spreads, but they shared that the “dropper” program of the malware allows it to be installed in the Library directory within the affected user’s account home folder, disguised as an Application Support directory for “JavaW” and sets itself to autostart.
Once a Mac has been infected, the software establishes a connection with the command and control server. The backdoor on the user’s system can be used to receive instructions in order to perform a variety of tasks, from stealing sensitive information to receiving or spreading other malicious software. It could also change configuration or put a Mac to sleep.
“Criminals developed this malware using C++ and Lua. It should also be noted that the backdoor makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the backdoor is launched automatically,” the company added.
The Mac.BackDoor.iWorm is likely to send spam emails, flood websites with traffic, or mine bitcoins. Most of the compromised machines are located in the US, Canada ranked second, with 1,235 comprised addresses, followed by the United Kingdom with 1,227 addresses and the rest is in Europe, Australia, the Russian Federation, Brazil and Mexico.
Tags: Mac, passwords, security, Windows
There are a large number of websites and programs that prompt end users to save passwords on their personal computer(s). Popular web browsers such as Mozilla Firefox, Internet Explorer, Google Chrome, and instant messaging software like Windows Live Messenger are capable of saving user logins and passwords on the local computer. A common task that arises for the end-user is to find stored passwords on a computer in order to recover lost or forgotten access information. Depending on the application being used, operating system, and specific user permissions, the task can be as easy as choosing some options in the OS or having to download specific tools to crack the password file hash.
How to Find Stored Passwords in Windows XP
Microsoft Windows has the capability to manage stored user names and passwords for individual users so unique software may not be required for this purpose.
Step 1 – Click on the “Start” menu button and launch the “Control Panel”.
Step 2 – Locate the “Pick a category” menu label the select “User Accounts” menu option.
Step 3 – Open the “Stored User Names and Passwords” menu option by selecting “Manage my network passwords” beneath the “Related Tasks” menu label. If you are logged in as an administrator, select your user account. Then under related tasks choose the “Manage my network passwords.”
Step 4 – View the list of stored usernames and passwords.
How to Find Stored Passwords in Windows 7
Step 1 – Click on the “Start” menu button and launch “Control Panel”.
Step 2 – Click on “User Accounts and Family Safety”, then on “User Accounts”
Step 3 – In the left pane, click “Manage your network passwords”.
How to Find Stored Passwords in Windows 8
Step 1 – Click on the “Start” menu button and launch “Control Panel”.
Step 2 – Click on “User Accounts and Family Safety”, then on “Credential Manager”
How to View Stored Passwords on a MAC
On computers than run the Mac OS X operating system, when a user tells their computer to store a password associated with an application, website, or wireless network, the information is saved on the computer’s hard drive. OS X uses the Keychain Access utility to help Mac users to look-up and manage their stored passwords.
Step 1 – Launch the OS X “Finder” by clicking the menu icon on the computer’s dock. Then, navigate to the “Utilities” folder which is located under the “Applications” section on the Mac hard drive.
Step 2 – Open the “Keychain Access” program icon to launch the password utility application. Then, select “Passwords” from the options located in the lower left corner of the program window.
Step 3 – From the list find the application, web site or network name associated with the password you want to view and double click on it. A new window showing information about it will display.
Step 4 – Click on the “Show password” checkbox to reveal the password. You will be asked to enter your user password, and click “Allow”, in order to see it. Once you do it will be visible in the “Show password” field.
How to Find Stored Passwords in Firefox
The Mozilla FireFox Password Manager application stores user names and passwords on your computer’s hard drive and will automatically enter the data when visiting websites that require the information.
Steps to Use the Mozilla FireFox Password Manager
Step 1 – Launch Mozilla Firefox by double clicking the program icon on your computer’s desktop.
Step 2 – Select the “FireFox” menu button and then click the “Options” menu choice.
Step 3 – Select the “Security” menu tab that is located at the upper portion of the “Options” window.
Step 4 – Select the “Remember Passwords for Sites” check box if not already selected.
Step 5 – Log into a website that requires a username and password. Choose the “Remember” menu button on the subsequently displayed dialog box to save a new password in the FireFox Password Manager. Alternatively, you can choose the “Never for This Site” menu option to add an exception to the Password manger.
Step 6 – Choose the “Exceptions” menu button in FireFox to view the current exception list that the web browser is configured to never save a password. Sites can be removed from this list by clicking the “Remove All” menu button (removes all exceptions) or individually by selecting a site and choosing the “Remove” button.
Step 7 – View the saved passwords in the Password Manager by selecting the “Saved Passwords” menu button. You can also remove passwords from this window by clicking the “Remove All” or “Remove” menu buttons.
Steps to Change the FireFox Password Manager Master Password
The FireFox master password is used to protect the master key for the FireFox browser on your computer. The master key is used to encrypt email passwords, web site passwords, and other potentially sensitive information stored by the Form and Password Manager on your computer.
Step 1 – Launch Mozilla FireFox by double clicking the program icon.
Step 2 – Select the “FireFox” menu button, then click the “Options” menu choice, and choose the “Security” tab.
Step 3 – If the “Use a master password” checkbox is not selected you don’t have a master password. If it is selected then click on the “Change Master Password” button.
Step 4 – Enter your current password, and then in the fields below enter and re-enter the new password you wish to set.
How to Recover Passwords Hidden Behind Asterisks
A common problem that arises for end-users is determining what passwords are saved by their web browser if they do not have access to the Password Manager or equivalent application on their computer. The BulletsPassView utility is one of the most used freeware applications capable of performing this task. The program is a tool that is designed to reveal the passwords stored behind the asterisks in the standard password text box on the Windows operating system and Internet Explorer web browsers.
Improvements made to the BulletsPassView application from the legacy Asterisk Logger utility include support for Windows 7/8/Vista, support for Internet Explorer password text boxes, improved command line support, Unicode support to properly capture non-English language passwords, and not revealing the password inside of the password text-box itself (inside of the main window of the application only). The new version of BulletsPassView does have limitations; however, as it is not able to retrieve passwords displayed in the Chrome, FireFox, or Opera web browsers as well as the network and dial-up passwords on Windows. This is due to the fact that these applications do not save the password stored behind the asterisks to improve security.
Steps to Use BulletsPassView
Step 1 – Download the appropriate version of BulletsPassView for your computer. Please note that if you are using a 64 bit Windows computer there is a different version of the software than for 32 bit computers. You can tell if your Windows computer is a 64 bit by selecting “Start,” “Control Panel,” and “System” menu options and the OS type will be listed about half-way down the subsequently displayed screen.
Step 2 – Double-click the executable file downloaded to launch the application. The BulletsPassView program does not require an installation process. On launch, the program will make a first scan to locate any password text-boxes actively displayed and show the result on the program’s main window.
Step 3 – Open a website in Internet Explorer that has a password saved which you need to recover. Then click the “Refresh” menu button on BulletsPassView or press the “F5” key on your computer to display the password. Alternatively, the application supports an “Auto Refresh” option that is selectable under the “Options” menu to automatically scan for new passwords every few minutes.
Step 4 – Open the Windows command prompt by selecting the “Start” menu button and entering “CMD” in the search text field. Then, enter the fully qualified path to the BulletsPassView application and include “/stext <Filename>” followed by pressing the “Enter” key. This will save the list of passwords currently displayed on the computer’s screen to save the information in a simple text file.
BulletsPassView Command Line Options
BulletsPassView supports a number of command line options to save on-screen data into a number of formats to include text, XML, HTML, CSV.
/stext <Filename> Save the list of bullet passwords into simple text file.
/stab <Filename> Save the list of bullet passwords into a tab-delimited text file.
/scomma <Filename> Save the list of bullet passwords into a comma-delimited text file (csv).
/stabular <Filename> Save the list of bullet passwords into a tabular text file.
/shtml <Filename> Save the list of bullet passwords into HTML file (Horizontal).
/sverhtml <Filename> Save the list of bullet passwords into HTML file (Vertical).
/sxml <Filename> Save the list of bullet passwords into XML file.
Find Stored Passwords Using Cain & Abel
Cain & Abel is able to disclose or recover stored passwords on computers using the Windows operating system (OS). The application is distributed as freeware and includes the capability to conduct password-box revealing, network sniffing, brute-force, and dictionary attacks. The application does not exploit software bugs or vulnerabilities to ensure a higher quality of service. The primary purpose of the software is to simplify the recovery of passwords and credentials for network administrators, security professionals, and security software vendors. The current version of the software is faster than previous versions and provides support for encrypted protocols such as SSH-1 and HTTPS.
Find Stored Passwords in ZIP Files Using ALZip
ALZip is freeware produced by ESTSoft and is designed to recover lost or forgotten passwords from ZIP files. ALZip allows end-users to compress, uncompress, and recover lost passwords for zip file archives. The application has a “Password Recovery” menu option that when selected will recover the lost information for the end-user.
Other Popular Password Recovery Tools
Some of the other popular password recovery tools found are the freeware utilities produced by NirSoftFreeware, Ultimate ZIP Cracker, and the Password Recovery Tool for MS Access 1.
NirSoftFreeware has a number of handy freeware utilities for recovering lost passwords from IE, Outlook, and various Instant Messaging clients.
Ultimate ZIP Cracker (shareware from VDGSoftware) recovers passwords from ZIP, ARJ, MS Word, and MS Excel formats. The program supports Brute Force attacks, Smart, Dictionary, Date, and Customized searches when recovering passwords associated with the supported file formats.
Password Recovery Tool for MS Access 1 (from Hongxin Technology & Trade) is a free tool to recover MS Access passwords. The application provides support for MS Access database files through the 2003 version. The ability to recover passwords for newer versions of Access is not stated to be supported.
The six-year old Conficker worm is still a major presence in the threat landscape, accounting for 38% of all detections in the first half of 2014, according to security vendor F-Secure’s latest Threat Report.
The Finnish firm’s H1 round-up found, by contrast, that detection’s of malicious Java plug-ins in the browser dropped from over 40% last year to just 11% in the first six months of 2014.
“Finally, the current versions of Java are such that there are too many hurdles in the way for Java to be easily exploited,” commented security adviser Sean Sullivan during a webcast to discuss the report.
F-Secure chief research officer, Mikko Hypponen, added that Conficker’s persistence is likely down to regions in which there are still a large number of legacy systems and high piracy rates. Brazil, for example, was the number one country when it came to Conficker detection’s, he said.
“When you’re running pirated versions of applications or the operating system itself patching is more problematic, so you have more security problems,” Hypponen added.
Web-based attacks, during which malware redirects the victim’s browser to malicious sites, accounted for 20% of detection’s, with ‘other’ taking up the remaining 38%.
Elsewhere, F-Secure spotted 25 new malware variants specifically targeting Mac machines.
Although their capabilities and distribution methods are becoming more sophisticated, Hypponen claimed that “the situation isn’t out of hand” on the Apple platform, relative to Windows PCs and Android mobile devices for which there are far greater numbers of malware variants.
The Google mobile platform, for example, witnessed 294 new malware families or variants in the first half of this year, compared to just one for the more tightly controlled iOS ecosystem, according to the report.
The other notable trend of the period was a growth in ransomware activity on desktop and mobile platforms, with the likes of Cryptolocker, Koler, Slocker and other malware all causing problems for users, said F-Secure.
Tags: Apple, backdoor, FireEye, GREF, Malware
“We track this threat group as “GREF” due to their propensity to use a variety of Google references in their activities – some of which will be outlined later in this report. Our tracking of GREF dates back to at least the 2009 timeframe, but we believe they were active prior to this time as well.” researcher said.
“The backdoor code was ported to OS X from a Windows backdoor that has been used extensively in targeted attacks over the past several years, having been updated many times in the process,” security researchers from FireEye said Thursday in a blog post.
Originally posted on Naked Security:
The FBI says it is investigating the alleged theft of nude and other photos of female celebrities, including Jennifer Lawrence and Rihanna.
FBI Spokesperson Laura Eimiller told NBC News:
The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. Any further comment would be inappropriate at this time.
Meanwhile, Apple also said that it is “actively investigating” the theft of personal images after it was alleged that its iCloud service was exploited by the person who posted the photos online. Speaking to Recode, Apple spokeswoman Natalie Kerris said:
We take user privacy very seriously and are actively investigating this report.
Though it hasn’t been confirmed, many sources have speculated that the photos were stolen from iCloud accounts.
Actress Kirsten Dunst, also named on the list, appears to think her photos were taken…
View original 294 more words
Tags: August, BSOD, Microsoft
The offending Microsoft patch identified as MS 14-045, one of the nine updates which fixes three security issues including one in the Windows kernel – the heart of the operating system – can cause system crashes forcing users to reboot it.
“Microsoft revised this bulletin to address known issues associated with installation of security update 2982791. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. Microsoft recommends that customers uninstall this update.”
- 2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
- 2970228 Update to support the new currency symbol for the Russian ruble in Windows
- 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
- 2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012